tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.

These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.

ok markus@

OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
This commit is contained in:
djm@openbsd.org 2018-01-23 05:27:21 +00:00 committed by Damien Miller
parent 7c77991f5d
commit 14b5c635d1
17 changed files with 111 additions and 303 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
auth2-hostbased.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-hostbased.c,v 1.32 2017/12/18 02:25:15 djm Exp $ */
/* $OpenBSD: auth2-hostbased.c,v 1.33 2018/01/23 05:27:21 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -62,7 +62,7 @@ userauth_hostbased(struct ssh *ssh)
Authctxt *authctxt = ssh->authctxt;
struct sshbuf *b;
struct sshkey *key = NULL;
char *pkalg, *cuser, *chost, *service;
char *pkalg, *cuser, *chost;
u_char *pkblob, *sig;
size_t alen, blen, slen;
int r, pktype, authenticated = 0;
@ -118,15 +118,13 @@ userauth_hostbased(struct ssh *ssh)
goto done;
}
service = ssh->compat & SSH_BUG_HBSERVICE ? "ssh-userauth" :
authctxt->service;
if ((b = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
/* reconstruct packet */
if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
(r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshbuf_put_cstring(b, authctxt->user)) != 0 ||
(r = sshbuf_put_cstring(b, service)) != 0 ||
(r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
(r = sshbuf_put_cstring(b, "hostbased")) != 0 ||
(r = sshbuf_put_string(b, pkalg, alen)) != 0 ||
(r = sshbuf_put_string(b, pkblob, blen)) != 0 ||

47
auth2-pubkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-pubkey.c,v 1.74 2017/12/21 00:00:28 djm Exp $ */
/* $OpenBSD: auth2-pubkey.c,v 1.75 2018/01/23 05:27:21 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -100,26 +100,10 @@ userauth_pubkey(struct ssh *ssh)
debug2("%s: disabled because of invalid user", __func__);
return 0;
}
if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0)
fatal("%s: sshpkt_get_u8 failed: %s", __func__, ssh_err(r));
if (ssh->compat & SSH_BUG_PKAUTH) {
debug2("%s: SSH_BUG_PKAUTH", __func__);
if ((b = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
/* no explicit pkalg given */
/* so we have to extract the pkalg from the pkblob */
/* XXX use sshbuf_from() */
if ((r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 ||
(r = sshbuf_put(b, pkblob, blen)) != 0 ||
(r = sshbuf_get_cstring(b, &pkalg, NULL)) != 0)
fatal("%s: failed: %s", __func__, ssh_err(r));
sshbuf_free(b);
} else {
if ((r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
(r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
fatal("%s: sshpkt_get_cstring failed: %s",
__func__, ssh_err(r));
}
if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
(r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
(r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
fatal("%s: parse request failed: %s", __func__, ssh_err(r));
pktype = sshkey_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */
@ -188,22 +172,11 @@ userauth_pubkey(struct ssh *ssh)
authctxt->style ? authctxt->style : "");
if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshbuf_put_cstring(b, userstyle)) != 0 ||
(r = sshbuf_put_cstring(b, ssh->compat & SSH_BUG_PKSERVICE ?
"ssh-userauth" : authctxt->service)) != 0)
fatal("%s: build packet failed: %s",
__func__, ssh_err(r));
if (ssh->compat & SSH_BUG_PKAUTH) {
if ((r = sshbuf_put_u8(b, have_sig)) != 0)
fatal("%s: build packet failed: %s",
__func__, ssh_err(r));
} else {
if ((r = sshbuf_put_cstring(b, "publickey")) != 0 ||
(r = sshbuf_put_u8(b, have_sig)) != 0 ||
(r = sshbuf_put_cstring(b, pkalg) != 0))
fatal("%s: build packet failed: %s",
__func__, ssh_err(r));
}
if ((r = sshbuf_put_string(b, pkblob, blen)) != 0)
(r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
(r = sshbuf_put_cstring(b, "publickey")) != 0 ||
(r = sshbuf_put_u8(b, have_sig)) != 0 ||
(r = sshbuf_put_cstring(b, pkalg) != 0) ||
(r = sshbuf_put_string(b, pkblob, blen)) != 0)
fatal("%s: build packet failed: %s",
__func__, ssh_err(r));
#ifdef DEBUG_PK

