From 08677d65b1909f69cf7f0aa24899c79dce379091 Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Thu, 19 Sep 2019 22:25:30 -0400 Subject: [PATCH] Added potential fix for additional crash against Sun_SSH. --- ssh-audit.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ssh-audit.py b/ssh-audit.py index 3eb4871..0417d8b 100755 --- a/ssh-audit.py +++ b/ssh-audit.py @@ -2210,6 +2210,11 @@ class KexDH(object): # pragma: nocover # key blob (from which the fingerprint can be calculated). def recv_reply(self, s, parse_host_key_size=True): packet_type, payload = s.read_packet(2) + + # Skip any & all MSG_DEBUG messages. + while packet_type == SSH.Protocol.MSG_DEBUG: + packet_type, payload = s.read_packet(2) + if packet_type != -1 and packet_type not in [SSH.Protocol.MSG_KEXDH_REPLY, SSH.Protocol.MSG_KEXDH_GEX_REPLY]: # TODO: change Exception to something more specific. raise Exception('Expected MSG_KEXDH_REPLY (%d) or MSG_KEXDH_GEX_REPLY (%d), but got %d instead.' % (SSH.Protocol.MSG_KEXDH_REPLY, SSH.Protocol.MSG_KEXDH_GEX_REPLY, packet_type))