search for: ssh_blocksiz

...============== RCS file: /cvs/openssh/deattack.c,v retrieving revision 1.15 diff -u -r1.15 deattack.c --- openssh/deattack.c 5 Mar 2002 01:53:05 -0000 1.15 +++ openssh/deattack.c 22 Aug 2003 05:34:05 -0000 @@ -112,20 +112,26 @@ if (len <= HASH_MINBLOCKS) { for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) { if (IV && (!CMP(c, IV))) { - if ((check_crc(c, buf, len, IV))) + if ((check_crc(c, buf, len, IV))) { + if (h) + xfree(h); return (DEATTACK_DETECTED); - else + } else break; } for (d = buf; d < c; d += SSH_BLOCKSIZE) { if (!CMP(c, d)) { -...

...*IV) { static word16 *h = (word16 *) NULL; (*) static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE; register word32 i, j; word32 l; ... buf is the ssh packet received, len is the length of that packet The received packet is comprised of several blocks of ciphertext of size SSH_BLOCKSIZE and each of them is checked against the others to verify that different packets dont have the same CRC value, such behavior is symptom of an attack. The detection is done using a hash table that is dynamically allocated based on the size of the received packet. ... for (l = n; l < HASH_...