upstream: move client/server SSH-* banners to buffers under

ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).

Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@

OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b

1 files changed, 76 insertions, 1 deletions

diff --git a/misc.c b/misc.c
index 275e68141..bfd786ef8 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.135 2018/12/07 04:36:09 dtucker Exp $ */
+/* $OpenBSD: misc.c,v 1.136 2018/12/27 03:25:25 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -38,6 +38,7 @@
 #ifdef HAVE_LIBGEN_H
 # include <libgen.h>
 #endif
+#include <poll.h>
 #include <signal.h>
 #include <stdarg.h>
 #include <stdio.h>
@@ -234,6 +235,80 @@ set_rdomain(int fd, const char *name)
 #endif
 }
 
+/*
+ * Wait up to *timeoutp milliseconds for fd to be readable. Updates
+ * *timeoutp with time remaining.
+ * Returns 0 if fd ready or -1 on timeout or error (see errno).
+ */
+int
+waitrfd(int fd, int *timeoutp)
+{
+        struct pollfd pfd;
+        struct timeval t_start;
+        int oerrno, r;
+
+        monotime_tv(&t_start);
+        pfd.fd = fd;
+        pfd.events = POLLIN;
+        for (; *timeoutp >= 0;) {
+                r = poll(&pfd, 1, *timeoutp);
+                oerrno = errno;
+                ms_subtract_diff(&t_start, timeoutp);
+                errno = oerrno;
+                if (r > 0)
+                        return 0;
+                else if (r == -1 && errno != EAGAIN)
+                        return -1;
+                else if (r == 0)
+                        break;
+        }
+        /* timeout */
+        errno = ETIMEDOUT;
+        return -1;
+}
+
+/*
+ * Attempt a non-blocking connect(2) to the specified address, waiting up to
+ * *timeoutp milliseconds for the connection to complete. If the timeout is
+ * <=0, then wait indefinitely.
+ *
+ * Returns 0 on success or -1 on failure.
+ */
+int
+timeout_connect(int sockfd, const struct sockaddr *serv_addr,
+    socklen_t addrlen, int *timeoutp)
+{
+        int optval = 0;
+        socklen_t optlen = sizeof(optval);
+
+        /* No timeout: just do a blocking connect() */
+        if (timeoutp == NULL || *timeoutp <= 0)
+                return connect(sockfd, serv_addr, addrlen);
+
+        set_nonblock(sockfd);
+        if (connect(sockfd, serv_addr, addrlen) == 0) {
+                /* Succeeded already? */
+                unset_nonblock(sockfd);
+                return 0;
+        } else if (errno != EINPROGRESS)
+                return -1;
+
+        if (waitrfd(sockfd, timeoutp) == -1)
+                return -1;
+
+        /* Completed or failed */
+        if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, &optlen) == -1) {
+                debug("getsockopt: %s", strerror(errno));
+                return -1;
+        }
+        if (optval != 0) {
+                errno = optval;
+                return -1;
+        }
+        unset_nonblock(sockfd);
+        return 0;
+}
+
 /* Characters considered whitespace in strsep calls. */
 #define WHITESPACE " \t\r\n"
 #define QUOTE   "\""