search for: deattack_detected

...22 Aug 2003 05:34:05 -0000 @@ -112,20 +112,26 @@ if (len <= HASH_MINBLOCKS) { for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) { if (IV && (!CMP(c, IV))) { - if ((check_crc(c, buf, len, IV))) + if ((check_crc(c, buf, len, IV))) { + if (h) + xfree(h); return (DEATTACK_DETECTED); - else + } else break; } for (d = buf; d < c; d += SSH_BLOCKSIZE) { if (!CMP(c, d)) { - if ((check_crc(c, buf, len, IV))) + if ((check_crc(c, buf, len, IV))) { + if (h) + xfree(h); return (DEATTACK_DETECTED); - else + } else break;...

...0500 @@ -137,7 +137,7 @@ detect_attack(u_char *buf, u_int32_t len for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; i = (i + 1) & (n - 1)) { if (h[i] == HASH_IV) { - if (!CMP(c, IV)) { + if (IV && !CMP(c, IV)) { if (check_crc(c, buf, len, IV)) return (DEATTACK_DETECTED); else

...r (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) { (*) for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; i = (i + 1) & (n - 1)) { if (h[i] == HASH_IV) { if (!CMP(c, IV)) { if (check_crc(c, buf, len, IV)) return (DEATTACK_DETECTED); else break; } } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) { if (check_crc(c, buf, len, IV)) return (DEATTACK_DETECTED); else break; } } (*) h[i] = j; } A would-be attacker does not need to authentica...