summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-01-23 05:27:21 +0000
committerDamien Miller <djm@mindrot.org>2018-01-23 16:40:29 +1100
commit14b5c635d1190633b23ac3372379517fb645b0c2 (patch)
tree8ef70b4660b04ba6add4c314d52f84375cb16788
parent7c77991f5de5d8475cbeb7cbb06d0c7d1611d7bb (diff)
upstream commit
Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@ OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
Diffstat
-rw-r--r--auth2-hostbased.c8
-rw-r--r--auth2-pubkey.c47
-rw-r--r--auth2.c4
-rw-r--r--authfd.c4
-rw-r--r--channels.c45
-rw-r--r--clientloop.c15
-rw-r--r--compat.c71
-rw-r--r--compat.h28
-rw-r--r--kex.c8
-rw-r--r--monitor.c21
-rw-r--r--serverloop.c8
-rw-r--r--ssh-agent.c4
-rw-r--r--ssh-dss.c81
-rw-r--r--ssh.c4
-rw-r--r--sshconnect.c5
-rw-r--r--sshconnect2.c55
-rw-r--r--sshd.c6
17 files changed, 111 insertions, 303 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 8112cfaa3..8996f7e05 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-hostbased.c,v 1.32 2017/12/18 02:25:15 djm Exp $ */ 1/* $OpenBSD: auth2-hostbased.c,v 1.33 2018/01/23 05:27:21 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -62,7 +62,7 @@ userauth_hostbased(struct ssh *ssh)
62 Authctxt *authctxt = ssh->authctxt; 62 Authctxt *authctxt = ssh->authctxt;
63 struct sshbuf *b; 63 struct sshbuf *b;
64 struct sshkey *key = NULL; 64 struct sshkey *key = NULL;
65 char *pkalg, *cuser, *chost, *service; 65 char *pkalg, *cuser, *chost;
66 u_char *pkblob, *sig; 66 u_char *pkblob, *sig;
67 size_t alen, blen, slen; 67 size_t alen, blen, slen;
68 int r, pktype, authenticated = 0; 68 int r, pktype, authenticated = 0;
@@ -118,15 +118,13 @@ userauth_hostbased(struct ssh *ssh)
118 goto done; 118 goto done;
119 } 119 }
120 120
121 service = ssh->compat & SSH_BUG_HBSERVICE ? "ssh-userauth" :
122 authctxt->service;
123 if ((b = sshbuf_new()) == NULL) 121 if ((b = sshbuf_new()) == NULL)
124 fatal("%s: sshbuf_new failed", __func__); 122 fatal("%s: sshbuf_new failed", __func__);
125 /* reconstruct packet */ 123 /* reconstruct packet */
126 if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || 124 if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
127 (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || 125 (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
128 (r = sshbuf_put_cstring(b, authctxt->user)) != 0 || 126 (r = sshbuf_put_cstring(b, authctxt->user)) != 0 ||
129 (r = sshbuf_put_cstring(b, service)) != 0 || 127 (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
130 (r = sshbuf_put_cstring(b, "hostbased")) != 0 || 128 (r = sshbuf_put_cstring(b, "hostbased")) != 0 ||
131 (r = sshbuf_put_string(b, pkalg, alen)) != 0 || 129 (r = sshbuf_put_string(b, pkalg, alen)) != 0 ||
132 (r = sshbuf_put_string(b, pkblob, blen)) != 0 || 130 (r = sshbuf_put_string(b, pkblob, blen)) != 0 ||
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 0713a9de8..e64982283 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.74 2017/12/21 00:00:28 djm Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.75 2018/01/23 05:27:21 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -100,26 +100,10 @@ userauth_pubkey(struct ssh *ssh)
100 debug2("%s: disabled because of invalid user", __func__); 100 debug2("%s: disabled because of invalid user", __func__);
101 return 0; 101 return 0;
102 } 102 }
103 if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0) 103 if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
104 fatal("%s: sshpkt_get_u8 failed: %s", __func__, ssh_err(r)); 104 (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
105 if (ssh->compat & SSH_BUG_PKAUTH) { 105 (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
106 debug2("%s: SSH_BUG_PKAUTH", __func__); 106 fatal("%s: parse request failed: %s", __func__, ssh_err(r));
107 if ((b = sshbuf_new()) == NULL)
108 fatal("%s: sshbuf_new failed", __func__);
109 /* no explicit pkalg given */
110 /* so we have to extract the pkalg from the pkblob */
111 /* XXX use sshbuf_from() */
112 if ((r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 ||
113 (r = sshbuf_put(b, pkblob, blen)) != 0 ||
114 (r = sshbuf_get_cstring(b, &pkalg, NULL)) != 0)
115 fatal("%s: failed: %s", __func__, ssh_err(r));
116 sshbuf_free(b);
117 } else {
118 if ((r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
119 (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
120 fatal("%s: sshpkt_get_cstring failed: %s",
121 __func__, ssh_err(r));
122 }
123 pktype = sshkey_type_from_name(pkalg); 107 pktype = sshkey_type_from_name(pkalg);
124 if (pktype == KEY_UNSPEC) { 108 if (pktype == KEY_UNSPEC) {
