From 06946b4d4b3816fc2b26dd650a0b9d379fabdd85 Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Mon, 22 Jun 2015 19:36:57 +0100
Subject: [PATCH] Fix a mismerge in kex null-pointer checks.

I removed a vital line of code while fixing the merge conflicts when
cherry-picking 1eb578a488a71284d6b18e46df301e54805f2c35 as
26fe1e26c0f7ab42440332882295667d4a0ac500, causing Diffie-Hellman key
exchange to be completely broken because the server's host key was
never constructed to verify the signature with. Reinstate it.
---
 ssh.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssh.c b/ssh.c
index a37b0441..a41a576c 100644
--- a/ssh.c
+++ b/ssh.c
@@ -6672,6 +6672,7 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
             bombout(("unable to parse key exchange reply packet"));
             crStopV;
         }
+        s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
         s->f = ssh2_pkt_getmp(pktin);
         if (!s->f) {
             bombout(("unable to parse key exchange reply packet"));
-- 
2.45.2