Commit Graph

126 Commits

Author SHA1 Message Date
dtucker@openbsd.org 9641753e0f
upstream: Refactor creation of KEX proposal.
This adds kex_proposal_populate_entries (and corresponding free) which
populates the KEX proposal array with dynamically allocated strings.
This replaces the previous mix of static and dynamic that has been the
source of previous leaks and bugs.  Remove unused compat functions.
With & ok djm@.

OpenBSD-Commit-ID: f2f99da4aae2233cb18bf9c749320c5e040a9c7b
2023-03-06 23:31:52 +11:00
dtucker@openbsd.org 2a7e344990
upstream: Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code
to set this was removed in OpenSSH 7.7 when support for SSH implementations
dating back to before RFC standardization were removed.  "burn it all" djm@

OpenBSD-Commit-ID: 6330935fbe23dd00be79891505e06d1ffdac7cda
2023-02-17 15:43:57 +11:00
dtucker@openbsd.org 0833ccf2c8
upstream: Remove now-unused compat bit SSH_BUG_BIGENDIANAES. This
was previously set for OpenSSH 2.3 (released in 2000) but this check was
removed in OpenSSH 7.7 (2018).  ok djm@ deraadt@

OpenBSD-Commit-ID: 326426ea328707fc9e83305291ab135c87f678af
2023-02-17 15:43:54 +11:00
dtucker@openbsd.org 6835015240
upstream: Remove SSH_BUG_PASSWORDPAD compat bit
since it's no longer used. ok markus@

OpenBSD-Commit-ID: b92c21f56fe4b7f9a54790d6a9650725c226820b
2023-02-16 21:33:00 +11:00
dtucker@openbsd.org 537cccd804
upstream: Remove SSH_BUG_IGNOREMSG compat flag
since it's only applicable to SSH1 and thus no longer used.  ok markus@
"kill it with fire" djm@

OpenBSD-Commit-ID: ea13318b1937795d9db4790d3ce0a6ed01584dab
2023-02-16 21:12:07 +11:00
djm@openbsd.org 12da782333
upstream: fix double-free caused by compat_kex_proposal(); bz3522
by dtucker@, ok me

OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80
2023-02-02 23:14:09 +11:00
dtucker@openbsd.org 486c4dc3b8 upstream: Always return allocated strings from the kex filtering so
that we can free them later.  Fix one leak in compat_kex_proposal.  Based on
github PR#324 from ZoltanFridrich with some simplications by me. ok djm@

OpenBSD-Commit-ID: 9171616da3307612d0ede086fd511142f91246e4
2022-07-01 13:41:16 +10:00
djm@openbsd.org b344db7a41 upstream: openssh-7.4 was incorrectly listed twice; spotted by
Dmitry Belyavskiy, ok dtucker@

OpenBSD-Commit-ID: 4b823ae448f6e899927ce7b04225ac9e489f58ef
2021-09-10 20:34:09 +10:00
djm@openbsd.org 4265215d73 upstream: Client-side workaround for a bug in OpenSSH 7.4: this release
allows RSA/SHA2 signatures for public key authentication but fails to
advertise this correctly via SSH2_MSG_EXT_INFO. This causes clients of these
server to incorrectly match PubkeyAcceptedAlgorithms and potentially refuse
to offer valid keys.

Reported by and based on patch from Gordon Messmer via bz3213, thanks
also for additional analysis by Jakub Jelen. ok dtucker

OpenBSD-Commit-ID: d6d0b7351d5d44c45f3daaa26efac65847a564f7
2021-06-06 13:41:36 +10:00
djm@openbsd.org 4ca6a1fac3 upstream: remove global variable used to stash compat flags and use the
purpose-built ssh->compat variable instead; feedback/ok markus@

OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
2021-01-27 20:28:25 +11:00
djm@openbsd.org 816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
djm@openbsd.org 6d755706a0 upstream: some language improvements; ok markus
OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8
2020-07-15 15:07:42 +10:00
dtucker@openbsd.org b458423a38 upstream: Remove now-unused proto_spec and associated definitions.
ok djm@

OpenBSD-Commit-ID: 2e2b18e3aa6ee22a7b69c39f2d3bd679ec35c362
2020-06-04 11:03:39 +10:00
djm@openbsd.org c3903c38b0 upstream: revert compat.[ch] section of the following change. It
causes double-free under some circumstances.

--

date: 2018/07/31 03:07:24;  author: djm;  state: Exp;  lines: +33 -18;  commitid: f7g4UI8eeOXReTPh;
fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366
feedback and ok dtucker@

OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137
2018-08-13 12:42:13 +10:00
djm@openbsd.org 1a66079c06 upstream: fix some memory leaks spotted by Coverity via Jakub Jelen
in bz#2366 feedback and ok dtucker@

OpenBSD-Commit-ID: 8402bbae67d578bedbadb0ce68ff7c5a136ef563
2018-07-31 13:13:26 +10:00
markus@openbsd.org cecee2d607 upstream: client: switch to sshbuf API; ok djm@
OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05
2018-07-10 15:14:26 +10:00
djm@openbsd.org 312d2f2861 upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA
signature work - returns ability to add/remove/specify algorithms by
wildcard.

Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.

Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.

(lots of) feedback, ok markus@

OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207
2018-07-04 23:51:52 +10:00
djm@openbsd.org 2f30300c5e upstream: crank version number to 7.8; needed for new compat flag
for prior version; part of RSA-SHA2 strictification, ok markus@

OpenBSD-Commit-ID: 84a11fc0efd2674c050712336b5093f5d408e32b
2018-07-03 23:26:47 +10:00
djm@openbsd.org 4ba0d54794 upstream: Improve strictness and control over RSA-SHA2 signature
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.

In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.

Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.

Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.

feedback and ok markus@

OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
2018-07-03 23:26:36 +10:00
djm@openbsd.org a575ddd588 upstream: Disable SSH2_MSG_DEBUG messages for Twisted Conch clients
without version numbers since they choke on them under some circumstances.
https://twistedmatrix.com/trac/ticket/9422 via Colin Watson

Newer Conch versions have a version number in their ident string and
handle debug messages okay. https://twistedmatrix.com/trac/ticket/9424

OpenBSD-Commit-ID: 6cf7be262af0419c58ddae11324d9c0dc1577539
2018-04-17 08:51:51 +10:00
dtucker@openbsd.org 8570177195 upstream: Don't send IUTF8 to servers that don't like them.
Some SSH servers eg "ConfD" drop the connection if the client sends the
new IUTF8 (RFC8160) terminal mode even if it's not set.  Add a bug bit
for such servers and avoid sending IUTF8 to them.  ok djm@

OpenBSD-Commit-ID: 26425855402d870c3c0a90491e72e2a8a342ceda
2018-02-16 23:25:48 +11:00
djm@openbsd.org 14b5c635d1 upstream commit
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.

These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.

ok markus@

OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
2018-01-23 16:40:29 +11:00
dtucker@openbsd.org 2985d4062e upstream commit
Make WinSCP patterns for SSH_OLD_DHGEX more specific to
exclude WinSCP 5.10.x and up.  bz#2748, from martin at winscp.net, ok djm@

Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a
2017-07-28 13:08:37 +10:00
djm@openbsd.org 97f4d3083b upstream commit
remove compat20/compat13/compat15 variables

ok markus@

Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c
2017-05-01 09:42:37 +10:00
djm@openbsd.org 99f95ba826 upstream commit
remove options.protocol and client Protocol
configuration knob

ok markus@

Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366
2017-05-01 09:38:46 +10:00
djm@openbsd.org 56912dea6e upstream commit
unifdef WITH_SSH1 ok markus@

Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
2017-05-01 09:37:40 +10:00
djm@openbsd.org 68bc8cfa76 upstream commit
support =- for removing methods from algorithms lists,
e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
it" markus@

Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
2017-02-04 10:08:15 +11:00
dtucker@openbsd.org 7ec4946fb6 upstream commit
Back out 'plug memleak'.

Upstream-ID: 4faacdde136c24a961e24538de373660f869dbc0
2016-06-06 11:25:37 +10:00
dtucker@openbsd.org a0cb7778fb upstream commit
Plug mem leak in filter_proposal.  ok djm@

Upstream-ID: bf968da7cfcea2a41902832e7d548356a4e2af34
2016-06-06 11:25:37 +10:00
djm@openbsd.org 8543d4ef6f upstream commit
Better compat matching for WinSCP, add compat matching
 for FuTTY (fork of PuTTY); ok markus@ deraadt@

Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389
2015-08-20 13:07:42 +10:00
djm@openbsd.org b6ea0e5730 upstream commit
add Cisco to the list of clients that choke on the
 hostkeys update extension. Pointed out by Howard Kash

Upstream-ID: c9eadde28ecec056c73d09ee10ba4570dfba7e84
2015-07-29 19:35:41 +10:00
dtucker@openbsd.org b1dc2b3368 upstream commit
Add "PuTTY_Local:" to the clients to which we do not
 offer DH-GEX. This was the string that was used for development versions
 prior to September 2014 and they don't do RFC4419 DH-GEX, but unfortunately
 there are some extant products based on those versions.  bx2424 from Jay
 Rouman, ok markus@ djm@

Upstream-ID: be34d41e18b966832fe09ca243d275b81882e1d5
2015-07-15 15:38:02 +10:00
dtucker@openbsd.org b282fec1aa upstream commit
Cap DH-GEX group size at 4kbits for Cisco implementations.
 Some of them will choke when asked for preferred sizes >4k instead of
 returning the 4k group that they do have.  bz#2209, ok djm@

Upstream-ID: 54b863a19713446b7431f9d06ad0532b4fcfef8d
2015-05-27 13:47:19 +10:00
djm@openbsd.org e661a86353 upstream commit
Remove pattern length argument from match_pattern_list(), we
 only ever use it for strlen(pattern).

Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.

ok markus@
2015-05-10 11:38:04 +10:00
dtucker@openbsd.org ea139507be upstream commit
Blacklist DH-GEX for specific PuTTY versions known to
 send non-RFC4419 DH-GEX messages rather than all versions of PuTTY.
 According to Simon Tatham, 0.65 and newer versions will send RFC4419 DH-GEX
 messages.  ok djm@
2015-05-08 13:32:57 +10:00
dtucker@openbsd.org b58234f00e upstream commit
WinSCP doesn't implement RFC4419 DH-GEX so flag it so we
 don't offer that KEX method.  ok markus@
2015-05-08 13:32:56 +10:00
djm@openbsd.org 318be28cda upstream commit
deprecate ancient, pre-RFC4419 and undocumented
 SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems
 reasonable" dtucker@
2015-04-13 14:37:20 +10:00
dtucker@openbsd.org d8f391caef upstream commit
Don't send hostkey advertisments
 (hostkeys-00@openssh.com) to current versions of Tera Term as they can't
 handle them.  Newer versions should be OK.  Patch from Bryan Drewery and
 IWAMOTO Kouichi, ok djm@
2015-04-13 14:37:19 +10:00
djm@openbsd.org 4492a4f222 upstream commit
treat Protocol=1,2|2,1 as Protocol=2 when compiled
 without SSH1 support; ok dtucker@ millert@
2015-04-13 14:37:17 +10:00
markus@openbsd.org 48b3b2ba75 upstream commit
store compat flags in struct ssh; ok djm@
2015-01-20 09:19:40 +11:00
djm@openbsd.org 5c0dafd38b upstream commit
another -Wpointer-sign from clang
2014-10-13 11:39:23 +11:00
Damien Miller b628cc4c3e - djm@cvs.openbsd.org 2014/04/20 02:49:32
[compat.c]
     add a canonical 6.6 + curve25519 bignum fix fake version that I can
     recommend people use ahead of the openssh-6.7 release
2014-04-20 13:33:58 +10:00
Damien Miller 0e6b67423b - djm@cvs.openbsd.org 2014/04/19 05:54:59
[compat.c]
     missing wildcard; pointed out by naddy@
2014-04-20 13:27:01 +10:00
Damien Miller 9395b28223 - djm@cvs.openbsd.org 2014/04/18 23:52:25
[compat.c compat.h sshconnect2.c sshd.c version.h]
     OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
     using the curve25519-sha256@libssh.org KEX exchange method to fail
     when connecting with something that implements the spec properly.

     Disable this KEX method when speaking to one of the affected
     versions.

     reported by Aris Adamantiadis; ok markus@
2014-04-20 13:25:30 +10:00
Damien Miller 324541e526 - djm@cvs.openbsd.org 2013/12/30 23:52:28
[auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c]
     [sshconnect.c sshconnect2.c sshd.c]
     refuse RSA keys from old proprietary clients/servers that use the
     obsolete RSA+MD5 signature scheme. it will still be possible to connect
     with these clients/servers but only DSA keys will be accepted, and we'll
     deprecate them entirely in a future release. ok markus@
2013-12-31 12:25:40 +11:00
Darren Tucker a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Darren Tucker 00c1518a4d - djm@cvs.openbsd.org 2012/08/17 01:30:00
[compat.c sshconnect.c]
     Send client banner immediately, rather than waiting for the server to
     move first for SSH protocol 2 connections (the default). Patch based on
     one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
2012-09-06 21:21:56 +10:00
Darren Tucker 68afb8c5f2 - markus@cvs.openbsd.org 2011/09/23 07:45:05
[mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c     version.h]
     unbreak remote portforwarding with dynamic allocated listen ports:
     1) send the actual listen port in the open message (instead of 0).
        this allows multiple forwardings with a dynamic listen port
     2) update the matching permit-open entry, so we can identify where
        to connect to
     report: den at skbkontur.ru and P. Szczygielski
     feedback and ok djm@
2011-10-02 18:59:03 +11:00
Damien Miller 456e6f0ebb - markus@cvs.openbsd.org 2008/09/11 14:22:37
[compat.c compat.h nchan.c ssh.c]
     only send eow and no-more-sessions requests to openssh 5 and newer;
     fixes interop problems with broken ssh v2 implementations; ok djm@
2008-11-03 19:20:10 +11:00
Damien Miller 1ec462658e - djm@cvs.openbsd.org 2006/12/12 03:58:42
[channels.c compat.c compat.h]
     bz #1019: some ssh.com versions apparently can't cope with the
     remote port forwarding bind_address being a hostname, so send
     them an address for cases where they are not explicitly
     specified (wildcard or localhost bind).  reported by daveroth AT
     acm.org; ok dtucker@ deraadt@
2007-01-05 16:26:45 +11:00