125 /* this is perfectly legal */ 109 /* this is perfectly legal */
@@ -188,22 +172,11 @@ userauth_pubkey(struct ssh *ssh)
188 authctxt->style ? authctxt->style : ""); 172 authctxt->style ? authctxt->style : "");
189 if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || 173 if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
190 (r = sshbuf_put_cstring(b, userstyle)) != 0 || 174 (r = sshbuf_put_cstring(b, userstyle)) != 0 ||
191 (r = sshbuf_put_cstring(b, ssh->compat & SSH_BUG_PKSERVICE ? 175 (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
192 "ssh-userauth" : authctxt->service)) != 0) 176 (r = sshbuf_put_cstring(b, "publickey")) != 0 ||
193 fatal("%s: build packet failed: %s", 177 (r = sshbuf_put_u8(b, have_sig)) != 0 ||
194 __func__, ssh_err(r)); 178 (r = sshbuf_put_cstring(b, pkalg) != 0) ||
195 if (ssh->compat & SSH_BUG_PKAUTH) { 179 (r = sshbuf_put_string(b, pkblob, blen)) != 0)
196 if ((r = sshbuf_put_u8(b, have_sig)) != 0)
197 fatal("%s: build packet failed: %s",
198 __func__, ssh_err(r));
199 } else {
200 if ((r = sshbuf_put_cstring(b, "publickey")) != 0 ||
201 (r = sshbuf_put_u8(b, have_sig)) != 0 ||
202 (r = sshbuf_put_cstring(b, pkalg) != 0))
203 fatal("%s: build packet failed: %s",
204 __func__, ssh_err(r));
205 }
206 if ((r = sshbuf_put_string(b, pkblob, blen)) != 0)
207 fatal("%s: build packet failed: %s", 180 fatal("%s: build packet failed: %s",
208 __func__, ssh_err(r)); 181 __func__, ssh_err(r));
209#ifdef DEBUG_PK 182#ifdef DEBUG_PK
diff --git a/auth2.c b/auth2.c
index 862e09960..4f5b481c9 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2.c,v 1.143 2017/06/24 06:34:38 djm Exp $ */ 1/* $OpenBSD: auth2.c,v 1.144 2018/01/23 05:27:21 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -153,7 +153,7 @@ userauth_banner(void)
153{ 153{
154 char *banner = NULL; 154 char *banner = NULL;
155 155
156 if (options.banner == NULL || (datafellows & SSH_BUG_BANNER) != 0) 156 if (options.banner == NULL)
157 return; 157 return;
158 158
159 if ((banner = PRIVSEP(auth2_read_banner())) == NULL) 159 if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
diff --git a/authfd.c b/authfd.c
index a460fa350..ac635dff9 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfd.c,v 1.105 2017/07/01 13:50:45 djm Exp $ */ 1/* $OpenBSD: authfd.c,v 1.106 2018/01/23 05:27:21 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -353,8 +353,6 @@ ssh_agent_sign(int sock, const struct sshkey *key,
353 353
354 if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE) 354 if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE)
355 return SSH_ERR_INVALID_ARGUMENT; 355 return SSH_ERR_INVALID_ARGUMENT;
356 if (compat & SSH_BUG_SIGBLOB)
357 flags |= SSH_AGENT_OLD_SIGNATURE;
358 if ((msg = sshbuf_new()) == NULL) 356 if ((msg = sshbuf_new()) == NULL)
359 return SSH_ERR_ALLOC_FAIL; 357 return SSH_ERR_ALLOC_FAIL;
360 if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) 358 if ((r = sshkey_to_blob(key, &blob, &blen)) != 0)
diff --git a/channels.c b/channels.c
index c2706ace7..1c381e0e2 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.c,v 1.377 2017/12/05 01:30:19 djm Exp $ */ 1/* $OpenBSD: channels.c,v 1.378 2018/01/23 05:27:21 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1582,13 +1582,8 @@ channel_post_x11_listener(struct ssh *ssh, Channel *c,
1582 SSH_CHANNEL_OPENING, newsock, newsock, -1, 1582 SSH_CHANNEL_OPENING, newsock, newsock, -1,
1583 c->local_window_max, c->local_maxpacket, 0, buf, 1); 1583 c->local_window_max, c->local_maxpacket, 0, buf, 1);
1584 open_preamble(ssh, __func__, nc, "x11"); 1584 open_preamble(ssh, __func__, nc, "x11");
1585 if ((r = sshpkt_put_cstring(ssh, remote_ipaddr)) != 0) { 1585 if ((r = sshpkt_put_cstring(ssh, remote_ipaddr)) != 0 ||
1586 fatal("%s: channel %i: reply %s", __func__, 1586 (r = sshpkt_put_u32(ssh, remote_port)) != 0) {
1587 c->self, ssh_err(r));
1588 }
1589 if ((datafellows & SSH_BUG_X11FWD) != 0)
1590 debug2("channel %d: ssh2 x11 bug compat mode", nc->self);
1591 else if ((r = sshpkt_put_u32(ssh, remote_port)) != 0) {
1592 fatal("%s: channel %i: reply %s", __func__, 1587 fatal("%s: channel %i: reply %s", __func__,
1593 c->self, ssh_err(r)); 1588 c->self, ssh_err(r));
1594 } 1589 }
@@ -1824,15 +1819,13 @@ channel_post_connecting(struct ssh *ssh, Channel *c,
1824 if ((r = sshpkt_start(ssh, 1819 if ((r = sshpkt_start(ssh,
1825 SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 || 1820 SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 ||
1826 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || 1821 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
