From 2fe0eabeaac874d07a50959fec31bea4d1cc19e5 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sat, 7 Dec 2024 14:33:44 -0600 Subject: [PATCH] SSH2: ignore kex-strict-s-v00@openssh.com in key re-exchanges --- phpseclib/Net/SSH2.php | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index 1dae490eb..6f47a55c0 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -1143,6 +1143,19 @@ class Net_SSH2 */ var $kex_buffer = array(); + /** + * Strict KEX Flag + * + * If kex-strict-s-v00@openssh.com is present in the first KEX packet it need not + * be present in subsequent packet + * + * @see self::_key_exchange() + * @see self::exec() + * @var array + * @access private + */ + var $strict_kex_flag = false; + /** * Default Constructor. * @@ -1658,9 +1671,14 @@ function _key_exchange($kexinit_payload_server = false) $temp = unpack('Nlength', $this->_string_shift($response, 4)); $this->kex_algorithms = explode(',', $this->_string_shift($response, $temp['length'])); if (in_array('kex-strict-s-v00@openssh.com', $this->kex_algorithms)) { - if ($this->session_id === false && count($this->kex_buffer)) { - user_error('Possible Terrapin Attack detected'); - return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED); + if ($this->session_id === false) { + // [kex-strict-s-v00@openssh.com is] only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored + // if [it is] present in subsequent SSH2_MSG_KEXINIT packets + $this->strict_kex_flag = true; + if (count($this->kex_buffer)) { + user_error('Possible Terrapin Attack detected'); + return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED); + } } } @@ -2051,7 +2069,7 @@ function _key_exchange($kexinit_payload_server = false) $this->keyExchangeInProgress = false; - if (in_array('kex-strict-s-v00@openssh.com', $this->kex_algorithms)) { + if ($this->strict_kex_flag) { $this->get_seq_no = $this->send_seq_no = 0; }