Fix a memory exhaustion bug in the key exchange, whereby an unauthenticated user
could potentially consume 38400 MB of memory on the server:

http://seclists.org/oss-sec/2016/q4/185

Patch adapted from upstream source repository:

https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad

From ec165c392ca54317dbe3064a8c200de6531e89ad Mon Sep 17 00:00:00 2001
From: "markus@openbsd.org" <markus@openbsd.org>
Date: Mon, 10 Oct 2016 19:28:48 +0000
Subject: [PATCH] upstream commit

Unregister the KEXINIT handler after message has been
received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
allocation of up to 128MB -- until the connection is closed. Reported by
shilei-c at 360.cn

Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05
---
 kex.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kex.c b/kex.c
index 3f97f8c..6a94bc5 100644
--- a/kex.c
+++ b/kex.c
@@ -481,6 +481,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
 	if (kex == NULL)
 		return SSH_ERR_INVALID_ARGUMENT;
 
+	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
 	ptr = sshpkt_ptr(ssh, &dlen);
 	if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
 		return r;
-- 
2.10.1

on.ac?id=f7b1b22e4b0b5c6867bbfed362b0ebd4e5480507'>tree</a><a href='/guix/commit/config-daemon.ac?id=f7b1b22e4b0b5c6867bbfed362b0ebd4e5480507'>commit</a><a href='/guix/diff/config-daemon.ac?id=f7b1b22e4b0b5c6867bbfed362b0ebd4e5480507'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/config-daemon.ac'>
<input type='hidden' name='id' value='f7b1b22e4b0b5c6867bbfed362b0ebd4e5480507'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=f7b1b22e4b0b5c6867bbfed362b0ebd4e5480507'>root</a>/<a href='/guix/log/config-daemon.ac?id=f7b1b22e4b0b5c6867bbfed362b0ebd4e5480507'>config-daemon.ac</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/config-daemon.ac?id=f7b1b22e4b0b5c6867bbfed362b0ebd4e5480507&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2019-11-27 00:03:03 +0100'>2019-11-27</span></td><td><a href='/guix/commit/config-daemon.ac?id=7738a72186583afb3bb2e0a866c8aba130372400'>daemon: GC remove-unused-links phase uses 'statx' when available.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-11-13 23:26:35 +0100'>2019-11-13</span></td><td><a href='/guix/commit/config-daemon.ac?id=298fb2907e3f432cea7dee9f58e89ab8d9dbd56f'>daemon: Don't include &lt;linux/fs.h&gt;.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-09-08 11:49:24 +0200'>2019-09-08</span></td><td><a href='/guix/commit/config-daemon.ac?id=f6919ebdc6b0ce0286814cc6ab0564b1a4c67f5f'>daemon: Run 'guix substitute' directly and assume a single substituter.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-09-08 11:49:24 +0200'>2019-09-08</span></td><td><a href='/guix/commit/config-daemon.ac?id=bc69ea2d605810cc32e13ed03d5848b8dc358b61'>daemon: Run 'guix offload' directly.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-09-08 11:49:24 +0200'>2019-09-08</span></td><td><a href='/guix/commit/config-daemon.ac?id=9fcc35c51fd579b3bb7b4f61cba6973675c3922c'>daemon: Run 'guix perform-download' directly.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-09-08 11:49:24 +0200'>2019-09-08</span></td><td><a href='/guix/commit/config-daemon.ac?id=0c684b7edfacada4f576855dbb09291f04a84fa2'>daemon: Run 'guix authenticate' directly.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-09-08 11:49:24 +0200'>2019-09-08</span></td><td><a href='/guix/commit/config-daemon.ac?id=2e3e5d21988fc2cafb2a9eaf4b00976ea425629d'>daemon: Invoke 'guix gc --list-busy' instead of 'list-runtime-roots'.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-05-01 11:05:47 +0200'>2019-05-01</span></td><td><a href='/guix/commit/config-daemon.ac?id=757e633d57a7b994759d69e41dd759a39f1a34ae'>build: Change default substitute server to "ci.guix.gnu.org".</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-12-04 10:57:56 +0100'>2018-12-04</span></td><td><a href='/guix/commit/config-daemon.ac?id=0a5fa004f7f21dc3e01747b8e94fbb21e056e4ca'>build: Default to https://ci.guix.info for substitutes.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-11-14 21:34:08 +0100'>2018-11-14</span></td><td><a href='/guix/commit/config-daemon.ac?id=0fe1fba4af41f267c4bb2c006fb37f42422ab703'>daemon: Install 'authenticate' script under LIBEXECDIR/guix.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-09-06 10:59:32 +0200'>2018-09-06</span></td><td><a href='/guix/commit/config-daemon.ac?id=888b64038db00c73467a05320c7c7f03070e5621'>build: Remove -L flag when $LIBGCRYPT_LIBDIR is empty.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>