1827 (r = sshpkt_put_u32(ssh, SSH2_OPEN_CONNECT_FAILED)) 1822 (r = sshpkt_put_u32(ssh,
1828 != 0) 1823 SSH2_OPEN_CONNECT_FAILED)) != 0 ||
1829 fatal("%s: channel %i: failure: %s", __func__, 1824 (r = sshpkt_put_cstring(ssh, strerror(err))) != 0 ||
1830 c->self, ssh_err(r)); 1825 (r = sshpkt_put_cstring(ssh, "")) != 0) {
1831 if ((datafellows & SSH_BUG_OPENFAILURE) == 0 &&
1832 ((r = sshpkt_put_cstring(ssh, strerror(err))) != 0 ||
1833 (r = sshpkt_put_cstring(ssh, "")) != 0))
1834 fatal("%s: channel %i: failure: %s", __func__, 1826 fatal("%s: channel %i: failure: %s", __func__,
1835 c->self, ssh_err(r)); 1827 c->self, ssh_err(r));
1828 }
1836 if ((r = sshpkt_send(ssh)) != 0) 1829 if ((r = sshpkt_send(ssh)) != 0)
1837 fatal("%s: channel %i: %s", __func__, c->self, 1830 fatal("%s: channel %i: %s", __func__, c->self,
1838 ssh_err(r)); 1831 ssh_err(r));
@@ -3110,13 +3103,11 @@ channel_input_open_failure(int type, u_int32_t seq, struct ssh *ssh)
3110 error("%s: reason: %s", __func__, ssh_err(r)); 3103 error("%s: reason: %s", __func__, ssh_err(r));
3111 packet_disconnect("Invalid open failure message"); 3104 packet_disconnect("Invalid open failure message");
3112 } 3105 }
3113 if ((datafellows & SSH_BUG_OPENFAILURE) == 0) { 3106 /* skip language */
3114 /* skip language */ 3107 if ((r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 ||
3115 if ((r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 || 3108 (r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0) {
3116 (r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0) { 3109 error("%s: message/lang: %s", __func__, ssh_err(r));
3117 error("%s: message/lang: %s", __func__, ssh_err(r)); 3110 packet_disconnect("Invalid open failure message");
3118 packet_disconnect("Invalid open failure message");
3119 }
3120 } 3111 }
3121 ssh_packet_check_eom(ssh); 3112 ssh_packet_check_eom(ssh);
3122 logit("channel %d: open failed: %s%s%s", c->self, 3113 logit("channel %d: open failed: %s%s%s", c->self,
@@ -3664,15 +3655,9 @@ static const char *
3664channel_rfwd_bind_host(const char *listen_host) 3655channel_rfwd_bind_host(const char *listen_host)
3665{ 3656{
3666 if (listen_host == NULL) { 3657 if (listen_host == NULL) {
3667 if (datafellows & SSH_BUG_RFWD_ADDR) 3658 return "localhost";
3668 return "127.0.0.1";
3669 else
3670 return "localhost";
3671 } else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0) { 3659 } else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0) {
3672 if (datafellows & SSH_BUG_RFWD_ADDR) 3660 return "";
3673 return "0.0.0.0";
3674 else
3675 return "";
3676 } else 3661 } else
3677 return listen_host; 3662 return listen_host;
3678} 3663}
diff --git a/clientloop.c b/clientloop.c
index c187ae570..ed9bebdfa 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clientloop.c,v 1.309 2017/12/18 23:16:23 djm Exp $ */ 1/* $OpenBSD: clientloop.c,v 1.310 2018/01/23 05:27:21 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1541,12 +1541,7 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan)
1541 return NULL; 1541 return NULL;
1542 } 1542 }
1543 originator = packet_get_string(NULL); 1543 originator = packet_get_string(NULL);
1544 if (datafellows & SSH_BUG_X11FWD) { 1544 originator_port = packet_get_int();
1545 debug2("buggy server: x11 request w/o originator_port");
1546 originator_port = 0;
1547 } else {
1548 originator_port = packet_get_int();
1549 }
1550 packet_check_eom(); 1545 packet_check_eom();
1551 /* XXX check permission */ 1546 /* XXX check permission */
1552 debug("client_request_x11: request from %s %d", originator, 1547 debug("client_request_x11: request from %s %d", originator,
@@ -1678,10 +1673,8 @@ client_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
1678 packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); 1673 packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
1679 packet_put_int(rchan); 1674 packet_put_int(rchan);
1680 packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED); 1675 packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED);
1681 if (!(datafellows & SSH_BUG_OPENFAILURE)) { 1676 packet_put_cstring("open failed");
1682 packet_put_cstring("open failed"); 1677 packet_put_cstring("");
1683 packet_put_cstring("");
1684 }
1685 packet_send(); 1678 packet_send();
1686 } 1679 }
1687 free(ctype); 1680 free(ctype);
diff --git a/compat.c b/compat.c
index d82135e2b..89b302cca 100644
--- a/compat.c
+++ b/compat.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: compat.c,v 1.104 2017/07/25 09:22:25 dtucker Exp $ */ 1/* $OpenBSD: compat.c,v 1.105 2018/01/23 05:27:21 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
