upstream commit

Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years. Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
author: djm@openbsd.org <djm@openbsd.org> 2016-09-28 16:33:06 +0000
committer: Damien Miller <djm@mindrot.org> 2016-09-29 03:11:32 +1000
commit: 0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f (patch)
tree: b0271896ec4d6c0e716821954212677438824a05 /monitor.c
parent: 27c3a9c2aede2184856b5de1e6eca414bb751c38 (diff)
1 files changed, 1 insertions, 47 deletions
diff --git a/monitor.c b/monitor.c
index bea8d8b27..43f484709 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.165 2016/09/05 13:57:31 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -94,7 +94,6 @@
 #include "misc.h"
 #include "servconf.h"
 #include "monitor.h"
-#include "monitor_mm.h"
 #ifdef GSSAPI
 #include "ssh-gss.h"
 #endif
@@ -411,31 +410,6 @@ monitor_child_postauth(struct monitor *pmonitor)
                monitor_read(pmonitor, mon_dispatch, NULL);
 }
-void
-monitor_sync(struct monitor *pmonitor)
-{
-        if (options.compression) {
-                /* The member allocation is not visible, so sync it */
-                mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback);
-        }
-}
-/* Allocation functions for zlib */
-static void *
-mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
-{
-        if (size == 0 || ncount == 0 || ncount > SIZE_MAX / size)
-                fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
-        return mm_malloc(mm, size * ncount);
-}
-static void
-mm_zfree(struct mm_master *mm, void *address)
-{
-        mm_free(mm, address);
-}
 static int
 monitor_read_log(struct monitor *pmonitor)
 {
@@ -1632,13 +1606,6 @@ monitor_apply_keystate(struct monitor *pmonitor)
                kex->host_key_index=&get_hostkey_index;
                kex->sign = sshd_hostkey_sign;
        }
-        /* Update with new address */
-        if (options.compression) {
-                ssh_packet_set_compress_hooks(ssh, pmonitor->m_zlib,
-                    (ssh_packet_comp_alloc_func *)mm_zalloc,
-                    (ssh_packet_comp_free_func *)mm_zfree);
-        }
 }
 /* This function requries careful sanity checking */
@@ -1691,24 +1658,11 @@ monitor_openfds(struct monitor *mon, int do_logfds)
 struct monitor *
 monitor_init(void)
 {
-        struct ssh *ssh = active_state;                 /* XXX */
        struct monitor *mon;
        mon = xcalloc(1, sizeof(*mon));
        monitor_openfds(mon, 1);
-        /* Used to share zlib space across processes */
-        if (options.compression) {
-                mon->m_zback = mm_create(NULL, MM_MEMSIZE);
-                mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE);
-                /* Compression needs to share state across borders */
-                ssh_packet_set_compress_hooks(ssh, mon->m_zlib,
-                    (ssh_packet_comp_alloc_func *)mm_zalloc,
-                    (ssh_packet_comp_free_func *)mm_zfree);
-        }
        return mon;
 }
author	djm@openbsd.org <djm@openbsd.org>	2016-09-28 16:33:06 +0000
committer	Damien Miller <djm@mindrot.org>	2016-09-29 03:11:32 +1000
commit	0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f (patch)
tree	b0271896ec4d6c0e716821954212677438824a05 /monitor.c
parent	27c3a9c2aede2184856b5de1e6eca414bb751c38 (diff)

diff --git a/monitor.c b/monitor.c index bea8d8b27..43f484709 100644 --- a/monitor.c +++ b/monitor.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: monitor.c,v 1.165 2016/09/05 13:57:31 djm Exp $ */	1	/* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */
2	/*	2	/*
3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>	3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>
4	* Copyright 2002 Markus Friedl <markus@openbsd.org>	4	* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -94,7 +94,6 @@
94	#include "misc.h"	94	#include "misc.h"
95	#include "servconf.h"	95	#include "servconf.h"
96	#include "monitor.h"	96	#include "monitor.h"
97	#include "monitor_mm.h"
98	#ifdef GSSAPI	97	#ifdef GSSAPI
99	#include "ssh-gss.h"	98	#include "ssh-gss.h"
100	#endif	99	#endif
@@ -411,31 +410,6 @@ monitor_child_postauth(struct monitor *pmonitor)
411	monitor_read(pmonitor, mon_dispatch, NULL);	410	monitor_read(pmonitor, mon_dispatch, NULL);
412	}	411	}
413		412
414	void
415	monitor_sync(struct monitor *pmonitor)
416	{
417	if (options.compression) {
418	/* The member allocation is not visible, so sync it */
419	mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback);
420	}
421	}
422
423	/* Allocation functions for zlib */
424	static void *
425	mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
426	{
427	if (size == 0 \|\| ncount == 0 \|\| ncount > SIZE_MAX / size)
428	fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
429
430	return mm_malloc(mm, size * ncount);
431	}
432
433	static void
434	mm_zfree(struct mm_master mm, void address)
435	{
436	mm_free(mm, address);
437	}
438
439	static int	413	static int
440	monitor_read_log(struct monitor *pmonitor)	414	monitor_read_log(struct monitor *pmonitor)
441	{	415	{
@@ -1632,13 +1606,6 @@ monitor_apply_keystate(struct monitor *pmonitor)
1632	kex->host_key_index=&get_hostkey_index;	1606	kex->host_key_index=&get_hostkey_index;
1633	kex->sign = sshd_hostkey_sign;	1607	kex->sign = sshd_hostkey_sign;
1634	}	1608	}
1635
1636	/* Update with new address */
1637	if (options.compression) {
1638	ssh_packet_set_compress_hooks(ssh, pmonitor->m_zlib,
1639	(ssh_packet_comp_alloc_func *)mm_zalloc,
1640	(ssh_packet_comp_free_func *)mm_zfree);
1641	}
1642	}	1609	}
1643		1610
1644	/* This function requries careful sanity checking */	1611	/* This function requries careful sanity checking */
@@ -1691,24 +1658,11 @@ monitor_openfds(struct monitor *mon, int do_logfds)
1691	struct monitor *	1658	struct monitor *
1692	monitor_init(void)	1659	monitor_init(void)
1693	{	1660	{
1694	struct ssh ssh = active_state; / XXX */
1695	struct monitor *mon;	1661	struct monitor *mon;
1696		1662
1697	mon = xcalloc(1, sizeof(*mon));	1663	mon = xcalloc(1, sizeof(*mon));
1698
1699	monitor_openfds(mon, 1);	1664	monitor_openfds(mon, 1);
1700		1665
1701	/* Used to share zlib space across processes */
1702	if (options.compression) {
1703	mon->m_zback = mm_create(NULL, MM_MEMSIZE);
1704	mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE);
1705
1706	/* Compression needs to share state across borders */
1707	ssh_packet_set_compress_hooks(ssh, mon->m_zlib,
1708	(ssh_packet_comp_alloc_func *)mm_zalloc,
1709	(ssh_packet_comp_free_func *)mm_zfree);
1710	}
1711
1712	return mon;	1666	return mon;
1713	}	1667	}
1714		1668