upstream: use sshpkt_fatal() for kex_exchange_identification()
errors. This ensures that the logged errors are consistent with other transport- layer errors and that the relevant IP addresses are logged. bz3129 ok dtucker@ OpenBSD-Commit-ID: 2c22891f0b9e1a6cd46771cedbb26ac96ec2e6ab
This commit is contained in:
parent
eef88418f9
commit
5becbec023
14
kex.c
14
kex.c
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: kex.c,v 1.157 2020/02/26 13:40:09 jsg Exp $ */
|
/* $OpenBSD: kex.c,v 1.158 2020/03/13 04:01:56 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -1167,7 +1167,7 @@ int
|
||||||
kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
||||||
const char *version_addendum)
|
const char *version_addendum)
|
||||||
{
|
{
|
||||||
int remote_major, remote_minor, mismatch;
|
int remote_major, remote_minor, mismatch, oerrno = 0;
|
||||||
size_t len, i, n;
|
size_t len, i, n;
|
||||||
int r, expect_nl;
|
int r, expect_nl;
|
||||||
u_char c;
|
u_char c;
|
||||||
|
@ -1186,6 +1186,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
||||||
PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
|
PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
|
||||||
version_addendum == NULL ? "" : " ",
|
version_addendum == NULL ? "" : " ",
|
||||||
version_addendum == NULL ? "" : version_addendum)) != 0) {
|
version_addendum == NULL ? "" : version_addendum)) != 0) {
|
||||||
|
oerrno = errno;
|
||||||
error("%s: sshbuf_putf: %s", __func__, ssh_err(r));
|
error("%s: sshbuf_putf: %s", __func__, ssh_err(r));
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -1193,11 +1194,13 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
||||||
if (atomicio(vwrite, ssh_packet_get_connection_out(ssh),
|
if (atomicio(vwrite, ssh_packet_get_connection_out(ssh),
|
||||||
sshbuf_mutable_ptr(our_version),
|
sshbuf_mutable_ptr(our_version),
|
||||||
sshbuf_len(our_version)) != sshbuf_len(our_version)) {
|
sshbuf_len(our_version)) != sshbuf_len(our_version)) {
|
||||||
error("%s: write: %.100s", __func__, strerror(errno));
|
oerrno = errno;
|
||||||
|
debug("%s: write: %.100s", __func__, strerror(errno));
|
||||||
r = SSH_ERR_SYSTEM_ERROR;
|
r = SSH_ERR_SYSTEM_ERROR;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
if ((r = sshbuf_consume_end(our_version, 2)) != 0) { /* trim \r\n */
|
if ((r = sshbuf_consume_end(our_version, 2)) != 0) { /* trim \r\n */
|
||||||
|
oerrno = errno;
|
||||||
error("%s: sshbuf_consume_end: %s", __func__, ssh_err(r));
|
error("%s: sshbuf_consume_end: %s", __func__, ssh_err(r));
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -1233,6 +1236,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
||||||
r = SSH_ERR_CONN_TIMEOUT;
|
r = SSH_ERR_CONN_TIMEOUT;
|
||||||
goto out;
|
goto out;
|
||||||
} else if (r == -1) {
|
} else if (r == -1) {
|
||||||
|
oerrno = errno;
|
||||||
error("%s: %s",
|
error("%s: %s",
|
||||||
__func__, strerror(errno));
|
__func__, strerror(errno));
|
||||||
r = SSH_ERR_SYSTEM_ERROR;
|
r = SSH_ERR_SYSTEM_ERROR;
|
||||||
|
@ -1248,6 +1252,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
||||||
r = SSH_ERR_CONN_CLOSED;
|
r = SSH_ERR_CONN_CLOSED;
|
||||||
goto out;
|
goto out;
|
||||||
} else if (len != 1) {
|
} else if (len != 1) {
|
||||||
|
oerrno = errno;
|
||||||
error("%s: read: %.100s",
|
error("%s: read: %.100s",
|
||||||
__func__, strerror(errno));
|
__func__, strerror(errno));
|
||||||
r = SSH_ERR_SYSTEM_ERROR;
|
r = SSH_ERR_SYSTEM_ERROR;
|
||||||
|
@ -1265,6 +1270,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
||||||
goto invalid;
|
goto invalid;
|
||||||
}
|
}
|
||||||
if ((r = sshbuf_put_u8(peer_version, c)) != 0) {
|
if ((r = sshbuf_put_u8(peer_version, c)) != 0) {
|
||||||
|
oerrno = errno;
|
||||||
error("%s: sshbuf_put: %s",
|
error("%s: sshbuf_put: %s",
|
||||||
__func__, ssh_err(r));
|
__func__, ssh_err(r));
|
||||||
goto out;
|
goto out;
|
||||||
|
@ -1365,6 +1371,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
||||||
free(our_version_string);
|
free(our_version_string);
|
||||||
free(peer_version_string);
|
free(peer_version_string);
|
||||||
free(remote_version);
|
free(remote_version);
|
||||||
|
if (r == SSH_ERR_SYSTEM_ERROR)
|
||||||
|
errno = oerrno;
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshconnect.c,v 1.328 2020/01/25 07:17:18 djm Exp $ */
|
/* $OpenBSD: sshconnect.c,v 1.329 2020/03/13 04:01:56 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -1276,6 +1276,7 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
|
||||||
{
|
{
|
||||||
char *host;
|
char *host;
|
||||||
char *server_user, *local_user;
|
char *server_user, *local_user;
|
||||||
|
int r;
|
||||||
|
|
||||||
local_user = xstrdup(pw->pw_name);
|
local_user = xstrdup(pw->pw_name);
|
||||||
server_user = options.user ? options.user : local_user;
|
server_user = options.user ? options.user : local_user;
|
||||||
|
@ -1285,8 +1286,8 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
|
||||||
lowercase(host);
|
lowercase(host);
|
||||||
|
|
||||||
/* Exchange protocol version identification strings with the server. */
|
/* Exchange protocol version identification strings with the server. */
|
||||||
if (kex_exchange_identification(ssh, timeout_ms, NULL) != 0)
|
if ((r = kex_exchange_identification(ssh, timeout_ms, NULL)) != 0)
|
||||||
cleanup_exit(255); /* error already logged */
|
sshpkt_fatal(ssh, r, "banner exchange");
|
||||||
|
|
||||||
/* Put the connection into non-blocking mode. */
|
/* Put the connection into non-blocking mode. */
|
||||||
ssh_packet_set_nonblocking(ssh);
|
ssh_packet_set_nonblocking(ssh);
|
||||||
|
|
7
sshd.c
7
sshd.c
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshd.c,v 1.551 2020/03/13 03:24:49 dtucker Exp $ */
|
/* $OpenBSD: sshd.c,v 1.552 2020/03/13 04:01:57 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -2155,8 +2155,9 @@ main(int ac, char **av)
|
||||||
if (!debug_flag)
|
if (!debug_flag)
|
||||||
alarm(options.login_grace_time);
|
alarm(options.login_grace_time);
|
||||||
|
|
||||||
if (kex_exchange_identification(ssh, -1, options.version_addendum) != 0)
|
if ((r = kex_exchange_identification(ssh, -1,
|
||||||
cleanup_exit(255); /* error already logged */
|
options.version_addendum)) != 0)
|
||||||
|
sshpkt_fatal(ssh, r, "banner exchange");
|
||||||
|
|
||||||
ssh_packet_set_nonblocking(ssh);
|
ssh_packet_set_nonblocking(ssh);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue