Skip to content

Commit

Permalink
Enforce DHGEX prime modulus bit length meets configured constraints.
Browse files Browse the repository at this point in the history
  • Loading branch information
norrisjeremy committed Jul 11, 2024
1 parent 661c474 commit 0c58188
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 6 deletions.
2 changes: 2 additions & 0 deletions ChangeLog.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
* [0.2.19](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.19)
* Enforce DHGEX prime modulus bit length meets configured constraints.
* [0.2.18](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.18)
* Handle negated patterns according to ssh_config(5) by @bmiddaugh in https://github.com/mwiede/jsch/pull/565
* [0.2.17](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.17)
Expand Down
14 changes: 8 additions & 6 deletions src/main/java/com/jcraft/jsch/DHGEX.java
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@

package com.jcraft.jsch;

import java.math.BigInteger;

abstract class DHGEX extends KeyExchange {

private static final int SSH_MSG_KEX_DH_GEX_GROUP = 31;
Expand Down Expand Up @@ -79,8 +81,7 @@ public void init(Session session, byte[] V_S, byte[] V_C, byte[] I_S, byte[] I_C
min = Integer.parseInt(session.getConfig("dhgex_min"));
max = Integer.parseInt(session.getConfig("dhgex_max"));
preferred = Integer.parseInt(session.getConfig("dhgex_preferred"));
if (checkInvalidSize(min) || checkInvalidSize(max) || checkInvalidSize(preferred)
|| preferred < min || max < preferred) {
if (min <= 0 || max <= 0 || preferred <= 0 || preferred < min || preferred > max) {
throw new JSchException(
"Invalid DHGEX sizes: min=" + min + " max=" + max + " preferred=" + preferred);
}
Expand Down Expand Up @@ -127,6 +128,11 @@ public boolean next(Buffer _buf) throws Exception {
p = _buf.getMPInt();
g = _buf.getMPInt();

int bits = new BigInteger(1, p).bitLength();
if (bits < min || bits > max) {
return false;
}

dh.setP(p);
dh.setG(g);
// The client responds with:
Expand Down Expand Up @@ -237,8 +243,4 @@ public boolean next(Buffer _buf) throws Exception {
public int getState() {
return state;
}

static boolean checkInvalidSize(int size) {
return (size < 1024 || size > 8192 || size % 1024 != 0);
}
}

0 comments on commit 0c58188

Please sign in to comment.