tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2002/06/05 16:48:54 

[ssh-agent.c]
     copy current request into an extra buffer and just flush this
     request on errors, ok provos@
This commit is contained in:
Ben Lindstrom 2002-06-06 21:48:57 +00:00
parent b7788f3ebe
commit 21d1ed8303
2 changed files with 60 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -106,6 +106,10 @@
[ssh-agent.1 ssh-agent.c] [ssh-agent.1 ssh-agent.c]
'-a bind_address' binds the agent to user-specified unix-domain '-a bind_address' binds the agent to user-specified unix-domain
socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago). socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
- markus@cvs.openbsd.org 2002/06/05 16:48:54
[ssh-agent.c]
copy current request into an extra buffer and just flush this
request on errors, ok provos@
20020604 20020604
- (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
@ -790,4 +794,4 @@
- (stevesk) entropy.c: typo in debug message - (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@ - (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2172 2002/06/06 21:46:57 mouring Exp $ $Id: ChangeLog,v 1.2173 2002/06/06 21:48:57 mouring Exp $

97
ssh-agent.c
View File

@ -35,7 +35,7 @@
#include "includes.h" #include "includes.h"
#include "openbsd-compat/fake-queue.h" #include "openbsd-compat/fake-queue.h"
RCSID("$OpenBSD: ssh-agent.c,v 1.86 2002/06/05 16:08:07 markus Exp $"); RCSID("$OpenBSD: ssh-agent.c,v 1.87 2002/06/05 16:48:54 markus Exp $");
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/md5.h> #include <openssl/md5.h>
@ -66,6 +66,7 @@ typedef struct {
sock_type type; sock_type type;
Buffer input; Buffer input;
Buffer output; Buffer output;
Buffer request;
} SocketEntry; } SocketEntry;
u_int sockets_alloc = 0; u_int sockets_alloc = 0;
@ -190,16 +191,16 @@ process_authentication_challenge1(SocketEntry *e)
if ((challenge = BN_new()) == NULL) if ((challenge = BN_new()) == NULL)
fatal("process_authentication_challenge1: BN_new failed"); fatal("process_authentication_challenge1: BN_new failed");
buffer_get_int(&e->input); /* ignored */ buffer_get_int(&e->request); /* ignored */
buffer_get_bignum(&e->input, key->rsa->e); buffer_get_bignum(&e->request, key->rsa->e);
buffer_get_bignum(&e->input, key->rsa->n); buffer_get_bignum(&e->request, key->rsa->n);
buffer_get_bignum(&e->input, challenge); buffer_get_bignum(&e->request, challenge);
/* Only protocol 1.1 is supported */ /* Only protocol 1.1 is supported */
if (buffer_len(&e->input) == 0) if (buffer_len(&e->request) == 0)
goto failure; goto failure;
buffer_get(&e->input, session_id, 16); buffer_get(&e->request, session_id, 16);
response_type = buffer_get_int(&e->input); response_type = buffer_get_int(&e->request);
if (response_type != 1) if (response_type != 1)
goto failure; goto failure;
@ -255,10 +256,10 @@ process_sign_request2(SocketEntry *e)
datafellows = 0; datafellows = 0;
blob = buffer_get_string(&e->input, &blen); blob = buffer_get_string(&e->request, &blen);
data = buffer_get_string(&e->input, &dlen); data = buffer_get_string(&e->request, &dlen);
flags = buffer_get_int(&e->input); flags = buffer_get_int(&e->request);
if (flags & SSH_AGENT_OLD_SIGNATURE) if (flags & SSH_AGENT_OLD_SIGNATURE)
datafellows = SSH_BUG_SIGBLOB; datafellows = SSH_BUG_SIGBLOB;
@ -299,16 +300,16 @@ process_remove_identity(SocketEntry *e, int version)
switch (version) { switch (version) {
case 1: case 1:
key = key_new(KEY_RSA1); key = key_new(KEY_RSA1);
bits = buffer_get_int(&e->input); bits = buffer_get_int(&e->request);
buffer_get_bignum(&e->input, key->rsa->e); buffer_get_bignum(&e->request, key->rsa->e);
