New upstream release (7.5p1)

author: Colin Watson <cjwatson@debian.org> 2017-04-02 01:26:17 +0100
committer: Colin Watson <cjwatson@debian.org> 2017-04-02 01:54:08 +0100
commit: 20adc7e0fc13ff9c7d270db250aac1fa140e3851 (patch)
tree: 5d9f06b0ff195db88093037d9102f0cdcf3884c6 /packet.c
parent: af27669f905133925224acc753067dea710881dd (diff)
parent: ec338656a3d6b21bb87f3b6367b232d297f601e5 (diff)
1 files changed, 55 insertions, 25 deletions
diff --git a/packet.c b/packet.c
index ad1f6b497..2f3a2ec70 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.243 2016/10/11 21:47:45 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.247 2017/03/11 13:07:35 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -353,6 +353,25 @@ ssh_packet_get_mux(struct ssh *ssh)
 }
 int
+ssh_packet_set_log_preamble(struct ssh *ssh, const char *fmt, ...)
+{
+        va_list args;
+        int r;
+        free(ssh->log_preamble);
+        if (fmt == NULL)
+                ssh->log_preamble = NULL;
+        else {
+                va_start(args, fmt);
+                r = vasprintf(&ssh->log_preamble, fmt, args);
+                va_end(args);
+                if (r < 0 || ssh->log_preamble == NULL)
+                        return SSH_ERR_ALLOC_FAIL;
+        }
+        return 0;
+}
+int
 ssh_packet_stop_discard(struct ssh *ssh)
 {
        struct session_state *state = ssh->state;
@@ -1049,7 +1068,7 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
        /* Time-based rekeying */
        if (state->rekey_interval != 0 &&
-            state->rekey_time + state->rekey_interval <= monotime())
+            (int64_t)state->rekey_time + state->rekey_interval <= monotime())
                return 1;
        /* Always rekey when MAX_PACKETS sent in either direction */
@@ -1447,8 +1466,10 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
                                break;
                        }
                }
-                if (r == 0)
+                if (r == 0) {
-                        return SSH_ERR_CONN_TIMEOUT;
+                        r = SSH_ERR_CONN_TIMEOUT;
+                        goto out;
+                }
                /* Read data from the socket. */
                len = read(state->connection_in, buf, sizeof(buf));
                if (len == 0) {
@@ -1829,11 +1850,11 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
                        if (r != SSH_ERR_MAC_INVALID)
                                goto out;
                        logit("Corrupted MAC on input.");
-                        if (need > PACKET_MAX_SIZE)
+                        if (need + block_size > PACKET_MAX_SIZE)
                                return SSH_ERR_INTERNAL_ERROR;
                        return ssh_packet_start_discard(ssh, enc, mac,
                            sshbuf_len(state->incoming_packet),
-                            PACKET_MAX_SIZE - need);
+                            PACKET_MAX_SIZE - need - block_size);
                }
                /* Remove MAC from input buffer */
                DBG(debug("MAC #%d ok", state->p_read.seqnr));
@@ -2074,27 +2095,36 @@ ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...)
                fatal("%s: %s", __func__, ssh_err(r));
 }
+static void
+fmt_connection_id(struct ssh *ssh, char *s, size_t l)
+{
+        snprintf(s, l, "%.200s%s%s port %d",
+            ssh->log_preamble ? ssh->log_preamble : "",
+            ssh->log_preamble ? " " : "",
+            ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
+}
 /*
 * Pretty-print connection-terminating errors and exit.
 */
 void
 sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
 {
+        char remote_id[512];
+        fmt_connection_id(ssh, remote_id, sizeof(remote_id));
        switch (r) {
        case SSH_ERR_CONN_CLOSED:
-                logdie("Connection closed by %.200s port %d",
+                logdie("Connection closed by %s", remote_id);
-                    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
        case SSH_ERR_CONN_TIMEOUT:
-                logdie("Connection %s %.200s port %d timed out",
+                logdie("Connection %s %s timed out",
-                    ssh->state->server_side ? "from" : "to",
+                    ssh->state->server_side ? "from" : "to", remote_id);
-                    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
        case SSH_ERR_DISCONNECTED:
-                logdie("Disconnected from %.200s port %d",
+                logdie("Disconnected from %s", remote_id);
-                    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
        case SSH_ERR_SYSTEM_ERROR:
                if (errno == ECONNRESET)
-                        logdie("Connection reset by %.200s port %d",
+                        logdie("Connection reset by %s", remote_id);
-                            ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
                /* FALLTHROUGH */
        case SSH_ERR_NO_CIPHER_ALG_MATCH:
        case SSH_ERR_NO_MAC_ALG_MATCH:
@@ -2102,17 +2132,16 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
        case SSH_ERR_NO_KEX_ALG_MATCH:
        case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
                if (ssh && ssh->kex && ssh->kex->failed_choice) {
-                        logdie("Unable to negotiate with %.200s port %d: %s. "
+                        logdie("Unable to negotiate with %s: %s. "
-                            "Their offer: %s", ssh_remote_ipaddr(ssh),
+                            "Their offer: %s", remote_id, ssh_err(r),
-                            ssh_remote_port(ssh), ssh_err(r),
                            ssh->kex->failed_choice);
                }
                /* FALLTHROUGH */
        default:
-                logdie("%s%sConnection %s %.200s port %d: %s",
+                logdie("%s%sConnection %s %s: %s",
                    tag != NULL ? tag : "", tag != NULL ? ": " : "",
                    ssh->state->server_side ? "from" : "to",
-                    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), ssh_err(r));
+                    remote_id, ssh_err(r));
        }
 }
@@ -2125,7 +2154,7 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
 void
 ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...)
 {
-        char buf[1024];
+        char buf[1024], remote_id[512];
        va_list args;
        static int disconnecting = 0;
        int r;
@@ -2138,12 +2167,13 @@ ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...)
         * Format the message.  Note that the caller must make sure the
         * message is of limited size.
         */
+        fmt_connection_id(ssh, remote_id, sizeof(remote_id));
        va_start(args, fmt);
        vsnprintf(buf, sizeof(buf), fmt, args);
        va_end(args);
        /* Display the error locally */
-        logit("Disconnecting: %.100s", buf);
+        logit("Disconnecting %s: %.100s", remote_id, buf);
        /*
         * Send the disconnect message to the other side, and wait
@@ -2396,10 +2426,10 @@ ssh_packet_send_ignore(struct ssh *ssh, int nbytes)
 }
 void
-ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds)
+ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, u_int32_t seconds)
 {
-        debug3("rekey after %llu bytes, %d seconds", (unsigned long long)bytes,
+        debug3("rekey after %llu bytes, %u seconds", (unsigned long long)bytes,
-            (int)seconds);
+            (unsigned int)seconds);
        ssh->state->rekey_limit = bytes;
        ssh->state->rekey_interval = seconds;
 }
author	Colin Watson <cjwatson@debian.org>	2017-04-02 01:26:17 +0100
committer	Colin Watson <cjwatson@debian.org>	2017-04-02 01:54:08 +0100
commit	20adc7e0fc13ff9c7d270db250aac1fa140e3851 (patch)
tree	5d9f06b0ff195db88093037d9102f0cdcf3884c6 /packet.c
parent	af27669f905133925224acc753067dea710881dd (diff)
parent	ec338656a3d6b21bb87f3b6367b232d297f601e5 (diff)