Fix bug where ext-info-c was incorrectly advertised during rekeying.

According to RFC 8308 section 2.1, ext-info-c should only advertised during the first key exchange.
mwiede · Sep 8, 2021 · 9456e8a · 9456e8a
1 parent 4144773
commit 9456e8a
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -1,5 +1,7 @@
 * [0.1.67](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.67)
   * Added support for the blowfish-ctr algorithm from [RFC 4344](https://datatracker.ietf.org/doc/html/rfc4344)
+  * Fix bug where ext-info-c was incorrectly advertised during rekeying
+    * According to [RFC 8308 section 2.1](https://datatracker.ietf.org/doc/html/rfc8308#section-2.1), ext-info-c should only advertised during the first key exchange
 * [0.1.66](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.66)
   * Added support for [RFC 8308](https://datatracker.ietf.org/doc/html/rfc8308) extension negotiation and server-sig-algs extension
     * This support is enabled by default, but can be controlled via the enable_server_sig_algs config option (or `jsch.enable_server_sig_algs` system property)

diff --git a/src/main/java/com/jcraft/jsch/Session.java b/src/main/java/com/jcraft/jsch/Session.java
@@ -701,7 +701,7 @@ private void send_kexinit() throws Exception {
     }
 
     String enable_server_sig_algs=getConfig("enable_server_sig_algs");
-    if(enable_server_sig_algs.equals("yes")){
+    if(enable_server_sig_algs.equals("yes") && !isAuthed){
       kex+=",ext-info-c";
     }