buffer_get_bignum(&e->input, key->rsa->n); buffer_get_bignum(&e->request, key->rsa->n);
if (bits != key_size(key)) if (bits != key_size(key))
log("Warning: identity keysize mismatch: actual %d, announced %d", log("Warning: identity keysize mismatch: actual %d, announced %d",
key_size(key), bits); key_size(key), bits);
break; break;
case 2: case 2:
blob = buffer_get_string(&e->input, &blen); blob = buffer_get_string(&e->request, &blen);
key = key_from_blob(blob, blen); key = key_from_blob(blob, blen);
xfree(blob); xfree(blob);
break; break;
@ -374,51 +375,51 @@ process_add_identity(SocketEntry *e, int version)
switch (version) { switch (version) {
case 1: case 1:
k = key_new_private(KEY_RSA1); k = key_new_private(KEY_RSA1);
buffer_get_int(&e->input); /* ignored */ buffer_get_int(&e->request); /* ignored */
buffer_get_bignum(&e->input, k->rsa->n); buffer_get_bignum(&e->request, k->rsa->n);
buffer_get_bignum(&e->input, k->rsa->e); buffer_get_bignum(&e->request, k->rsa->e);
buffer_get_bignum(&e->input, k->rsa->d); buffer_get_bignum(&e->request, k->rsa->d);
buffer_get_bignum(&e->input, k->rsa->iqmp); buffer_get_bignum(&e->request, k->rsa->iqmp);
/* SSH and SSL have p and q swapped */ /* SSH and SSL have p and q swapped */
buffer_get_bignum(&e->input, k->rsa->q); /* p */ buffer_get_bignum(&e->request, k->rsa->q); /* p */
buffer_get_bignum(&e->input, k->rsa->p); /* q */ buffer_get_bignum(&e->request, k->rsa->p); /* q */
/* Generate additional parameters */ /* Generate additional parameters */
rsa_generate_additional_parameters(k->rsa); rsa_generate_additional_parameters(k->rsa);
break; break;
case 2: case 2:
type_name = buffer_get_string(&e->input, NULL); type_name = buffer_get_string(&e->request, NULL);
type = key_type_from_name(type_name); type = key_type_from_name(type_name);
xfree(type_name); xfree(type_name);
switch (type) { switch (type) {
case KEY_DSA: case KEY_DSA:
k = key_new_private(type); k = key_new_private(type);
buffer_get_bignum2(&e->input, k->dsa->p); buffer_get_bignum2(&e->request, k->dsa->p);
buffer_get_bignum2(&e->input, k->dsa->q); buffer_get_bignum2(&e->request, k->dsa->q);
buffer_get_bignum2(&e->input, k->dsa->g); buffer_get_bignum2(&e->request, k->dsa->g);
buffer_get_bignum2(&e->input, k->dsa->pub_key); buffer_get_bignum2(&e->request, k->dsa->pub_key);
buffer_get_bignum2(&e->input, k->dsa->priv_key); buffer_get_bignum2(&e->request, k->dsa->priv_key);
break; break;
case KEY_RSA: case KEY_RSA:
k = key_new_private(type); k = key_new_private(type);
buffer_get_bignum2(&e->input, k->rsa->n); buffer_get_bignum2(&e->request, k->rsa->n);
buffer_get_bignum2(&e->input, k->rsa->e); buffer_get_bignum2(&e->request, k->rsa->e);
buffer_get_bignum2(&e->input, k->rsa->d); buffer_get_bignum2(&e->request, k->rsa->d);
buffer_get_bignum2(&e->input, k->rsa->iqmp); buffer_get_bignum2(&e->request, k->rsa->iqmp);
buffer_get_bignum2(&e->input, k->rsa->p); buffer_get_bignum2(&e->request, k->rsa->p);
buffer_get_bignum2(&e->input, k->rsa->q); buffer_get_bignum2(&e->request, k->rsa->q);
/* Generate additional parameters */ /* Generate additional parameters */
rsa_generate_additional_parameters(k->rsa); rsa_generate_additional_parameters(k->rsa);
break; break;
default: default:
buffer_clear(&e->input); buffer_clear(&e->request);
goto send; goto send;
} }
break; break;
} }
comment = buffer_get_string(&e->input, NULL); comment = buffer_get_string(&e->request, NULL);
if (k == NULL) { if (k == NULL) {
xfree(comment); xfree(comment);
goto send; goto send;
@ -452,8 +453,8 @@ process_add_smartcard_key (SocketEntry *e)
char *sc_reader_id = NULL, *pin; char *sc_reader_id = NULL, *pin;
