From 201029797b260eee894b12d488bce6022290bf67 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 18 Jul 2025 15:43:26 -0600 Subject: [PATCH] only send ext info once after SSH_MSG_NEWKEYS --- src/internal.c | 6 +++++- wolfssh/internal.h | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 080ded6f3..912315ca2 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4080,7 +4080,7 @@ static int DoKexInit(WOLFSSH* ssh, byte* buf, word32 len, word32* idx) if (ret == WS_SUCCESS) { /* Only checking for this is we are server. Our client does * not have anything to say to a server, yet. */ - if (side == WOLFSSH_ENDPOINT_SERVER) { + if (side == WOLFSSH_ENDPOINT_SERVER && !ssh->extInfoSent) { byte extInfo; /* Match the client accepts extInfo. */ @@ -13216,6 +13216,10 @@ int SendExtInfo(WOLFSSH* ssh) } if (ret == WS_SUCCESS) { + ssh->sendExtInfo = 0; + ssh->extInfoSent = 1; /* RFC 8308 section 2.4 ext. info should only be + * sent after SSH_MSG_NEWKEYS or after + * SSH_MSG_USERAUTH_SUCCESS. Not on re-key */ ret = wolfSSH_SendPacket(ssh); } diff --git a/wolfssh/internal.h b/wolfssh/internal.h index 1b60139a1..26c3a05b0 100644 --- a/wolfssh/internal.h +++ b/wolfssh/internal.h @@ -844,6 +844,7 @@ struct WOLFSSH { byte sendTerminalRequest; byte userAuthPkDone; byte sendExtInfo; + byte extInfoSent; /* track if the ext info has already been sent */ byte* peerSigId; word32 peerSigIdSz;