summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-03-05 06:28:06 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-03-05 06:28:06 +0000
commite229b25a9efc4924f9b45a34de0aef491ae35d09 (patch)
tree168b2a8e9d3615a86d39fd9d57b78053fc360b45
parent941ac82e1624e7d7bb7091785ca525889738420b (diff)
- markus@cvs.openbsd.org 2001/02/28 21:27:48
[channels.c packet.c packet.h serverloop.c] use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message use random content in ignore messages.
-rw-r--r--ChangeLog6
-rw-r--r--channels.c12
-rw-r--r--packet.c16
-rw-r--r--packet.h5
-rw-r--r--serverloop.c6
5 files changed, 29 insertions, 16 deletions
diff --git a/ChangeLog b/ChangeLog
index a2eaf69b6..2cdd9997f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -85,6 +85,10 @@
85 - markus@cvs.openbsd.org 2001/02/28 21:21:41 85 - markus@cvs.openbsd.org 2001/02/28 21:21:41
86 [sshd.c] 86 [sshd.c]
87 generate a fake session id, too 87 generate a fake session id, too
88 - markus@cvs.openbsd.org 2001/02/28 21:27:48
89 [channels.c packet.c packet.h serverloop.c]
90 use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
91 use random content in ignore messages.
88 92
8920010304 9320010304
90 - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid. 94 - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
@@ -4277,4 +4281,4 @@
4277 - Wrote replacements for strlcpy and mkdtemp 4281 - Wrote replacements for strlcpy and mkdtemp
4278 - Released 1.0pre1 4282 - Released 1.0pre1
4279 4283
4280$Id: ChangeLog,v 1.876 2001/03/05 06:25:23 mouring Exp $ 4284$Id: ChangeLog,v 1.877 2001/03/05 06:28:06 mouring Exp $
diff --git a/channels.c b/channels.c
index d1c90b4ac..defe5ecba 100644
--- a/channels.c
+++ b/channels.c
@@ -40,7 +40,7 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: channels.c,v 1.94 2001/02/28 12:55:07 markus Exp $"); 43RCSID("$OpenBSD: channels.c,v 1.95 2001/02/28 21:27:48 markus Exp $");
44 44
45#include <openssl/rsa.h> 45#include <openssl/rsa.h>
46#include <openssl/dsa.h> 46#include <openssl/dsa.h>
@@ -768,6 +768,7 @@ channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
768int 768int
769channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) 769channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
770{ 770{
771 struct termios tio;
771 int len; 772 int len;
772 773
773 /* Send buffered output data to the socket. */ 774 /* Send buffered output data to the socket. */
@@ -789,16 +790,15 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
789 return -1; 790 return -1;
790 } 791 }
791 if (compat20 && c->isatty) { 792 if (compat20 && c->isatty) {
792 struct termios tio;
793 if (tcgetattr(c->wfd, &tio) == 0 && 793 if (tcgetattr(c->wfd, &tio) == 0 &&
794 !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) { 794 !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
795 /* 795 /*
796 * Simulate echo to reduce the impact of 796 * Simulate echo to reduce the impact of
797 * traffic analysis. 797 * traffic analysis. We need too match the
798 * size of a SSH2_MSG_CHANNEL_DATA message
799 * (4 byte channel id + data)
798 */ 800 */
799 packet_start(SSH2_MSG_IGNORE); 801 packet_send_ignore(4 + len);
800 memset(buffer_ptr(&c->output), 0, len);
801 packet_put_string(buffer_ptr(&c->output), len);
