From f33e26242cb99a5d7074f586e6ec0b2ed690a81e Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <grigorescu@gmail.com>
Date: Thu, 19 Mar 2015 21:43:07 -0400
Subject: [PATCH] SSH: Fix some edge-cases which created BinPAC exceptions

---
 src/analyzer/protocol/ssh/ssh-protocol.pac | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac
index 649db2c613..bbcd07d42e 100644
--- a/src/analyzer/protocol/ssh/ssh-protocol.pac
+++ b/src/analyzer/protocol/ssh/ssh-protocol.pac
@@ -6,17 +6,17 @@
 # We have 3 basic types of messages:
 #
 #  - SSH_Version messages just have a string with the banner string of the client or server
-#  - Encrypted messages have no usable data, but those never get passed in by SSH.cc
+#  - Encrypted messages have no usable data, so we'll just ignore them as best we can.
 #  - Finally, key exchange messages have a common format.
 
 type SSH_PDU(is_orig: bool) = case $context.connection.get_state(is_orig) of {
 	VERSION_EXCHANGE -> version   : SSH_Version(is_orig);
+	ENCRYPTED        -> encrypted : bytestring &length=1 &transient;
 	default          -> kex       : SSH_Key_Exchange(is_orig);
 } &byteorder=bigendian;
 
 type SSH_Version(is_orig: bool) = record {
 	version : bytestring &oneline;
-	pad     : bytestring &length=0 &transient;
 } &let {
 	update_state   : bool = $context.connection.update_state(KEX_INIT, is_orig);
 	update_version : bool = $context.connection.update_version(version, is_orig);