diff options
author | Iru Cai <mytbk920423@gmail.com> | 2018-04-30 15:16:52 +0800 |
---|---|---|
committer | Iru Cai <mytbk920423@gmail.com> | 2018-04-30 15:18:50 +0800 |
commit | 479c939a939023b8a967f6b36edacbac88c566c8 (patch) | |
tree | 46634a98c88573d0cafc3d277510898677f26a55 | |
parent | ba040b0949ec5ca6dcc5e9bb270412ac670f975f (diff) | |
download | fqterm-479c939a939023b8a967f6b36edacbac88c566c8.tar.xz |
Fix SSH MAC verification
-rw-r--r-- | src/protocol/internal/fqterm_ssh2_packet.cpp | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/src/protocol/internal/fqterm_ssh2_packet.cpp b/src/protocol/internal/fqterm_ssh2_packet.cpp index 28c7847..6b95972 100644 --- a/src/protocol/internal/fqterm_ssh2_packet.cpp +++ b/src/protocol/internal/fqterm_ssh2_packet.cpp @@ -194,17 +194,21 @@ void FQTermSSH2PacketReceiver::parseData(FQTermSSHBuffer *input) { // 3. check MAC if (is_mac_) { - int digest_len = mac->dgstSize; - std::vector<u_char> digest(digest_len); - mac->getmac(mac, input->data(), expected_input_len - digest_len, &digest[0]); + int digest_len = mac->dgstSize; + std::vector<u_char> digest(digest_len); - u_char *received_digest = input->data() + expected_input_len - digest_len; + FQTermSSHBuffer buffer(4 + expected_input_len - digest_len); + buffer.putInt(sequence_no_); + buffer.putRawData((const char *)input->data(), expected_input_len - digest_len); + mac->getmac(mac, buffer.data(), buffer.len(), &digest[0]); - if (memcmp(&digest[0], received_digest, digest_len) == 0) { - FQ_TRACE("ssh2packet", 0) << "incorrect MAC."; - return ; - } - } + u_char *received_digest = input->data() + expected_input_len - digest_len; + + if (memcmp(&digest[0], received_digest, digest_len) != 0) { + emit packetError("incorrect MAC."); + return ; + } + } // 4. get every field of the ssh packet. packet_len = input->getInt(); |