4 * 4 *
@@ -50,83 +50,20 @@ compat_datafellows(const char *version)
50 char *pat; 50 char *pat;
51 int bugs; 51 int bugs;
52 } check[] = { 52 } check[] = {
53 { "OpenSSH-2.0*,"
54 "OpenSSH-2.1*,"
55 "OpenSSH_2.1*,"
56 "OpenSSH_2.2*", SSH_OLD_SESSIONID|SSH_BUG_BANNER|
57 SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
58 SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
59 { "OpenSSH_2.3.0*", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES|
60 SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
61 SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
62 { "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX|
63 SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
64 SSH_OLD_FORWARD_ADDR},
65 { "OpenSSH_2.5.0p1*,"
66 "OpenSSH_2.5.1p1*",
67 SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX|
68 SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
69 SSH_OLD_FORWARD_ADDR},
70 { "OpenSSH_2.5.0*,"
71 "OpenSSH_2.5.1*,"
72 "OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
73 SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
74 { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
75 SSH_OLD_FORWARD_ADDR},
76 { "OpenSSH_2.*," 53 { "OpenSSH_2.*,"
77 "OpenSSH_3.0*," 54 "OpenSSH_3.0*,"
78 "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, 55 "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
79 { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR }, 56 { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR },
80 { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, 57 { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
81 { "OpenSSH_4*", 0 }, 58 { "OpenSSH_2*,"
59 "OpenSSH_3*,"
60 "OpenSSH_4*", 0 },
82 { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT}, 61 { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
83 { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH}, 62 { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH},
84 { "OpenSSH_6.5*," 63 { "OpenSSH_6.5*,"
85 "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD}, 64 "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
86 { "OpenSSH*", SSH_NEW_OPENSSH }, 65 { "OpenSSH*", SSH_NEW_OPENSSH },
87 { "*MindTerm*", 0 }, 66 { "*MindTerm*", 0 },
88 { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
89 SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
90 SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
91 SSH_BUG_FIRSTKEX },
92 { "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
93 SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
94 SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
95 SSH_BUG_FIRSTKEX },
96 { "2.0.13*,"
97 "2.0.14*,"
98 "2.0.15*,"
99 "2.0.16*,"
100 "2.0.17*,"
101 "2.0.18*,"
102 "2.0.19*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
103 SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
104 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
105 SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
106 SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE|
107 SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
108 { "2.0.11*,"
109 "2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
110 SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
111 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
112 SSH_BUG_PKAUTH|SSH_BUG_PKOK|
113 SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
114 SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
115 { "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
116 SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
117 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
118 SSH_BUG_PKAUTH|SSH_BUG_PKOK|
119 SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
120 SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN|
121 SSH_BUG_FIRSTKEX },
122 { "2.2.0*,"
123 "2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG|
124 SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX },
125 { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
126 SSH_BUG_FIRSTKEX },
127 { "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */
128 { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX|
129 SSH_BUG_RFWD_ADDR },
130 { "3.0.*", SSH_BUG_DEBUG }, 67 { "3.0.*", SSH_BUG_DEBUG },
131 { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, 68 { "3.0 SecureCRT*", SSH_OLD_SESSIONID },
132 { "1.7 SecureFX*", SSH_OLD_SESSIONID }, 69 { "1.7 SecureFX*", SSH_OLD_SESSIONID },
diff --git a/compat.h b/compat.h
index 2e7830f1b..246e6ee4c 100644
--- a/compat.h
+++ b/compat.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: compat.h,v 1.49 2017/04/30 23:13:25 djm Exp $ */ 1/* $OpenBSD: compat.h,v 1.50 2018/01/23 05:27:21 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