4
auth2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2.c,v 1.143 2017/06/24 06:34:38 djm Exp $ */
/* $OpenBSD: auth2.c,v 1.144 2018/01/23 05:27:21 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -153,7 +153,7 @@ userauth_banner(void)
{
char *banner = NULL;
if (options.banner == NULL || (datafellows & SSH_BUG_BANNER) != 0)
if (options.banner == NULL)
return;
if ((banner = PRIVSEP(auth2_read_banner())) == NULL)

4
authfd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfd.c,v 1.105 2017/07/01 13:50:45 djm Exp $ */
/* $OpenBSD: authfd.c,v 1.106 2018/01/23 05:27:21 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -353,8 +353,6 @@ ssh_agent_sign(int sock, const struct sshkey *key,
if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE)
return SSH_ERR_INVALID_ARGUMENT;
if (compat & SSH_BUG_SIGBLOB)
flags |= SSH_AGENT_OLD_SIGNATURE;
if ((msg = sshbuf_new()) == NULL)
return SSH_ERR_ALLOC_FAIL;
if ((r = sshkey_to_blob(key, &blob, &blen)) != 0)

45
channels.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.c,v 1.377 2017/12/05 01:30:19 djm Exp $ */
/* $OpenBSD: channels.c,v 1.378 2018/01/23 05:27:21 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1582,13 +1582,8 @@ channel_post_x11_listener(struct ssh *ssh, Channel *c,
SSH_CHANNEL_OPENING, newsock, newsock, -1,
c->local_window_max, c->local_maxpacket, 0, buf, 1);
open_preamble(ssh, __func__, nc, "x11");
if ((r = sshpkt_put_cstring(ssh, remote_ipaddr)) != 0) {
fatal("%s: channel %i: reply %s", __func__,
c->self, ssh_err(r));
}
if ((datafellows & SSH_BUG_X11FWD) != 0)
debug2("channel %d: ssh2 x11 bug compat mode", nc->self);
else if ((r = sshpkt_put_u32(ssh, remote_port)) != 0) {
if ((r = sshpkt_put_cstring(ssh, remote_ipaddr)) != 0 ||
(r = sshpkt_put_u32(ssh, remote_port)) != 0) {
fatal("%s: channel %i: reply %s", __func__,
c->self, ssh_err(r));
}
@ -1824,15 +1819,13 @@ channel_post_connecting(struct ssh *ssh, Channel *c,
if ((r = sshpkt_start(ssh,
SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 ||
(r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
(r = sshpkt_put_u32(ssh, SSH2_OPEN_CONNECT_FAILED))
!= 0)
fatal("%s: channel %i: failure: %s", __func__,
c->self, ssh_err(r));
if ((datafellows & SSH_BUG_OPENFAILURE) == 0 &&
((r = sshpkt_put_cstring(ssh, strerror(err))) != 0 ||
(r = sshpkt_put_cstring(ssh, "")) != 0))
(r = sshpkt_put_u32(ssh,
SSH2_OPEN_CONNECT_FAILED)) != 0 ||
(r = sshpkt_put_cstring(ssh, strerror(err))) != 0 ||
(r = sshpkt_put_cstring(ssh, "")) != 0) {
fatal("%s: channel %i: failure: %s", __func__,
c->self, ssh_err(r));
}
if ((r = sshpkt_send(ssh)) != 0)
fatal("%s: channel %i: %s", __func__, c->self,
ssh_err(r));
@ -3110,13 +3103,11 @@ channel_input_open_failure(int type, u_int32_t seq, struct ssh *ssh)
error("%s: reason: %s", __func__, ssh_err(r));
packet_disconnect("Invalid open failure message");
}
if ((datafellows & SSH_BUG_OPENFAILURE) == 0) {
/* skip language */
if ((r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 ||
(r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0) {
error("%s: message/lang: %s", __func__, ssh_err(r));
packet_disconnect("Invalid open failure message");
}
/* skip language */
if ((r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 ||
(r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0) {
error("%s: message/lang: %s", __func__, ssh_err(r));
packet_disconnect("Invalid open failure message");
}
ssh_packet_check_eom(ssh);
logit("channel %d: open failed: %s%s%s", c->self,
@ -3664,15 +3655,9 @@ static const char *
channel_rfwd_bind_host(const char *listen_host)
{
if (listen_host == NULL) {
if (datafellows & SSH_BUG_RFWD_ADDR)
return "127.0.0.1";
else
return "localhost";
return "localhost";
} else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0) {
if (datafellows & SSH_BUG_RFWD_ADDR)
return "0.0.0.0";
else
return "";
return "";
} else
return listen_host;
}

15
clientloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.c,v 1.309 2017/12/18 23:16:23 djm Exp $ */
/* $OpenBSD: clientloop.c,v 1.310 2018/01/23 05:27:21 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1541,12 +1541,7 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan)
return NULL;
}
originator = packet_get_string(NULL);
if (datafellows & SSH_BUG_X11FWD) {
debug2("buggy server: x11 request w/o originator_port");
originator_port = 0;
} else {
originator_port = packet_get_int();
}
originator_port = packet_get_int();
packet_check_eom();
/* XXX check permission */
debug("client_request_x11: request from %s %d", originator,
@ -1678,10 +1673,8 @@ client_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(rchan);
packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED);
if (!(datafellows & SSH_BUG_OPENFAILURE)) {
packet_put_cstring("open failed");
packet_put_cstring("");
}
packet_put_cstring("open failed");
packet_put_cstring("");
packet_send();
}
free(ctype);

71
compat.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: compat.c,v 1.104 2017/07/25 09:22:25 dtucker Exp $ */
/* $OpenBSD: compat.c,v 1.105 2018/01/23 05:27:21 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
@ -50,83 +50,20 @@ compat_datafellows(const char *version)
char *pat;
int bugs;
} check[] = {
{ "OpenSSH-2.0*,"
"OpenSSH-2.1*,"
"OpenSSH_2.1*,"
"OpenSSH_2.2*", SSH_OLD_SESSIONID|SSH_BUG_BANNER|
SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
{ "OpenSSH_2.3.0*", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES|
SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
{ "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX|
SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
SSH_OLD_FORWARD_ADDR},
{ "OpenSSH_2.5.0p1*,"
"OpenSSH_2.5.1p1*",
SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX|
SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
SSH_OLD_FORWARD_ADDR},
{ "OpenSSH_2.5.0*,"
"OpenSSH_2.5.1*,"
"OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
{ "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
SSH_OLD_FORWARD_ADDR},
{ "OpenSSH_2.*,"
"OpenSSH_3.0*,"
"OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
{ "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR },
{ "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
{ "OpenSSH_4*", 0 },
{ "OpenSSH_2*,"
"OpenSSH_3*,"
"OpenSSH_4*", 0 },
{ "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
{ "OpenSSH_6.6.1*", SSH_NEW_OPENSSH},
{ "OpenSSH_6.5*,"
"OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
{ "OpenSSH*", SSH_NEW_OPENSSH },
{ "*MindTerm*", 0 },
{ "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
SSH_BUG_FIRSTKEX },
{ "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
SSH_BUG_FIRSTKEX },
{ "2.0.13*,"
"2.0.14*,"
"2.0.15*,"
"2.0.16*,"
"2.0.17*,"
"2.0.18*,"
"2.0.19*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE|
SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
{ "2.0.11*,"
"2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKAUTH|SSH_BUG_PKOK|
SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
{ "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKAUTH|SSH_BUG_PKOK|
SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN|
SSH_BUG_FIRSTKEX },
{ "2.2.0*,"
"2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG|
SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX },
{ "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
SSH_BUG_FIRSTKEX },
{ "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */
{ "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX|
SSH_BUG_RFWD_ADDR },
{ "3.0.*", SSH_BUG_DEBUG },
{ "3.0 SecureCRT*", SSH_OLD_SESSIONID },
{ "1.7 SecureFX*", SSH_OLD_SESSIONID },

