- (djm) OpenBSD CVS:

- markus@cvs.openbsd.org 2001/02/15 16:19:59 [channels.c channels.h serverloop.c sshconnect.c sshconnect.h] [sshconnect1.c sshconnect2.c] genericize password padding function for SSH1 and SSH2. add stylized echo to 2, too. - (djm) Add roundup() macro to defines.h
2025-07-26 23:34:55 +02:00 · 2001-02-16 12:34:57 +11:00 · 2001-02-16 12:34:57 +11:00 · 79438cc030
commit 79438cc030
parent 217f567187
9 changed files with 79 additions and 37 deletions
--- a/9
+++ b/9
@ -13,6 +13,13 @@
 - (djm) Ask users to check config.log when we can't find necessary libs
 - (djm) Set "login ID" on systems with setluid. Only enabled for SCO
   OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
 - (djm) OpenBSD CVS:
   - markus@cvs.openbsd.org  2001/02/15 16:19:59
     [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
     [sshconnect1.c sshconnect2.c]
     genericize password padding function for SSH1 and SSH2.
     add stylized echo to 2, too.
 - (djm) Add roundup() macro to defines.h
 20010215
 - (djm) Move PAM session setup back to before setuid to user. Fixes 
@ -3986,4 +3993,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.778 2001/02/16 01:12:41 djm Exp $
+$Id: ChangeLog,v 1.779 2001/02/16 01:34:57 djm Exp $
--- a/channels.c
+++ b/channels.c
@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.90 2001/02/08 21:58:28 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.91 2001/02/15 23:19:59 markus Exp $");
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
@ -193,6 +193,18 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
 	c->efd = efd;
 	c->extended_usage = extusage;
 	/* XXX ugly hack: nonblock is only set by the server */
 	if (nonblock && isatty(c->rfd)) {
 		debug("channel: %d: rfd %d isatty", c->self, c->rfd);
 		c->isatty = 1;
 		if (!isatty(c->wfd)) {
 			error("channel: %d: wfd %d is not a tty?",
 			    c->self, c->wfd);
 		}
 	} else {
 		c->isatty = 0;
 	}
 	/* enable nonblocking mode */
 	if (nonblock) {
 		if (rfd != -1)
@ -776,6 +788,21 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
 			}
 			return -1;
 		}
 		if (compat20 && c->isatty) {
 			struct termios tio;
 			if (tcgetattr(c->wfd, &tio) == 0 &&
 			    !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
 				/*
 				 * Simulate echo to reduce the impact of
 				 * traffic analysis.
 				 */
 				packet_start(SSH2_MSG_IGNORE);
 				memset(buffer_ptr(&c->output), 0, len);
 				packet_put_string(buffer_ptr(&c->output), len);
 				packet_send();
 				debug("channel: %d simulate echo (%d)", c->self, len);
 			}
 		}
 		buffer_consume(&c->output, len);
 		if (compat20 && len > 0) {
 			c->local_consumed += len;
--- a/channels.h
+++ b/channels.h
@ -32,7 +32,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-/* RCSID("$OpenBSD: channels.h,v 1.26 2001/01/31 20:37:23 markus Exp $"); */
+/* RCSID("$OpenBSD: channels.h,v 1.27 2001/02/15 23:19:59 markus Exp $"); */
 #ifndef CHANNELS_H
 #define CHANNELS_H
@ -75,6 +75,7 @@ struct Channel {
 	int     wfd;		/* write fd */
 	int     efd;		/* extended fd */
 	int     sock;		/* sock fd */
 	int     isatty;		/* rfd is a tty */
 	Buffer  input;		/* data read from socket, to be sent over
 				 * encrypted connection */
 	Buffer  output;		/* data received over encrypted connection for
--- a/defines.h
+++ b/defines.h
@ -1,7 +1,7 @@
 #ifndef _DEFINES_H
 #define _DEFINES_H
-/* $Id: defines.h,v 1.54 2001/02/09 11:55:17 djm Exp $ */
+/* $Id: defines.h,v 1.55 2001/02/16 01:34:57 djm Exp $ */
 /* Some platforms need this for the _r() functions */
 #if !defined(_REENTRANT) && !defined(SNI)
@ -12,7 +12,7 @@
 #include <sys/types.h> /* For [u]intxx_t */
 #include <sys/socket.h> /* For SHUT_XXXX */
-#include <sys/param.h> /* For MAXPATHLEN */
+#include <sys/param.h> /* For MAXPATHLEN and roundup() */
 #include <netinet/in_systm.h> /* For typedefs */
 #include <netinet/in.h> /* For IPv6 macros */
 #include <netinet/ip.h> /* For IPTOS macros */
@ -318,15 +318,19 @@ struct winsize {
 # define MIN(a,b) (((a)<(b))?(a):(b))
 #endif
 #ifndef roundup
 # define roundup(x, y)   ((((x)+((y)-1))/(y))*(y))
 #endif
 #ifndef timersub
-#define timersub(a, b, result)										  \
+#define timersub(a, b, result)					\
-   do {																		  \
+   do {								\
-      (result)->tv_sec = (a)->tv_sec - (b)->tv_sec;           \
+      (result)->tv_sec = (a)->tv_sec - (b)->tv_sec;		\
-      (result)->tv_usec = (a)->tv_usec - (b)->tv_usec;        \
