From db83b7180a686ecfa48da1ec83f31aa495de4a1d Mon Sep 17 00:00:00 2001
From: markus <markus@openbsd.org>
Date: Tue, 20 Jan 2015 20:16:21 +0000
Subject: [PATCH] kex_setup errors are fatal()

---
 usr.bin/ssh/sshconnect2.c | 6 ++++--
 usr.bin/ssh/sshd.c        | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index b8b5a55db39..e8fe45a68f9 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.220 2015/01/20 07:56:44 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.221 2015/01/20 20:16:21 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -152,6 +152,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
 {
 	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
 	struct kex *kex;
+	int r;
 
 	xxx_host = host;
 	xxx_hostaddr = hostaddr;
@@ -198,7 +199,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
 		    (time_t)options.rekey_interval);
 
 	/* start key exchange */
-	kex_setup(active_state, myproposal);
+	if ((r = kex_setup(active_state, myproposal)) != 0)
+		fatal("kex_setup: %s", ssh_err(r));
 	kex = active_state->kex;
 #ifdef WITH_OPENSSL
 	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 910dd9cb49c..d318851411e 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.436 2015/01/19 20:20:20 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.437 2015/01/20 20:16:21 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2292,6 +2292,7 @@ do_ssh2_kex(void)
 {
 	char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
 	struct kex *kex;
+	int r;
 
 	if (options.ciphers != NULL) {
 		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
@@ -2327,7 +2328,8 @@ do_ssh2_kex(void)
 	    list_hostkey_types());
 
 	/* start key exchange */
-	kex_setup(active_state, myproposal);
+	if ((r = kex_setup(active_state, myproposal)) != 0)
+		fatal("kex_setup: %s", ssh_err(r));
 	kex = active_state->kex;
 #ifdef WITH_OPENSSL
 	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
-- 
2.20.1