#

# Unregister the KEXINIT handler after message has been received.

#

# CVE-2016-8858

#

# Patch source: upstream

# https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe

#

# We will drop this patch when upgrading to OpenSSH 7.4 or later.

#

diff -pur old/kex.c new/kex.c

--- old/kex.c

+++ new/kex.c

@@ -517,6 +517,7 @@ kex_input_kexinit(int type, u_int32_t se

if (kex == NULL)

return SSH_ERR_INVALID_ARGUMENT;

+ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);

ptr = sshpkt_ptr(ssh, &dlen);

if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)

return r;