From 8ff7dce46d2ac5b239d6041da019503696be82ba Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Thu, 7 Dec 2017 20:29:49 +0800
Subject: [PATCH] sshd: protect against NULL kex

---
 plugins/ssh-base/sshd.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/plugins/ssh-base/sshd.c b/plugins/ssh-base/sshd.c
index 97e52453..85ec9de4 100644
--- a/plugins/ssh-base/sshd.c
+++ b/plugins/ssh-base/sshd.c
@@ -634,6 +634,10 @@ again:
 					pss->parser_state = SSH_KEX_STATE_SKIP;
 					break;
 				}
+				if (!pss->kex) {
+					lwsl_notice("%s: SSH_MSG_KEXINIT: NULL pss->kex\n", __func__);
+					goto bail;
+				}
 				pss->parser_state = SSH_KEX_STATE_COOKIE;
 				pss->kex->I_C_payload_len = 0;
 				pss->kex->I_C_alloc_len = pss->msg_len;