@@ -32,31 +32,31 @@
32#define SSH_PROTO_1_PREFERRED 0x02 32#define SSH_PROTO_1_PREFERRED 0x02
33#define SSH_PROTO_2 0x04 33#define SSH_PROTO_2 0x04
34 34
35#define SSH_BUG_SIGBLOB 0x00000001 35/* #define unused 0x00000001 */
36#define SSH_BUG_PKSERVICE 0x00000002 36/* #define unused 0x00000002 */
37#define SSH_BUG_HMAC 0x00000004 37/* #define unused 0x00000004 */
38#define SSH_BUG_X11FWD 0x00000008 38/* #define unused 0x00000008 */
39#define SSH_OLD_SESSIONID 0x00000010 39#define SSH_OLD_SESSIONID 0x00000010
40#define SSH_BUG_PKAUTH 0x00000020 40/* #define unused 0x00000020 */
41#define SSH_BUG_DEBUG 0x00000040 41#define SSH_BUG_DEBUG 0x00000040
42#define SSH_BUG_BANNER 0x00000080 42/* #define unused 0x00000080 */
43#define SSH_BUG_IGNOREMSG 0x00000100 43#define SSH_BUG_IGNOREMSG 0x00000100
44#define SSH_BUG_PKOK 0x00000200 44/* #define unused 0x00000200 */
45#define SSH_BUG_PASSWORDPAD 0x00000400 45#define SSH_BUG_PASSWORDPAD 0x00000400
46#define SSH_BUG_SCANNER 0x00000800 46#define SSH_BUG_SCANNER 0x00000800
47#define SSH_BUG_BIGENDIANAES 0x00001000 47#define SSH_BUG_BIGENDIANAES 0x00001000
48#define SSH_BUG_RSASIGMD5 0x00002000 48#define SSH_BUG_RSASIGMD5 0x00002000
49#define SSH_OLD_DHGEX 0x00004000 49#define SSH_OLD_DHGEX 0x00004000
50#define SSH_BUG_NOREKEY 0x00008000 50#define SSH_BUG_NOREKEY 0x00008000
51#define SSH_BUG_HBSERVICE 0x00010000 51/* #define unused 0x00010000 */
52#define SSH_BUG_OPENFAILURE 0x00020000 52/* #define unused 0x00020000 */
53#define SSH_BUG_DERIVEKEY 0x00040000 53/* #define unused 0x00040000 */
54#define SSH_BUG_DUMMYCHAN 0x00100000 54/* #define unused 0x00100000 */
55#define SSH_BUG_EXTEOF 0x00200000 55#define SSH_BUG_EXTEOF 0x00200000
56#define SSH_BUG_PROBE 0x00400000 56#define SSH_BUG_PROBE 0x00400000
57#define SSH_BUG_FIRSTKEX 0x00800000 57/* #define unused 0x00800000 */
58#define SSH_OLD_FORWARD_ADDR 0x01000000 58#define SSH_OLD_FORWARD_ADDR 0x01000000
59#define SSH_BUG_RFWD_ADDR 0x02000000 59/* #define unused 0x02000000 */
60#define SSH_NEW_OPENSSH 0x04000000 60#define SSH_NEW_OPENSSH 0x04000000
61#define SSH_BUG_DYNAMIC_RPORT 0x08000000 61#define SSH_BUG_DYNAMIC_RPORT 0x08000000
62#define SSH_BUG_CURVE25519PAD 0x10000000 62#define SSH_BUG_CURVE25519PAD 0x10000000
diff --git a/kex.c b/kex.c
index d5d5a9dae..83c6199f3 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.134 2017/06/13 12:13:59 djm Exp $ */ 1/* $OpenBSD: kex.c,v 1.135 2018/01/23 05:27:21 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -675,9 +675,6 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server)
675 free(name); 675 free(name);
676 return SSH_ERR_INTERNAL_ERROR; 676 return SSH_ERR_INTERNAL_ERROR;
677 } 677 }
678 /* truncate the key */
679 if (ssh->compat & SSH_BUG_HMAC)
680 mac->key_len = 16;
681 mac->name = name; 678 mac->name = name;
682 mac->key = NULL; 679 mac->key = NULL;
683 mac->enabled = 0; 680 mac->enabled = 0;
@@ -866,8 +863,7 @@ kex_choose_conf(struct ssh *ssh)
866 kex->dh_need = dh_need; 863 kex->dh_need = dh_need;
867 864
868 /* ignore the next message if the proposals do not match */ 865 /* ignore the next message if the proposals do not match */
869 if (first_kex_follows && !proposals_match(my, peer) && 866 if (first_kex_follows && !proposals_match(my, peer))
870 !(ssh->compat & SSH_BUG_FIRSTKEX))
871 ssh->dispatch_skip_packets = 1; 867 ssh->dispatch_skip_packets = 1;
872 r = 0; 868 r = 0;
873 out: 869 out:
diff --git a/monitor.c b/monitor.c
index b0227eee1..89c8c958a 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.177 2017/12/21 00:00:28 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.178 2018/01/23 05:27:21 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1255,18 +1255,13 @@ monitor_valid_userblob(u_char *data, u_int datalen)
1255 free(userstyle); 1255 free(userstyle);
1256 free(cp); 1256 free(cp);
1257 buffer_skip_string(&b); 1257 buffer_skip_string(&b);
1258 if (datafellows & SSH_BUG_PKAUTH) { 1258 cp = buffer_get_cstring(&b, NULL);
1259 if (!buffer_get_char(&b)) 1259 if (strcmp("publickey", cp) != 0)
1260 fail++; 1260 fail++;
1261 } else { 1261 free(cp);
1262 cp = buffer_get_cstring(&b, NULL); 1262 if (!buffer_get_char(&b))
1263 if (strcmp("publickey", cp) != 0) 1263 fail++;
1264 fail++; 1264 buffer_skip_string(&b);
1265 free(cp);
1266 if (!buffer_get_char(&b))
1267 fail++;
1268 buffer_skip_string(&b);
1269 }
1270 buffer_skip_string(&b); 1265 buffer_skip_string(&b);
1271 if (buffer_len(&b) != 0) 1266 if (buffer_len(&b) != 0)
1272 fail++; 1267 fail++;
diff --git a/serverloop.c b/serverloop.c
