Git/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2024-11-25 03:51:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed crash during GEX tests.

Browse Source
This commit is contained in:
Joe Testa 2023-07-11 11:08:42 -04:00
parent 83e90729e2
commit 3f2fdbaa3d
2 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -182,6 +182,7 @@ For convenience, a web front-end on top of the command-line tool is available at
- Results from concurrent scans against multiple hosts are no longer improperly combined; bug discovered by [Adam Russell](https://github.com/thecliguy). - Results from concurrent scans against multiple hosts are no longer improperly combined; bug discovered by [Adam Russell](https://github.com/thecliguy).
- Hostname resolution failure no longer causes scans against multiple hosts to terminate unexpectedly; credit [Dani Cuesta](https://github.com/daniel-cues). - Hostname resolution failure no longer causes scans against multiple hosts to terminate unexpectedly; credit [Dani Cuesta](https://github.com/daniel-cues).
- Algorithm recommendations resulting from warnings are now printed in yellow instead of red; credit [Adam Russell](https://github.com/thecliguy). - Algorithm recommendations resulting from warnings are now printed in yellow instead of red; credit [Adam Russell](https://github.com/thecliguy).
- Fixed crash during GEX tests.
- Added 1 new key exchange: `curve448-sha512@libssh.org`. - Added 1 new key exchange: `curve448-sha512@libssh.org`.
### v2.9.0 (2023-04-29) ### v2.9.0 (2023-04-29)

24
src/ssh_audit/kexdh.py
View File

@ -26,6 +26,7 @@ import binascii
import os import os
import random import random
import struct import struct
import traceback
# pylint: disable=unused-import # pylint: disable=unused-import
from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401 from typing import Dict, List, Set, Sequence, Tuple, Iterable # noqa: F401
@ -375,19 +376,22 @@ class KexGroupExchange(KexDH):
while packet_type == Protocol.MSG_DEBUG: while packet_type == Protocol.MSG_DEBUG:
packet_type, payload = s.read_packet(2) packet_type, payload = s.read_packet(2)
# Parse the modulus (p) and generator (g) values from the server. try:
ptr = 0 # Parse the modulus (p) and generator (g) values from the server.
p_len = struct.unpack('>I', payload[ptr:ptr + 4])[0] ptr = 0
ptr += 4 p_len = struct.unpack('>I', payload[ptr:ptr + 4])[0]
ptr += 4
p = int(binascii.hexlify(payload[ptr:ptr + p_len]), 16) p = int(binascii.hexlify(payload[ptr:ptr + p_len]), 16)
ptr += p_len ptr += p_len
g_len = struct.unpack('>I', payload[ptr:ptr + 4])[0] g_len = struct.unpack('>I', payload[ptr:ptr + 4])[0]
ptr += 4 ptr += 4
g = int(binascii.hexlify(payload[ptr:ptr + g_len]), 16) g = int(binascii.hexlify(payload[ptr:ptr + g_len]), 16)
ptr += g_len ptr += g_len
except struct.error:
raise KexDHException("Error while parsing modulus and generator during GEX init: %s" % str(traceback.format_exc())) from None
# Now that we got the generator and modulus, perform the DH exchange # Now that we got the generator and modulus, perform the DH exchange
# like usual. # like usual.