===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth2.c,v
retrieving revision 1.167
retrieving revision 1.168
diff -u -r1.167 -r1.168
--- src/usr.bin/ssh/auth2.c	2023/08/28 09:48:11	1.167
+++ src/usr.bin/ssh/auth2.c	2023/12/18 14:45:49	1.168
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.167 2023/08/28 09:48:11 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.168 2023/12/18 14:45:49 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -55,6 +55,7 @@
 #include "monitor_wrap.h"
 #include "ssherr.h"
 #include "digest.h"
+#include "kex.h"
 
 /* import */
 extern ServerOptions options;
@@ -162,6 +163,8 @@
 	Authctxt *authctxt = ssh->authctxt;
 
 	ssh_dispatch_init(ssh, &dispatch_protocol_error);
+	if (ssh->kex->ext_info_c)
+		ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_input_ext_info);
 	ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_REQUEST, &input_service_request);
 	ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt->success);
 	ssh->authctxt = NULL;
@@ -201,6 +204,7 @@
 		debug("bad service request %s", service);
 		ssh_packet_disconnect(ssh, "bad service request %s", service);
 	}
+	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &dispatch_protocol_error);
 	r = 0;
  out:
 	free(service);
@@ -296,6 +300,8 @@
 		if (use_privsep)
 			mm_inform_authserv(service, style);
 		userauth_banner(ssh);
+		if ((r = kex_server_update_ext_info(ssh)) != 0)
+			fatal_fr(r, "kex_server_update_ext_info failed");
 		if (auth2_setup_methods_lists(authctxt) != 0)
 			ssh_packet_disconnect(ssh,
 			    "no authentication methods enabled");