+      (result)->tv_usec = (a)->tv_usec - (b)->tv_usec;		\
-      if ((result)->tv_usec < 0) {                            \
+      if ((result)->tv_usec < 0) {				\
-	 --(result)->tv_sec;                                  \
+	 --(result)->tv_sec;					\
-	 (result)->tv_usec += 1000000;                        \
+	 (result)->tv_usec += 1000000;				\
-      }                                                       \
+      }								\
   } while (0)
 #endif
--- a/serverloop.c
+++ b/serverloop.c
@ -35,7 +35,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.48 2001/02/15 08:38:04 deraadt Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.49 2001/02/15 23:19:59 markus Exp $");
 #include "xmalloc.h"
 #include "packet.h"
@ -339,7 +339,7 @@ process_output(fd_set * writeset)
 		} else {
 			/* Successful write. */
 			if (tcgetattr(fdin, &tio) == 0 &&
-			    !(tio.c_lflag & ECHO)) {
+			    !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
 				/*
 				 * Simulate echo to reduce the impact of
 				 * traffic analysis
--- a/sshconnect.c
+++ b/sshconnect.c
@ -13,7 +13,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.96 2001/02/08 22:35:30 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.97 2001/02/15 23:19:59 markus Exp $");
 #include <openssl/bn.h>
@ -770,3 +770,18 @@ ssh_login(int host_key_valid, RSA *own_host_key, const char *orighost,
 		ssh_userauth(local_user, server_user, host, host_key_valid, own_host_key);
 	}
 }
 void
 ssh_put_password(char *password)
 {
 	int size;
 	char *padded;
 	size = roundup(strlen(password) + 1, 32);
 	padded = xmalloc(size);
 	memset(padded, 0, size);
 	strlcpy(padded, password, size);
 	packet_put_string(padded, size);
 	memset(padded, 0, size);
 	xfree(padded);
 }
--- a/sshconnect.h
+++ b/sshconnect.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: sshconnect.h,v 1.5 2001/01/29 01:58:18 niklas Exp $	*/
+/*	$OpenBSD: sshconnect.h,v 1.6 2001/02/15 23:19:59 markus Exp $	*/
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@ -66,4 +66,6 @@ ssh_userauth(const char * local_user, const char * server_user, char *host,
 void	ssh_kex2(char *host, struct sockaddr *hostaddr);
 void	ssh_userauth2(const char *server_user, char *host);
 void	ssh_put_password(char *password);
 #endif
--- a/sshconnect1.c
+++ b/sshconnect1.c
@ -13,7 +13,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.26 2001/02/12 12:45:06 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.27 2001/02/15 23:19:59 markus Exp $");
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@ -51,20 +51,6 @@ u_int supported_authentications = 0;
 extern Options options;
 extern char *__progname;
 void
 ssh1_put_password(char *password)
 {
 	int size;
 	char *padded;
 	size = roundup(strlen(password) + 1, 32);
 	padded = xmalloc(size);
 	strlcpy(padded, password, size);
 	packet_put_string(padded, size);
 	memset(padded, 0, size);
 	xfree(padded);
 }
 /*
 * Checks if the user has an authentication agent, and if so, tries to
 * authenticate using the agent.
@ -672,7 +658,7 @@ try_challenge_reponse_authentication(void)
 			break;
 		}
 		packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
-		ssh1_put_password(response);
+		ssh_put_password(response);
 		memset(response, 0, strlen(response));
 		xfree(response);
 		packet_send();
@ -705,7 +691,7 @@ try_password_authentication(char *prompt)
 			error("Permission denied, please try again.");
 		password = read_passphrase(prompt, 0);
 		packet_start(SSH_CMSG_AUTH_PASSWORD);
-		ssh1_put_password(password);
+		ssh_put_password(password);
 		memset(password, 0, strlen(password));
 		xfree(password);
 		packet_send();
--- a/sshconnect2.c
+++ b/sshconnect2.c
@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.47 2001/02/11 12:59:25 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.48 2001/02/15 23:19:59 markus Exp $");
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@ -658,7 +658,7 @@ userauth_passwd(Authctxt *authctxt)
 	packet_put_cstring(authctxt->service);
 	packet_put_cstring(authctxt->method->name);
 	packet_put_char(0);
-	packet_put_cstring(password);
+	ssh_put_password(password);
 	memset(password, 0, strlen(password));
 	xfree(password);
 	packet_send();
@ -928,7 +928,7 @@ input_userauth_info_req(int type, int plen, void *ctxt)
 		response = cli_prompt(prompt, echo);
-		packet_put_cstring(response);
+		ssh_put_password(response);
 		memset(response, 0, strlen(response));
 		xfree(response);
 		xfree(prompt);