28
compat.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: compat.h,v 1.49 2017/04/30 23:13:25 djm Exp $ */
/* $OpenBSD: compat.h,v 1.50 2018/01/23 05:27:21 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
@ -32,31 +32,31 @@
#define SSH_PROTO_1_PREFERRED 0x02
#define SSH_PROTO_2 0x04
#define SSH_BUG_SIGBLOB 0x00000001
#define SSH_BUG_PKSERVICE 0x00000002
#define SSH_BUG_HMAC 0x00000004
#define SSH_BUG_X11FWD 0x00000008
/* #define unused 0x00000001 */
/* #define unused 0x00000002 */
/* #define unused 0x00000004 */
/* #define unused 0x00000008 */
#define SSH_OLD_SESSIONID 0x00000010
#define SSH_BUG_PKAUTH 0x00000020
/* #define unused 0x00000020 */
#define SSH_BUG_DEBUG 0x00000040
#define SSH_BUG_BANNER 0x00000080
/* #define unused 0x00000080 */
#define SSH_BUG_IGNOREMSG 0x00000100
#define SSH_BUG_PKOK 0x00000200
/* #define unused 0x00000200 */
#define SSH_BUG_PASSWORDPAD 0x00000400
#define SSH_BUG_SCANNER 0x00000800
#define SSH_BUG_BIGENDIANAES 0x00001000
#define SSH_BUG_RSASIGMD5 0x00002000
#define SSH_OLD_DHGEX 0x00004000
#define SSH_BUG_NOREKEY 0x00008000
#define SSH_BUG_HBSERVICE 0x00010000
#define SSH_BUG_OPENFAILURE 0x00020000
#define SSH_BUG_DERIVEKEY 0x00040000
#define SSH_BUG_DUMMYCHAN 0x00100000
/* #define unused 0x00010000 */
/* #define unused 0x00020000 */
/* #define unused 0x00040000 */
/* #define unused 0x00100000 */
#define SSH_BUG_EXTEOF 0x00200000
#define SSH_BUG_PROBE 0x00400000
#define SSH_BUG_FIRSTKEX 0x00800000
/* #define unused 0x00800000 */
#define SSH_OLD_FORWARD_ADDR 0x01000000
#define SSH_BUG_RFWD_ADDR 0x02000000
/* #define unused 0x02000000 */
#define SSH_NEW_OPENSSH 0x04000000
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
#define SSH_BUG_CURVE25519PAD 0x10000000

8
kex.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.c,v 1.134 2017/06/13 12:13:59 djm Exp $ */
/* $OpenBSD: kex.c,v 1.135 2018/01/23 05:27:21 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@ -675,9 +675,6 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server)
free(name);
return SSH_ERR_INTERNAL_ERROR;
}
/* truncate the key */
if (ssh->compat & SSH_BUG_HMAC)
mac->key_len = 16;
mac->name = name;
mac->key = NULL;
mac->enabled = 0;
@ -866,8 +863,7 @@ kex_choose_conf(struct ssh *ssh)
kex->dh_need = dh_need;
/* ignore the next message if the proposals do not match */
if (first_kex_follows && !proposals_match(my, peer) &&
!(ssh->compat & SSH_BUG_FIRSTKEX))
if (first_kex_follows && !proposals_match(my, peer))
ssh->dispatch_skip_packets = 1;
r = 0;
out:

21
monitor.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.177 2017/12/21 00:00:28 djm Exp $ */
/* $OpenBSD: monitor.c,v 1.178 2018/01/23 05:27:21 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -1255,18 +1255,13 @@ monitor_valid_userblob(u_char *data, u_int datalen)
free(userstyle);
free(cp);
buffer_skip_string(&b);
if (datafellows & SSH_BUG_PKAUTH) {
if (!buffer_get_char(&b))
fail++;
} else {
cp = buffer_get_cstring(&b, NULL);
if (strcmp("publickey", cp) != 0)
fail++;
free(cp);
if (!buffer_get_char(&b))
fail++;
buffer_skip_string(&b);
}
cp = buffer_get_cstring(&b, NULL);
if (strcmp("publickey", cp) != 0)
fail++;
free(cp);
if (!buffer_get_char(&b))
fail++;
buffer_skip_string(&b);
buffer_skip_string(&b);
if (buffer_len(&b) != 0)
fail++;

8
serverloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: serverloop.c,v 1.202 2017/12/18 23:16:24 djm Exp $ */
/* $OpenBSD: serverloop.c,v 1.203 2018/01/23 05:27:21 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -655,10 +655,8 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(rchan);
packet_put_int(reason);
if (!(datafellows & SSH_BUG_OPENFAILURE)) {
packet_put_cstring(errmsg ? errmsg : "open failed");
packet_put_cstring("");
}
packet_put_cstring(errmsg ? errmsg : "open failed");
packet_put_cstring("");
packet_send();
}
free(ctype);

4
ssh-agent.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-agent.c,v 1.226 2017/11/15 02:10:16 djm Exp $ */
/* $OpenBSD: ssh-agent.c,v 1.227 2018/01/23 05:27:21 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -292,8 +292,6 @@ process_sign_request2(SocketEntry *e)
goto send;
}
if (flags & SSH_AGENT_OLD_SIGNATURE)
compat = SSH_BUG_SIGBLOB;
if ((id = lookup_identity(key)) == NULL) {
verbose("%s: %s key not found", __func__, sshkey_type(key));
goto send;