int i, version, success = 0; int i, version, success = 0;
sc_reader_id = buffer_get_string(&e->input, NULL); sc_reader_id = buffer_get_string(&e->request, NULL);
pin = buffer_get_string(&e->input, NULL); pin = buffer_get_string(&e->request, NULL);
keys = sc_get_keys(sc_reader_id, pin); keys = sc_get_keys(sc_reader_id, pin);
xfree(sc_reader_id); xfree(sc_reader_id);
xfree(pin); xfree(pin);
@ -494,8 +495,8 @@ process_remove_smartcard_key(SocketEntry *e)
char *sc_reader_id = NULL, *pin; char *sc_reader_id = NULL, *pin;
int i, version, success = 0; int i, version, success = 0;
sc_reader_id = buffer_get_string(&e->input, NULL); sc_reader_id = buffer_get_string(&e->request, NULL);
pin = buffer_get_string(&e->input, NULL); pin = buffer_get_string(&e->request, NULL);
keys = sc_get_keys(sc_reader_id, pin); keys = sc_get_keys(sc_reader_id, pin);
xfree(sc_reader_id); xfree(sc_reader_id);
xfree(pin); xfree(pin);
@ -541,12 +542,20 @@ process_message(SocketEntry *e)
shutdown(e->fd, SHUT_RDWR); shutdown(e->fd, SHUT_RDWR);
close(e->fd); close(e->fd);
e->type = AUTH_UNUSED; e->type = AUTH_UNUSED;
buffer_free(&e->input);
buffer_free(&e->output);
buffer_free(&e->request);
return; return;
} }
if (buffer_len(&e->input) < msg_len + 4) if (buffer_len(&e->input) < msg_len + 4)
return; return;
/* move the current input to e->request */
buffer_consume(&e->input, 4); buffer_consume(&e->input, 4);
type = buffer_get_char(&e->input); buffer_clear(&e->request);
buffer_append(&e->request, buffer_ptr(&e->input), msg_len);
buffer_consume(&e->input, msg_len);
type = buffer_get_char(&e->request);
debug("type %d", type); debug("type %d", type);
switch (type) { switch (type) {
@ -593,7 +602,7 @@ process_message(SocketEntry *e)
default: default:
/* Unknown message. Respond with failure. */ /* Unknown message. Respond with failure. */
error("Unknown message %d", type); error("Unknown message %d", type);
buffer_clear(&e->input); buffer_clear(&e->request);
buffer_put_int(&e->output, 1); buffer_put_int(&e->output, 1);
buffer_put_char(&e->output, SSH_AGENT_FAILURE); buffer_put_char(&e->output, SSH_AGENT_FAILURE);
break; break;
@ -616,6 +625,7 @@ new_socket(sock_type type, int fd)
sockets[i].type = type; sockets[i].type = type;
buffer_init(&sockets[i].input); buffer_init(&sockets[i].input);
buffer_init(&sockets[i].output); buffer_init(&sockets[i].output);
buffer_init(&sockets[i].request);
return; return;
} }
old_alloc = sockets_alloc; old_alloc = sockets_alloc;
@ -630,6 +640,7 @@ new_socket(sock_type type, int fd)
sockets[old_alloc].fd = fd; sockets[old_alloc].fd = fd;
buffer_init(&sockets[old_alloc].input); buffer_init(&sockets[old_alloc].input);
buffer_init(&sockets[old_alloc].output); buffer_init(&sockets[old_alloc].output);
buffer_init(&sockets[old_alloc].request);
} }
static int static int
@ -727,6 +738,7 @@ after_select(fd_set *readset, fd_set *writeset)
sockets[i].type = AUTH_UNUSED; sockets[i].type = AUTH_UNUSED;
buffer_free(&sockets[i].input); buffer_free(&sockets[i].input);
buffer_free(&sockets[i].output); buffer_free(&sockets[i].output);
buffer_free(&sockets[i].request);
break; break;
} }
buffer_consume(&sockets[i].output, len); buffer_consume(&sockets[i].output, len);
@ -745,6 +757,7 @@ after_select(fd_set *readset, fd_set *writeset)
sockets[i].type = AUTH_UNUSED; sockets[i].type = AUTH_UNUSED;
buffer_free(&sockets[i].input); buffer_free(&sockets[i].input);
buffer_free(&sockets[i].output); buffer_free(&sockets[i].output);
buffer_free(&sockets[i].request);
break; break;
} }
buffer_append(&sockets[i].input, buf, len); buffer_append(&sockets[i].input, buf, len);