index 615921c38..feaf35c1a 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: serverloop.c,v 1.202 2017/12/18 23:16:24 djm Exp $ */ 1/* $OpenBSD: serverloop.c,v 1.203 2018/01/23 05:27:21 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -655,10 +655,8 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
655 packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); 655 packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
656 packet_put_int(rchan); 656 packet_put_int(rchan);
657 packet_put_int(reason); 657 packet_put_int(reason);
658 if (!(datafellows & SSH_BUG_OPENFAILURE)) { 658 packet_put_cstring(errmsg ? errmsg : "open failed");
659 packet_put_cstring(errmsg ? errmsg : "open failed"); 659 packet_put_cstring("");
660 packet_put_cstring("");
661 }
662 packet_send(); 660 packet_send();
663 } 661 }
664 free(ctype); 662 free(ctype);
diff --git a/ssh-agent.c b/ssh-agent.c
index 8cb00f620..39888a72c 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.226 2017/11/15 02:10:16 djm Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.227 2018/01/23 05:27:21 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -292,8 +292,6 @@ process_sign_request2(SocketEntry *e)
292 goto send; 292 goto send;
293 } 293 }
294 294
295 if (flags & SSH_AGENT_OLD_SIGNATURE)
296 compat = SSH_BUG_SIGBLOB;
297 if ((id = lookup_identity(key)) == NULL) { 295 if ((id = lookup_identity(key)) == NULL) {
298 verbose("%s: %s key not found", __func__, sshkey_type(key)); 296 verbose("%s: %s key not found", __func__, sshkey_type(key));
299 goto send; 297 goto send;
diff --git a/ssh-dss.c b/ssh-dss.c
index 7af59fa6e..cda498a87 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-dss.c,v 1.35 2016/04/21 06:08:02 djm Exp $ */ 1/* $OpenBSD: ssh-dss.c,v 1.36 2018/01/23 05:27:21 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -86,38 +86,25 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
86 BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); 86 BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
87 BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen); 87 BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen);
88 88
89 if (compat & SSH_BUG_SIGBLOB) { 89 if ((b = sshbuf_new()) == NULL) {
90 if (sigp != NULL) { 90 ret = SSH_ERR_ALLOC_FAIL;
91 if ((*sigp = malloc(SIGBLOB_LEN)) == NULL) { 91 goto out;
92 ret = SSH_ERR_ALLOC_FAIL; 92 }
93 goto out; 93 if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 ||
94 } 94 (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
95 memcpy(*sigp, sigblob, SIGBLOB_LEN); 95 goto out;
96 } 96
97 if (lenp != NULL) 97 len = sshbuf_len(b);
98 *lenp = SIGBLOB_LEN; 98 if (sigp != NULL) {
99 ret = 0; 99 if ((*sigp = malloc(len)) == NULL) {
100 } else {
101 /* ietf-drafts */
102 if ((b = sshbuf_new()) == NULL) {
103 ret = SSH_ERR_ALLOC_FAIL; 100 ret = SSH_ERR_ALLOC_FAIL;
104 goto out; 101 goto out;
105 } 102 }
106 if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 || 103 memcpy(*sigp, sshbuf_ptr(b), len);
107 (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
108 goto out;
109 len = sshbuf_len(b);
110 if (sigp != NULL) {
111 if ((*sigp = malloc(len)) == NULL) {
112 ret = SSH_ERR_ALLOC_FAIL;
113 goto out;
114 }
115 memcpy(*sigp, sshbuf_ptr(b), len);
116 }
117 if (lenp != NULL)
118 *lenp = len;
119 ret = 0;
120 } 104 }
105 if (lenp != NULL)
106 *lenp = len;
107 ret = 0;
121 out: 108 out:
122 explicit_bzero(digest, sizeof(digest)); 109 explicit_bzero(digest, sizeof(digest));
123 if (sig != NULL) 110 if (sig != NULL)
@@ -146,28 +133,20 @@ ssh_dss_verify(const struct sshkey *key,
146 return SSH_ERR_INTERNAL_ERROR; 133 return SSH_ERR_INTERNAL_ERROR;
147 134
148 /* fetch signature */ 135 /* fetch signature */
149 if (compat & SSH_BUG_SIGBLOB) { 136 if ((b = sshbuf_from(signature, signaturelen)) == NULL)
150 if ((sigblob = malloc(signaturelen)) == NULL) 137 return SSH_ERR_ALLOC_FAIL;
151 return SSH_ERR_ALLOC_FAIL; 138 if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
152 memcpy(sigblob, signature, signaturelen); 139 sshbuf_get_string(b, &sigblob, &len) != 0) {
153 len = signaturelen; 140 ret = SSH_ERR_INVALID_FORMAT;
154 } else { 141 goto out;
155 /* ietf-drafts */ 142 }
156 if ((b = sshbuf_from(signature, signaturelen)) == NULL) 143 if (strcmp("ssh-dss", ktype) != 0) {
157 return SSH_ERR_ALLOC_FAIL; 144 ret = SSH_ERR_KEY_TYPE_MISMATCH;
158 if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || 145 goto out;
159 sshbuf_get_string(b, &sigblob, &len) != 0) { 146 }
160 ret = SSH_ERR_INVALID_FORMAT; 147 if (sshbuf_len(b) != 0) {
161 goto out; 148 ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
