Attempt to fix the remaining key re-exchange bug

[PuTTY_svn.git] / ssh.c

diff --git a/ssh.c b/ssh.c
index 9354cba69a81056d252772f075c5311cde49ffda..7daae9f13b6f8f662bda5ab4f6b7d92d463f91fc 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -19,8 +19,9 @@
                       if ((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)) \
                       fprintf(stderr, "%s\n", s); }
 
-#define bombout(msg) ( ssh_state = SSH_STATE_CLOSED, sk_close(s), \
-                       s = NULL, connection_fatal msg )
+#define bombout(msg) ( ssh_state = SSH_STATE_CLOSED, \
+                          (s ? sk_close(s), s = NULL : (void)0), \
+                          connection_fatal msg )
 
 #define SSH1_MSG_DISCONNECT                       1    /* 0x1 */
 #define SSH1_SMSG_PUBLIC_KEY                      2    /* 0x2 */
@@ -1152,11 +1153,11 @@ static int ssh_receive(Socket skt, int urgent, char *data, int len) {
     if (urgent==3) {
         /* A socket error has occurred. */
         ssh_state = SSH_STATE_CLOSED;
+        sk_close(s);
         s = NULL;
         connection_fatal(data);
-        len = 0;
-    }
-    if (!len) {
+        return 0;
+    } else if (!len) {
        /* Connection has closed. */
        ssh_state = SSH_STATE_CLOSED;
        sk_close(s);
@@ -1218,7 +1219,7 @@ static char *connect_to_host(char *host, int port, char **realhost)
     /*
      * Open socket.
      */
-    s = sk_new(addr, port, 0, ssh_receive);
+    s = sk_new(addr, port, 0, 1, ssh_receive);
     if ( (err = sk_socket_error(s)) )
        return err;
 
@@ -2453,9 +2454,9 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
      * transport. If we ever see a KEXINIT, we must go back to the
      * start.
      */
-    do {
+    while (!(ispkt && pktin.type == SSH2_MSG_KEXINIT)) {
         crReturn(1);
-    } while (!(ispkt && pktin.type == SSH2_MSG_KEXINIT));
+    }
     logevent("Server initiated key re-exchange");
     goto begin_key_exchange;