X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=ssh.c;h=25b7414768f6a2878e89fb525114ebf92eaa54db;hb=b21e8ac60bac296a572a4b96fed3b09c07a98499;hp=63ea66a42088176e73c3fe92fdde7908c3d6045c;hpb=297ee2573ed51b5ca97880ffd3a9a51c5646a52d;p=PuTTY.git

diff --git a/ssh.c b/ssh.c
index 63ea66a4..25b74147 100644
--- a/ssh.c
+++ b/ssh.c
@@ -2834,8 +2834,11 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
 	}
 
 	/* Warn about chosen cipher if necessary. */
-	if (warn)
+	if (warn) {
+            sk_set_frozen(ssh->s, 1);
 	    askalg(ssh->frontend, "cipher", cipher_string);
+            sk_set_frozen(ssh->s, 0);
+        }
     }
 
     switch (s->cipher_type) {
@@ -4889,9 +4892,12 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen,
 		ssh->kex = k;
 	    }
 	    if (ssh->kex) {
-		if (s->warn)
+		if (s->warn) {
+                    sk_set_frozen(ssh->s, 1);
 		    askalg(ssh->frontend, "key-exchange algorithm",
 			   ssh->kex->name);
+                    sk_set_frozen(ssh->s, 0);
+                }
 		break;
 	    }
 	}
@@ -4922,9 +4928,12 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen,
 		}
 	    }
 	    if (s->cscipher_tobe) {
-		if (s->warn)
+		if (s->warn) {
+                    sk_set_frozen(ssh->s, 1);
 		    askalg(ssh->frontend, "client-to-server cipher",
 			   s->cscipher_tobe->name);
+                    sk_set_frozen(ssh->s, 0);
+                }
 		break;
 	    }
 	}
@@ -4949,9 +4958,12 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen,
 		}
 	    }
 	    if (s->sccipher_tobe) {
-		if (s->warn)
+		if (s->warn) {
+                    sk_set_frozen(ssh->s, 1);
 		    askalg(ssh->frontend, "server-to-client cipher",
 			   s->sccipher_tobe->name);
+                    sk_set_frozen(ssh->s, 0);
+                }
 		break;
 	    }
 	}
@@ -5108,9 +5120,11 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen,
      */
     s->keystr = ssh->hostkey->fmtkey(s->hkey);
     s->fingerprint = ssh->hostkey->fingerprint(s->hkey);
+    sk_set_frozen(ssh->s, 1);
     verify_ssh_host_key(ssh->frontend,
 			ssh->savedhost, ssh->savedport, ssh->hostkey->keytype,
 			s->keystr, s->fingerprint);
+    sk_set_frozen(ssh->s, 0);
     if (!s->got_session_id) {     /* don't bother logging this in rekeys */
 	logevent("Host key fingerprint is:");
 	logevent(s->fingerprint);
@@ -6119,6 +6133,10 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 		 */
 		if (!s->gotit)
 		    s->curr_prompt = 0;
+	    } else if (pktin->type == SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ) {
+		/* FIXME: perhaps we should support this? */
+		bombout(("PASSWD_CHANGEREQ not yet supported"));
+		crStopV;
 	    } else if (pktin->type != SSH2_MSG_USERAUTH_FAILURE) {
 		bombout(("Strange packet received during authentication: type %d",
 			 pktin->type));