4778081866
OpenSSH kexgex.c source code analysis: - KEXINIT payload stored without SSH_MSG_KEXINIT type byte - Exchange hash prepends SSH_MSG_KEXINIT byte (20) with adjusted length Before fix: - client_kexinit_payload included SSH_MSG_KEXINIT byte - Direct use without prepending After fix: - Remove SSH_MSG_KEXINIT byte from payload - Prepend byte (20) in exchange hash with length+1 - Both kex_exchange.rs and kex_complete.rs updated Testing result: MAC still fails, indicating additional encoding issues Next: Detailed comparison of all exchange hash components
72 KiB
72 KiB