summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2016-09-28 16:33:06 +0000
committerDamien Miller <djm@mindrot.org>2016-09-29 03:11:32 +1000
commit0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f (patch)
treeb0271896ec4d6c0e716821954212677438824a05 /monitor.c
parent27c3a9c2aede2184856b5de1e6eca414bb751c38 (diff)
upstream commit
Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years. Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c48
1 files changed, 1 insertions, 47 deletions
diff --git a/monitor.c b/monitor.c
index bea8d8b27..43f484709 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.165 2016/09/05 13:57:31 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -94,7 +94,6 @@
94#include "misc.h" 94#include "misc.h"
95#include "servconf.h" 95#include "servconf.h"
96#include "monitor.h" 96#include "monitor.h"
97#include "monitor_mm.h"
98#ifdef GSSAPI 97#ifdef GSSAPI
99#include "ssh-gss.h" 98#include "ssh-gss.h"
100#endif 99#endif
@@ -411,31 +410,6 @@ monitor_child_postauth(struct monitor *pmonitor)
411 monitor_read(pmonitor, mon_dispatch, NULL); 410 monitor_read(pmonitor, mon_dispatch, NULL);
412} 411}
413 412
414void
415monitor_sync(struct monitor *pmonitor)
416{
417 if (options.compression) {
418 /* The member allocation is not visible, so sync it */
419 mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback);
420 }
421}
422
423/* Allocation functions for zlib */
424static void *
425mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
426{
427 if (size == 0 || ncount == 0 || ncount > SIZE_MAX / size)
428 fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
429
430 return mm_malloc(mm, size * ncount);
431}
432
433static void
434mm_zfree(struct mm_master *mm, void *address)
435{
436 mm_free(mm, address);
437}
438
439static int 413static int
440monitor_read_log(struct monitor *pmonitor) 414monitor_read_log(struct monitor *pmonitor)
441{ 415{
@@ -1632,13 +1606,6 @@ monitor_apply_keystate(struct monitor *pmonitor)
1632 kex->host_key_index=&get_hostkey_index; 1606 kex->host_key_index=&get_hostkey_index;
1633 kex->sign = sshd_hostkey_sign; 1607 kex->sign = sshd_hostkey_sign;
1634 } 1608 }
1635
1636 /* Update with new address */
1637 if (options.compression) {
1638 ssh_packet_set_compress_hooks(ssh, pmonitor->m_zlib,
1639 (ssh_packet_comp_alloc_func *)mm_zalloc,
1640 (ssh_packet_comp_free_func *)mm_zfree);
1641 }
1642} 1609}
1643 1610
1644/* This function requries careful sanity checking */ 1611/* This function requries careful sanity checking */
@@ -1691,24 +1658,11 @@ monitor_openfds(struct monitor *mon, int do_logfds)
1691struct monitor * 1658struct monitor *
1692monitor_init(void) 1659monitor_init(void)
1693{ 1660{
1694 struct ssh *ssh = active_state; /* XXX */
1695 struct monitor *mon; 1661 struct monitor *mon;
1696 1662
1697 mon = xcalloc(1, sizeof(*mon)); 1663 mon = xcalloc(1, sizeof(*mon));
1698
1699 monitor_openfds(mon, 1); 1664 monitor_openfds(mon, 1);
1700 1665
1701 /* Used to share zlib space across processes */
1702 if (options.compression) {
1703 mon->m_zback = mm_create(NULL, MM_MEMSIZE);
1704 mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE);
1705
1706 /* Compression needs to share state across borders */
1707 ssh_packet_set_compress_hooks(ssh, mon->m_zlib,
1708 (ssh_packet_comp_alloc_func *)mm_zalloc,
1709 (ssh_packet_comp_free_func *)mm_zfree);
1710 }
1711
1712 return mon; 1666 return mon;
1713} 1667}
1714 1668