802 packet_send(); 802 packet_send();
803 } 803 }
804 } 804 }
diff --git a/packet.c b/packet.c
index 26abf0e1a..a1a5d8a76 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: packet.c,v 1.53 2001/02/28 09:57:06 markus Exp $"); 40RCSID("$OpenBSD: packet.c,v 1.54 2001/02/28 21:27:47 markus Exp $");
41 41
42#include "xmalloc.h" 42#include "xmalloc.h"
43#include "buffer.h" 43#include "buffer.h"
@@ -1321,8 +1321,7 @@ packet_set_maxsize(int s)
1321void 1321void
1322packet_inject_ignore(int sumlen) 1322packet_inject_ignore(int sumlen)
1323{ 1323{
1324 u_int32_t rand = 0; 1324 int blocksize, padlen, have, need, nb, mini, nbytes;
1325 int i, blocksize, padlen, have, need, nb, mini, nbytes;
1326 Enc *enc = NULL; 1325 Enc *enc = NULL;
1327 1326
1328 if (use_ssh2_packet_format == 0) 1327 if (use_ssh2_packet_format == 0)
@@ -1350,7 +1349,16 @@ packet_inject_ignore(int sumlen)
1350 1349
1351 /* enqueue current message and append a ignore message */ 1350 /* enqueue current message and append a ignore message */
1352 packet_send(); 1351 packet_send();
1353 packet_start(SSH2_MSG_IGNORE); 1352 packet_send_ignore(nbytes);
1353}
1354
1355void
1356packet_send_ignore(int nbytes)
1357{
1358 u_int32_t rand = 0;
1359 int i;
1360
1361 packet_start(compat20 ? SSH2_MSG_IGNORE : SSH_MSG_IGNORE);
1354 packet_put_int(nbytes); 1362 packet_put_int(nbytes);
1355 for(i = 0; i < nbytes; i++) { 1363 for(i = 0; i < nbytes; i++) {
1356 if (i % 4 == 0) 1364 if (i % 4 == 0)
diff --git a/packet.h b/packet.h
index 059bb27a0..e5432714e 100644
--- a/packet.h
+++ b/packet.h
@@ -11,7 +11,7 @@
11 * called by a name other than "ssh" or "Secure Shell". 11 * called by a name other than "ssh" or "Secure Shell".
12 */ 12 */
13 13
14/* RCSID("$OpenBSD: packet.h,v 1.20 2001/02/28 09:57:07 markus Exp $"); */ 14/* RCSID("$OpenBSD: packet.h,v 1.21 2001/02/28 21:27:47 markus Exp $"); */
15 15
16#ifndef PACKET_H 16#ifndef PACKET_H
17#define PACKET_H 17#define PACKET_H
@@ -215,6 +215,9 @@ void packet_set_ssh2_format(void);
215int packet_remaining(void); 215int packet_remaining(void);
216 216
217/* append an ignore message */ 217/* append an ignore message */
218void packet_send_ignore(int nbytes);
219
220/* add an ignore message and make sure size (current+ignore) = n*sumlen */
218void packet_inject_ignore(int sumlen); 221void packet_inject_ignore(int sumlen);
219 222
220#endif /* PACKET_H */ 223#endif /* PACKET_H */
diff --git a/serverloop.c b/serverloop.c
index 651d3feb5..285f314eb 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: serverloop.c,v 1.51 2001/02/23 15:34:53 markus Exp $"); 38RCSID("$OpenBSD: serverloop.c,v 1.52 2001/02/28 21:27:48 markus Exp $");
39 39
40#include "xmalloc.h" 40#include "xmalloc.h"
41#include "packet.h" 41#include "packet.h"
@@ -345,9 +345,7 @@ process_output(fd_set * writeset)
345 * Simulate echo to reduce the impact of 345 * Simulate echo to reduce the impact of
346 * traffic analysis 346 * traffic analysis
347 */ 347 */
348 packet_start(SSH_MSG_IGNORE); 348 packet_send_ignore(len);
349 memset(buffer_ptr(&stdin_buffer), 0, len);
350 packet_put_string(buffer_ptr(&stdin_buffer), len);
351 packet_send(); 349 packet_send();
352 } 350 }
353 /* Consume the data from the buffer. */ 351 /* Consume the data from the buffer. */