162 } 149 goto out;
163 if (strcmp("ssh-dss", ktype) != 0) {
164 ret = SSH_ERR_KEY_TYPE_MISMATCH;
165 goto out;
166 }
167 if (sshbuf_len(b) != 0) {
168 ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
169 goto out;
170 }
171 } 150 }
172 151
173 if (len != SIGBLOB_LEN) { 152 if (len != SIGBLOB_LEN) {
diff --git a/ssh.c b/ssh.c
index ac85b2bb5..af4597f88 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.470 2018/01/23 05:06:25 djm Exp $ */ 1/* $OpenBSD: ssh.c,v 1.471 2018/01/23 05:27:21 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1931,7 +1931,7 @@ ssh_session2(struct ssh *ssh, struct passwd *pw)
1931 if (options.control_persist && muxserver_sock == -1) 1931 if (options.control_persist && muxserver_sock == -1)
1932 ssh_init_stdio_forwarding(ssh); 1932 ssh_init_stdio_forwarding(ssh);
1933 1933
1934 if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) 1934 if (!no_shell_flag)
1935 id = ssh_session2_open(ssh); 1935 id = ssh_session2_open(ssh);
1936 else { 1936 else {
1937 packet_set_interactive( 1937 packet_set_interactive(
diff --git a/sshconnect.c b/sshconnect.c
index c25e192c8..0e195a31d 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.290 2018/01/23 05:17:04 djm Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.291 2018/01/23 05:27:21 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -617,9 +617,6 @@ ssh_exchange_identification(int timeout_ms)
617 if (mismatch) 617 if (mismatch)
618 fatal("Protocol major versions differ: %d vs. %d", 618 fatal("Protocol major versions differ: %d vs. %d",
619 PROTOCOL_MAJOR_2, remote_major); 619 PROTOCOL_MAJOR_2, remote_major);
620 if ((datafellows & SSH_BUG_DERIVEKEY) != 0)
621 fatal("Server version \"%.100s\" uses unsafe key agreement; "
622 "refusing connection", remote_version);
623 if ((datafellows & SSH_BUG_RSASIGMD5) != 0) 620 if ((datafellows & SSH_BUG_RSASIGMD5) != 0)
624 logit("Server version \"%.100s\" uses unsafe RSA signature " 621 logit("Server version \"%.100s\" uses unsafe RSA signature "
625 "scheme; disabling use of RSA keys", remote_version); 622 "scheme; disabling use of RSA keys", remote_version);
diff --git a/sshconnect2.c b/sshconnect2.c
index be9397e48..870c3d270 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.266 2017/08/27 00:38:41 dtucker Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.267 2018/01/23 05:27:21 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -578,7 +578,6 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
578 Authctxt *authctxt = ssh->authctxt; 578 Authctxt *authctxt = ssh->authctxt;
579 struct sshkey *key = NULL; 579 struct sshkey *key = NULL;
580 Identity *id = NULL; 580 Identity *id = NULL;
581 Buffer b;
582 int pktype, sent = 0; 581 int pktype, sent = 0;
583 u_int alen, blen; 582 u_int alen, blen;
584 char *pkalg, *fp; 583 char *pkalg, *fp;
@@ -586,18 +585,9 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
586 585
587 if (authctxt == NULL) 586 if (authctxt == NULL)
588 fatal("input_userauth_pk_ok: no authentication context"); 587 fatal("input_userauth_pk_ok: no authentication context");
589 if (datafellows & SSH_BUG_PKOK) { 588
590 /* this is similar to SSH_BUG_PKAUTH */ 589 pkalg = packet_get_string(&alen);
591 debug2("input_userauth_pk_ok: SSH_BUG_PKOK"); 590 pkblob = packet_get_string(&blen);
592 pkblob = packet_get_string(&blen);
593 buffer_init(&b);
594 buffer_append(&b, pkblob, blen);
595 pkalg = buffer_get_string(&b, &alen);
596 buffer_free(&b);
597 } else {
598 pkalg = packet_get_string(&alen);
599 pkblob = packet_get_string(&blen);
600 }
601 packet_check_eom(); 591 packet_check_eom();
602 592
603 debug("Server accepts key: pkalg %s blen %u", pkalg, blen); 593 debug("Server accepts key: pkalg %s blen %u", pkalg, blen);
@@ -1100,17 +1090,10 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1100 } 1090 }
1101 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); 1091 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1102 buffer_put_cstring(&b, authctxt->server_user); 1092 buffer_put_cstring(&b, authctxt->server_user);
1103 buffer_put_cstring(&b, 1093 buffer_put_cstring(&b, authctxt->service);
1104 datafellows & SSH_BUG_PKSERVICE ? 1094 buffer_put_cstring(&b, authctxt->method->name);
1105 "ssh-userauth" : 1095 buffer_put_char(&b, have_sig);
1106 authctxt->service); 1096 buffer_put_cstring(&b, key_sign_encode(id->key));
1107 if (datafellows & SSH_BUG_PKAUTH) {
1108 buffer_put_char(&b, have_sig);
1109 } else {
1110 buffer_put_cstring(&b, authctxt->method->name);
1111 buffer_put_char(&b, have_sig);
1112 buffer_put_cstring(&b, key_sign_encode(id->key));
