SSH2: ignore [email protected] in key re-exchanges

phpseclib/Net/SSH2.php

@@ -1143,6 +1143,19 @@ class Net_SSH2
      */
     var $kex_buffer = array();
 
+    /**
+     * Strict KEX Flag
+     *
+     * If [email protected] is present in the first KEX packet it need not
+     * be present in subsequent packet
+     *
+     * @see self::_key_exchange()
+     * @see self::exec()
+     * @var array
+     * @access private
+     */
+    var $strict_kex_flag = false;
+
     /**
      * Default Constructor.
      *
@@ -1658,9 +1671,14 @@ function _key_exchange($kexinit_payload_server = false)
         $temp = unpack('Nlength', $this->_string_shift($response, 4));
         $this->kex_algorithms = explode(',', $this->_string_shift($response, $temp['length']));
         if (in_array('[email protected]', $this->kex_algorithms)) {
-            if ($this->session_id === false && count($this->kex_buffer)) {
-                user_error('Possible Terrapin Attack detected');
-                return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
+            if ($this->session_id === false) {
+                // [[email protected] is] only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored
+                // if [it is] present in subsequent SSH2_MSG_KEXINIT packets
+                $this->strict_kex_flag = true;
+                if (count($this->kex_buffer)) {
+                    user_error('Possible Terrapin Attack detected');
+                    return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
+                }
             }
         }
 
@@ -2051,7 +2069,7 @@ function _key_exchange($kexinit_payload_server = false)
 
         $this->keyExchangeInProgress = false;
 
-        if (in_array('[email protected]', $this->kex_algorithms)) {
+        if ($this->strict_kex_flag) {
             $this->get_seq_no = $this->send_seq_no = 0;
         }