tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-30 17:25:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2001/02/28 09:57:07

Browse Source 
[packet.c packet.h sshconnect2.c]
     in ssh protocol v2 use ignore messages for padding (instead of
     trailing \0).
This commit is contained in:
Ben Lindstrom 2001-03-05 06:17:49 +00:00
parent 7fbd455c78
commit 5699c5f9ac
4 changed files with 69 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -72,6 +72,10 @@
[channels.c nchan.c nchan.h] [channels.c nchan.c nchan.h]
make sure remote stderr does not get truncated. make sure remote stderr does not get truncated.
remove closed fd's from the select mask. remove closed fd's from the select mask.
- markus@cvs.openbsd.org 2001/02/28 09:57:07
[packet.c packet.h sshconnect2.c]
in ssh protocol v2 use ignore messages for padding (instead of
trailing \0).
20010304 20010304
- (bal) Remove make-ssh-known-hosts.1 since it's no longer valid. - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
@ -4264,4 +4268,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.872 2001/03/05 06:16:11 mouring Exp $ $Id: ChangeLog,v 1.873 2001/03/05 06:17:49 mouring Exp $

56
packet.c
View File

@ -37,7 +37,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: packet.c,v 1.52 2001/02/27 10:35:27 markus Exp $"); RCSID("$OpenBSD: packet.c,v 1.53 2001/02/28 09:57:06 markus Exp $");
#include "xmalloc.h" #include "xmalloc.h"
#include "buffer.h" #include "buffer.h"
@ -1305,3 +1305,57 @@ packet_set_maxsize(int s)
max_packet_size = s; max_packet_size = s;
return s; return s;
} }
/*
* 9.2. Ignored Data Message
*
* byte SSH_MSG_IGNORE
* string data
*
* All implementations MUST understand (and ignore) this message at any
* time (after receiving the protocol version). No implementation is
* required to send them. This message can be used as an additional
* protection measure against advanced traffic analysis techniques.
*/
/* size of current + ignore message should be n*sumlen bytes (w/o mac) */
void
packet_inject_ignore(int sumlen)
{
u_int32_t rand = 0;
int i, blocksize, padlen, have, need, nb, mini, nbytes;
Enc *enc = NULL;
if (use_ssh2_packet_format == 0)
return;
have = buffer_len(&outgoing_packet);
debug2("packet_inject_ignore: current %d", have);
if (kex != NULL)
enc = &kex->enc[MODE_OUT];
blocksize = enc ? enc->cipher->block_size : 8;
padlen = blocksize - (have % blocksize);
if (padlen < 4)
padlen += blocksize;
have += padlen;
have /= blocksize; /* # of blocks for current message */
nb = roundup(sumlen, blocksize) / blocksize; /* blocks for both */
mini = roundup(5+1+4+4, blocksize) / blocksize; /* minsize ignore msg */
need = nb - (have % nb); /* blocks for ignore */
if (need <= mini)
need += nb;
nbytes = (need - mini) * blocksize; /* size of ignore payload */
debug2("packet_inject_ignore: block %d have %d nb %d mini %d need %d",
blocksize, have, nb, mini, need);
/* enqueue current message and append a ignore message */
packet_send();
packet_start(SSH2_MSG_IGNORE);
packet_put_int(nbytes);
for(i = 0; i < nbytes; i++) {
if (i % 4 == 0)
rand = arc4random();
packet_put_char(rand & 0xff);
rand >>= 8;
}
}

5
packet.h
View File

@ -11,7 +11,7 @@
* called by a name other than "ssh" or "Secure Shell". * called by a name other than "ssh" or "Secure Shell".
*/ */
/* RCSID("$OpenBSD: packet.h,v 1.19 2001/01/13 18:32:50 markus Exp $"); */ /* RCSID("$OpenBSD: packet.h,v 1.20 2001/02/28 09:57:07 markus Exp $"); */
#ifndef PACKET_H #ifndef PACKET_H
#define PACKET_H #define PACKET_H
@ -214,4 +214,7 @@ void packet_set_ssh2_format(void);
/* returns remaining payload bytes */ /* returns remaining payload bytes */
int packet_remaining(void); int packet_remaining(void);
/* append an ignore message */
void packet_inject_ignore(int sumlen);
#endif /* PACKET_H */ #endif /* PACKET_H */

8
sshconnect2.c
View File

@ -23,7 +23,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: sshconnect2.c,v 1.48 2001/02/15 23:19:59 markus Exp $"); RCSID("$OpenBSD: sshconnect2.c,v 1.49 2001/02/28 09:57:07 markus Exp $");
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/md5.h> #include <openssl/md5.h>
@ -658,9 +658,10 @@ userauth_passwd(Authctxt *authctxt)
packet_put_cstring(authctxt->service); packet_put_cstring(authctxt->service);
packet_put_cstring(authctxt->method->name); packet_put_cstring(authctxt->method->name);
packet_put_char(0); packet_put_char(0);
ssh_put_password(password); packet_put_cstring(password);
memset(password, 0, strlen(password)); memset(password, 0, strlen(password));
xfree(password); xfree(password);
packet_inject_ignore(64);
packet_send(); packet_send();
packet_write_wait(); packet_write_wait();
return 1; return 1;
@ -928,13 +929,14 @@ input_userauth_info_req(int type, int plen, void *ctxt)
response = cli_prompt(prompt, echo); response = cli_prompt(prompt, echo);
ssh_put_password(response); packet_put_cstring(response);
memset(response, 0, strlen(response)); memset(response, 0, strlen(response));
xfree(response); xfree(response);
xfree(prompt); xfree(prompt);
} }
packet_done(); /* done with parsing incoming message. */ packet_done(); /* done with parsing incoming message. */
packet_inject_ignore(64);
packet_send(); packet_send();
packet_write_wait(); packet_write_wait();
} }