Skip to content

Commit 5f2bc9c

Browse files
djmdjmdjmdjm
committed
upstream: avoid possible NULL deref if
ssh_packet_check_rekey_blocklimit() called before the encrypted transport is brought up. OpenBSD-Commit-ID: fb998ccbe59865e33a8ab6a6577f254d39bdc72f
1 parent b9c3187 commit 5f2bc9c

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

packet.c

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/* $OpenBSD: packet.c,v 1.329 2025/12/30 00:35:37 djm Exp $ */
1+
/* $OpenBSD: packet.c,v 1.330 2025/12/30 04:23:53 djm Exp $ */
22
/*
33
* Author: Tatu Ylonen <ylo@cs.hut.fi>
44
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1096,6 +1096,9 @@ ssh_packet_check_rekey_blocklimit(struct ssh *ssh, u_int packet_len, int hard)
10961096
state->p_read.packets > MAX_PACKETS)
10971097
return 1;
10981098

1099+
if (state->newkeys == NULL)
1100+
return 0;
1101+
10991102
/* Rekey after (cipher-specific) maximum blocks */
11001103
out_blocks = ROUNDUP(packet_len,
11011104
state->newkeys[MODE_OUT]->enc.block_size);

0 commit comments

Comments
 (0)