DoNewKeys: reject SSH_MSG_NEWKEYS with non-empty payload

ejohnstown · ejohnstown · commit 404a5beae4d3 · 2026-05-15T10:37:18.000-07:00
Issue: F-2079
diff --git a/src/internal.c b/src/internal.c
@@ -6308,10 +6308,10 @@ static int DoNewKeys(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
     int ret = WS_SUCCESS;
 
     WOLFSSH_UNUSED(buf);
-    WOLFSSH_UNUSED(len);
     WOLFSSH_UNUSED(idx);
 
-    if (ssh == NULL || ssh->handshake == NULL)
+    /* RFC 4253 7.3: SSH_MSG_NEWKEYS has no payload. */
+    if (ssh == NULL || ssh->handshake == NULL || len != 0)
         ret = WS_BAD_ARGUMENT;
 
     if (ret == WS_SUCCESS) {
