Urban Boquist wrote:
> I see a completely reproducible problem when I cvs update over ssh
> from anoncvs.netbsd.org. Or more precisely, I see the problem if I use
> OpenSSH as shipped with NetBSD-current, but not if I use good old
> ssh-1.2.27.

There's a bug in detect_attack(). Too small datasize (16 bits), in
combination with a quadrupling rather than doubling when finding the
size of a hash vector.

Apply the patch below, and it should work. I've meant to send-pr this,
but I've waited a few days so that it doesn't cause any problem. It
hasn't so far, so if anybody wants do update the repository...

Index: deattack.c
===================================================================
RCS file: /cvsroot/basesrc/crypto/dist/ssh/deattack.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 deattack.c
--- deattack.c	2000/09/28 22:10:01	1.1.1.1
+++ deattack.c	2000/10/26 19:40:13
@@ -92,7 +92,7 @@
 detect_attack(unsigned char *buf, u_int32_t len, unsigned char *IV)
 {
 	static u_int16_t *h = (u_int16_t *) NULL;
-	static u_int16_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
+	static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
 	register u_int32_t i, j;
 	u_int32_t l;
 	register unsigned char *c;
@@ -102,7 +102,7 @@
 	    len % SSH_BLOCKSIZE != 0) {
 		fatal("detect_attack: bad length %d", len);
 	}
-	for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2)
+	for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 1)
 		;
 
 	if (h == NULL) {

-- 
Michael Eriksson <eramore@era-t.ericsson.se>
NO CARRIER