Move the calculation of the exchange hash to above the various

warnings about insecure crypto components. The latter may crReturn
(though not in any current implementation, I believe), which
invalidates pktin, which is used by the former.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9921 cda61777-01e9-0310-a592-d414129be87e

diff --git a/ssh.c b/ssh.c
index db31d38..ea2ad97 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -5909,6 +5909,16 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
        ssh_pkt_getstring(pktin, &str, &len);  /* server->client language */
        s->ignorepkt = ssh2_pkt_getbool(pktin) && !s->guessok;
 
+       ssh->exhash = ssh->kex->hash->init();
+       hash_string(ssh->kex->hash, ssh->exhash, ssh->v_c, strlen(ssh->v_c));
+       hash_string(ssh->kex->hash, ssh->exhash, ssh->v_s, strlen(ssh->v_s));
+       hash_string(ssh->kex->hash, ssh->exhash,
+           s->our_kexinit, s->our_kexinitlen);
+       sfree(s->our_kexinit);
+       if (pktin->length > 5)
+           hash_string(ssh->kex->hash, ssh->exhash,
+               pktin->data + 5, pktin->length - 5);
+
        if (s->warn_kex) {
            ssh_set_frozen(ssh, 1);
            s->dlgret = askalg(ssh->frontend, "key-exchange algorithm",
@@ -5983,16 +5993,6 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
            }
        }
 
-       ssh->exhash = ssh->kex->hash->init();
-       hash_string(ssh->kex->hash, ssh->exhash, ssh->v_c, strlen(ssh->v_c));
-       hash_string(ssh->kex->hash, ssh->exhash, ssh->v_s, strlen(ssh->v_s));
-       hash_string(ssh->kex->hash, ssh->exhash,
-           s->our_kexinit, s->our_kexinitlen);
-       sfree(s->our_kexinit);
-       if (pktin->length > 5)
-           hash_string(ssh->kex->hash, ssh->exhash,
-               pktin->data + 5, pktin->length - 5);
-
        if (s->ignorepkt) /* first_kex_packet_follows */
            crWaitUntilV(pktin);                /* Ignore packet */
     }