81
ssh-dss.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-dss.c,v 1.35 2016/04/21 06:08:02 djm Exp $ */
/* $OpenBSD: ssh-dss.c,v 1.36 2018/01/23 05:27:21 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -86,38 +86,25 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen);
if (compat & SSH_BUG_SIGBLOB) {
if (sigp != NULL) {
if ((*sigp = malloc(SIGBLOB_LEN)) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
memcpy(*sigp, sigblob, SIGBLOB_LEN);
}
if (lenp != NULL)
*lenp = SIGBLOB_LEN;
ret = 0;
} else {
/* ietf-drafts */
if ((b = sshbuf_new()) == NULL) {
if ((b = sshbuf_new()) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 ||
(ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
goto out;
len = sshbuf_len(b);
if (sigp != NULL) {
if ((*sigp = malloc(len)) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 ||
(ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
goto out;
len = sshbuf_len(b);
if (sigp != NULL) {
if ((*sigp = malloc(len)) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
memcpy(*sigp, sshbuf_ptr(b), len);
}
if (lenp != NULL)
*lenp = len;
ret = 0;
memcpy(*sigp, sshbuf_ptr(b), len);
}
if (lenp != NULL)
*lenp = len;
ret = 0;
out:
explicit_bzero(digest, sizeof(digest));
if (sig != NULL)
@ -146,28 +133,20 @@ ssh_dss_verify(const struct sshkey *key,
return SSH_ERR_INTERNAL_ERROR;
/* fetch signature */
if (compat & SSH_BUG_SIGBLOB) {
if ((sigblob = malloc(signaturelen)) == NULL)
return SSH_ERR_ALLOC_FAIL;
memcpy(sigblob, signature, signaturelen);
len = signaturelen;
} else {
/* ietf-drafts */
if ((b = sshbuf_from(signature, signaturelen)) == NULL)
return SSH_ERR_ALLOC_FAIL;
if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
sshbuf_get_string(b, &sigblob, &len) != 0) {
ret = SSH_ERR_INVALID_FORMAT;
goto out;
}
if (strcmp("ssh-dss", ktype) != 0) {
ret = SSH_ERR_KEY_TYPE_MISMATCH;
goto out;
}
if (sshbuf_len(b) != 0) {
ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
goto out;
}
if ((b = sshbuf_from(signature, signaturelen)) == NULL)
return SSH_ERR_ALLOC_FAIL;
if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
sshbuf_get_string(b, &sigblob, &len) != 0) {
ret = SSH_ERR_INVALID_FORMAT;
goto out;
}
if (strcmp("ssh-dss", ktype) != 0) {
ret = SSH_ERR_KEY_TYPE_MISMATCH;
goto out;
}
if (sshbuf_len(b) != 0) {
ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
goto out;
}
if (len != SIGBLOB_LEN) {

4
ssh.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh.c,v 1.470 2018/01/23 05:06:25 djm Exp $ */
/* $OpenBSD: ssh.c,v 1.471 2018/01/23 05:27:21 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1931,7 +1931,7 @@ ssh_session2(struct ssh *ssh, struct passwd *pw)
if (options.control_persist && muxserver_sock == -1)
ssh_init_stdio_forwarding(ssh);
if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN))
if (!no_shell_flag)
id = ssh_session2_open(ssh);
else {
packet_set_interactive(

5
sshconnect.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect.c,v 1.290 2018/01/23 05:17:04 djm Exp $ */
/* $OpenBSD: sshconnect.c,v 1.291 2018/01/23 05:27:21 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -617,9 +617,6 @@ ssh_exchange_identification(int timeout_ms)
if (mismatch)
fatal("Protocol major versions differ: %d vs. %d",
PROTOCOL_MAJOR_2, remote_major);
if ((datafellows & SSH_BUG_DERIVEKEY) != 0)
fatal("Server version \"%.100s\" uses unsafe key agreement; "
"refusing connection", remote_version);
if ((datafellows & SSH_BUG_RSASIGMD5) != 0)
logit("Server version \"%.100s\" uses unsafe RSA signature "
"scheme; disabling use of RSA keys", remote_version);