1113 }
1114 buffer_put_string(&b, blob, bloblen); 1097 buffer_put_string(&b, blob, bloblen);
1115 1098
1116 /* 1099 /*
@@ -1170,19 +1153,6 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1170#ifdef DEBUG_PK 1153#ifdef DEBUG_PK
1171 buffer_dump(&b); 1154 buffer_dump(&b);
1172#endif 1155#endif
1173 if (datafellows & SSH_BUG_PKSERVICE) {
1174 buffer_clear(&b);
1175 buffer_append(&b, session_id2, session_id2_len);
1176 skip = session_id2_len;
1177 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1178 buffer_put_cstring(&b, authctxt->server_user);
1179 buffer_put_cstring(&b, authctxt->service);
1180 buffer_put_cstring(&b, authctxt->method->name);
1181 buffer_put_char(&b, have_sig);
1182 if (!(datafellows & SSH_BUG_PKAUTH))
1183 buffer_put_cstring(&b, key_ssh_name(id->key));
1184 buffer_put_string(&b, blob, bloblen);
1185 }
1186 free(blob); 1156 free(blob);
1187 1157
1188 /* append signature */ 1158 /* append signature */
@@ -1224,8 +1194,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id)
1224 packet_put_cstring(authctxt->service); 1194 packet_put_cstring(authctxt->service);
1225 packet_put_cstring(authctxt->method->name); 1195 packet_put_cstring(authctxt->method->name);
1226 packet_put_char(have_sig); 1196 packet_put_char(have_sig);
1227 if (!(datafellows & SSH_BUG_PKAUTH)) 1197 packet_put_cstring(key_sign_encode(id->key));
1228 packet_put_cstring(key_sign_encode(id->key));
1229 packet_put_string(blob, bloblen); 1198 packet_put_string(blob, bloblen);
1230 free(blob); 1199 free(blob);
1231 packet_send(); 1200 packet_send();
@@ -1741,7 +1710,6 @@ userauth_hostbased(Authctxt *authctxt)
1741 struct ssh *ssh = active_state; 1710 struct ssh *ssh = active_state;
1742 struct sshkey *private = NULL; 1711 struct sshkey *private = NULL;
1743 struct sshbuf *b = NULL; 1712 struct sshbuf *b = NULL;
1744 const char *service;
1745 u_char *sig = NULL, *keyblob = NULL; 1713 u_char *sig = NULL, *keyblob = NULL;
1746 char *fp = NULL, *chost = NULL, *lname = NULL; 1714 char *fp = NULL, *chost = NULL, *lname = NULL;
1747 size_t siglen = 0, keylen = 0; 1715 size_t siglen = 0, keylen = 0;
@@ -1812,9 +1780,6 @@ userauth_hostbased(Authctxt *authctxt)
1812 xasprintf(&chost, "%s.", lname); 1780 xasprintf(&chost, "%s.", lname);
1813 debug2("%s: chost %s", __func__, chost); 1781 debug2("%s: chost %s", __func__, chost);
1814 1782
1815 service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
1816 authctxt->service;
1817
1818 /* construct data */ 1783 /* construct data */
1819 if ((b = sshbuf_new()) == NULL) { 1784 if ((b = sshbuf_new()) == NULL) {
1820 error("%s: sshbuf_new failed", __func__); 1785 error("%s: sshbuf_new failed", __func__);
@@ -1827,7 +1792,7 @@ userauth_hostbased(Authctxt *authctxt)
1827 if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || 1792 if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
1828 (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || 1793 (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
1829 (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 || 1794 (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 ||
1830 (r = sshbuf_put_cstring(b, service)) != 0 || 1795 (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
1831 (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 || 1796 (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 ||
1832 (r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 || 1797 (r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 ||
1833 (r = sshbuf_put_string(b, keyblob, keylen)) != 0 || 1798 (r = sshbuf_put_string(b, keyblob, keylen)) != 0 ||
diff --git a/sshd.c b/sshd.c
index 6133135db..e7e3c99b4 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.501 2018/01/23 05:12:12 djm Exp $ */ 1/* $OpenBSD: sshd.c,v 1.502 2018/01/23 05:27:21 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -446,10 +446,6 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
446 logit("Client version \"%.100s\" uses unsafe RSA signature " 446 logit("Client version \"%.100s\" uses unsafe RSA signature "
447 "scheme; disabling use of RSA keys", remote_version); 447 "scheme; disabling use of RSA keys", remote_version);
448 } 448 }
449 if ((ssh->compat & SSH_BUG_DERIVEKEY) != 0) {
450 fatal("Client version \"%.100s\" uses unsafe key agreement; "
451 "refusing connection", remote_version);
452 }
453 449
454 chop(server_version_string); 450 chop(server_version_string);
455 debug("Local version string %.200s", server_version_string); 451 debug("Local version string %.200s", server_version_string);
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-19 19:33:40 +0000