When emitting SSH_MSG_IGNORE to protect against known-IV attacks on CBC,

remember to put an empty string in it rather than sending a completely
empty packet.  This should help with those servers (notably RomSShell)
that actually check the contents of SSH_MSG_IGNORE.

[originally from svn r7236]

diff --git a/ssh.c b/ssh.c
index 137e4607f1d01edc40b1b7f4d1945c0878e07467..d4d3d06aa62d24810344fc7f366e234f9d6eeb8b 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -1864,6 +1864,7 @@ static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt, int noignore)
         * get encrypted with a known IV.
         */
        struct Packet *ipkt = ssh2_pkt_init(SSH2_MSG_IGNORE);
+       ssh2_pkt_addstring_start(ipkt);
        ssh2_pkt_defer_noqueue(ssh, ipkt, TRUE);
     }
     len = ssh2_pkt_construct(ssh, pkt);