55
sshconnect2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect2.c,v 1.266 2017/08/27 00:38:41 dtucker Exp $ */
/* $OpenBSD: sshconnect2.c,v 1.267 2018/01/23 05:27:21 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@ -578,7 +578,6 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
Authctxt *authctxt = ssh->authctxt;
struct sshkey *key = NULL;
Identity *id = NULL;
Buffer b;
int pktype, sent = 0;
u_int alen, blen;
char *pkalg, *fp;
@ -586,18 +585,9 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
if (authctxt == NULL)
fatal("input_userauth_pk_ok: no authentication context");
if (datafellows & SSH_BUG_PKOK) {
/* this is similar to SSH_BUG_PKAUTH */
debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
pkblob = packet_get_string(&blen);
buffer_init(&b);
buffer_append(&b, pkblob, blen);
pkalg = buffer_get_string(&b, &alen);
buffer_free(&b);
} else {
pkalg = packet_get_string(&alen);
pkblob = packet_get_string(&blen);
}
pkalg = packet_get_string(&alen);
pkblob = packet_get_string(&blen);
packet_check_eom();
debug("Server accepts key: pkalg %s blen %u", pkalg, blen);
@ -1100,17 +1090,10 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
}
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, authctxt->server_user);
buffer_put_cstring(&b,
datafellows & SSH_BUG_PKSERVICE ?
"ssh-userauth" :
authctxt->service);
if (datafellows & SSH_BUG_PKAUTH) {
buffer_put_char(&b, have_sig);
} else {
buffer_put_cstring(&b, authctxt->method->name);
buffer_put_char(&b, have_sig);
buffer_put_cstring(&b, key_sign_encode(id->key));
}
buffer_put_cstring(&b, authctxt->service);
buffer_put_cstring(&b, authctxt->method->name);
buffer_put_char(&b, have_sig);
buffer_put_cstring(&b, key_sign_encode(id->key));
buffer_put_string(&b, blob, bloblen);
/*
@ -1170,19 +1153,6 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
if (datafellows & SSH_BUG_PKSERVICE) {
buffer_clear(&b);
buffer_append(&b, session_id2, session_id2_len);
skip = session_id2_len;
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, authctxt->server_user);
buffer_put_cstring(&b, authctxt->service);
buffer_put_cstring(&b, authctxt->method->name);
buffer_put_char(&b, have_sig);
if (!(datafellows & SSH_BUG_PKAUTH))
buffer_put_cstring(&b, key_ssh_name(id->key));
buffer_put_string(&b, blob, bloblen);
}
free(blob);
/* append signature */
@ -1224,8 +1194,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id)
packet_put_cstring(authctxt->service);
packet_put_cstring(authctxt->method->name);
packet_put_char(have_sig);
if (!(datafellows & SSH_BUG_PKAUTH))
packet_put_cstring(key_sign_encode(id->key));
packet_put_cstring(key_sign_encode(id->key));
packet_put_string(blob, bloblen);
free(blob);
packet_send();
@ -1741,7 +1710,6 @@ userauth_hostbased(Authctxt *authctxt)
struct ssh *ssh = active_state;
struct sshkey *private = NULL;
struct sshbuf *b = NULL;
const char *service;
u_char *sig = NULL, *keyblob = NULL;
char *fp = NULL, *chost = NULL, *lname = NULL;
size_t siglen = 0, keylen = 0;
@ -1812,9 +1780,6 @@ userauth_hostbased(Authctxt *authctxt)
xasprintf(&chost, "%s.", lname);
debug2("%s: chost %s", __func__, chost);
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
authctxt->service;
/* construct data */
if ((b = sshbuf_new()) == NULL) {
error("%s: sshbuf_new failed", __func__);
@ -1827,7 +1792,7 @@ userauth_hostbased(Authctxt *authctxt)
if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
(r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 ||
(r = sshbuf_put_cstring(b, service)) != 0 ||
(r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
(r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 ||
(r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 ||
(r = sshbuf_put_string(b, keyblob, keylen)) != 0 ||

6
sshd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.501 2018/01/23 05:12:12 djm Exp $ */
/* $OpenBSD: sshd.c,v 1.502 2018/01/23 05:27:21 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -446,10 +446,6 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
logit("Client version \"%.100s\" uses unsafe RSA signature "
"scheme; disabling use of RSA keys", remote_version);
}
if ((ssh->compat & SSH_BUG_DERIVEKEY) != 0) {
fatal("Client version \"%.100s\" uses unsafe key agreement; "
"refusing connection", remote_version);
}
chop(server_version_string);
debug("Local version string %.200s", server_version_string);