diff options
author | Damien Miller <djm@mindrot.org> | 2001-03-19 22:36:20 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2001-03-19 22:36:20 +1100 |
commit | 27dbe6f37e675bda22d99646e236eac1d18d36ac (patch) | |
tree | 80c5813d2cd6d7684f3dabbf4b03e636b1495f61 | |
parent | cafff1910541b1704e80b3cb16f6926135f23ea6 (diff) |
- deraadt@cvs.openbsd.org 2001/03/18 23:30:55
[compat.c compat.h sshd.c]
specifically version match on ssh scanners. do not log scan
information to the console
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | compat.c | 4 | ||||
-rw-r--r-- | compat.h | 3 | ||||
-rw-r--r-- | sshd.c | 8 |
4 files changed, 17 insertions, 4 deletions
@@ -17,6 +17,10 @@ | |||
17 | - djm@cvs.openbsd.org 2001/03/19 03:52:51 | 17 | - djm@cvs.openbsd.org 2001/03/19 03:52:51 |
18 | [sftp-client.c] | 18 | [sftp-client.c] |
19 | Report ssh connection closing correctly; ok deraadt@ | 19 | Report ssh connection closing correctly; ok deraadt@ |
20 | - deraadt@cvs.openbsd.org 2001/03/18 23:30:55 | ||
21 | [compat.c compat.h sshd.c] | ||
22 | specifically version match on ssh scanners. do not log scan | ||
23 | information to the console | ||
20 | 24 | ||
21 | 20010318 | 25 | 20010318 |
22 | - (bal) Fixed scp type casing issue which causes "scp: protocol error: | 26 | - (bal) Fixed scp type casing issue which causes "scp: protocol error: |
@@ -4616,4 +4620,4 @@ | |||
4616 | - Wrote replacements for strlcpy and mkdtemp | 4620 | - Wrote replacements for strlcpy and mkdtemp |
4617 | - Released 1.0pre1 | 4621 | - Released 1.0pre1 |
4618 | 4622 | ||
4619 | $Id: ChangeLog,v 1.980 2001/03/19 11:29:46 djm Exp $ | 4623 | $Id: ChangeLog,v 1.981 2001/03/19 11:36:20 djm Exp $ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: compat.c,v 1.38 2001/03/10 15:31:00 deraadt Exp $"); | 26 | RCSID("$OpenBSD: compat.c,v 1.39 2001/03/18 23:30:55 deraadt Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_LIBPCRE | 28 | #ifdef HAVE_LIBPCRE |
29 | # include <pcreposix.h> | 29 | # include <pcreposix.h> |
@@ -97,6 +97,8 @@ compat_datafellows(const char *version) | |||
97 | { "^OSU_1\\.[0-4]", SSH_BUG_PASSWORDPAD }, | 97 | { "^OSU_1\\.[0-4]", SSH_BUG_PASSWORDPAD }, |
98 | { "^OSU_1\\.5alpha[1-3]", | 98 | { "^OSU_1\\.5alpha[1-3]", |
99 | SSH_BUG_PASSWORDPAD }, | 99 | SSH_BUG_PASSWORDPAD }, |
100 | { "^SSH_Version_Mapper", | ||
101 | SSH_BUG_SCANNER }, | ||
100 | { NULL, 0 } | 102 | { NULL, 0 } |
101 | }; | 103 | }; |
102 | /* process table, return first match */ | 104 | /* process table, return first match */ |
@@ -21,7 +21,7 @@ | |||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | /* RCSID("$OpenBSD: compat.h,v 1.17 2001/03/10 15:31:00 deraadt Exp $"); */ | 24 | /* RCSID("$OpenBSD: compat.h,v 1.18 2001/03/18 23:30:55 deraadt Exp $"); */ |
25 | 25 | ||
26 | #ifndef COMPAT_H | 26 | #ifndef COMPAT_H |
27 | #define COMPAT_H | 27 | #define COMPAT_H |
@@ -42,6 +42,7 @@ | |||
42 | #define SSH_BUG_IGNOREMSG 0x0100 | 42 | #define SSH_BUG_IGNOREMSG 0x0100 |
43 | #define SSH_BUG_PKOK 0x0200 | 43 | #define SSH_BUG_PKOK 0x0200 |
44 | #define SSH_BUG_PASSWORDPAD 0x0400 | 44 | #define SSH_BUG_PASSWORDPAD 0x0400 |
45 | #define SSH_BUG_SCANNER 0x0800 | ||
45 | 46 | ||
46 | void enable_compat13(void); | 47 | void enable_compat13(void); |
47 | void enable_compat20(void); | 48 | void enable_compat20(void); |
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: sshd.c,v 1.174 2001/03/09 12:30:29 deraadt Exp $"); | 43 | RCSID("$OpenBSD: sshd.c,v 1.175 2001/03/18 23:30:55 deraadt Exp $"); |
44 | 44 | ||
45 | #include <openssl/dh.h> | 45 | #include <openssl/dh.h> |
46 | #include <openssl/bn.h> | 46 | #include <openssl/bn.h> |
@@ -381,6 +381,12 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
381 | 381 | ||
382 | compat_datafellows(remote_version); | 382 | compat_datafellows(remote_version); |
383 | 383 | ||
384 | if (datafellows & SSH_BUG_SCANNER) { | ||
385 | log("scanned from %s with %s. Don't panic.", | ||
386 | get_remote_ipaddr(), client_version_string); | ||
387 | fatal_cleanup(); | ||
388 | } | ||
389 | |||
384 | mismatch = 0; | 390 | mismatch = 0; |
385 | switch(remote_major) { | 391 | switch(remote_major) { |
386 | case 1: | 392 | case 1: |