- OpenBSD CVS updates.

[ssh.1 ssh.c] - ssh -2 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c] [session.c sshconnect.c] - check payload for (illegal) extra data [ALL] - whitespace cleanup
author: Damien Miller <djm@mindrot.org> 2000-04-16 11:18:38 +1000
committer: Damien Miller <djm@mindrot.org> 2000-04-16 11:18:38 +1000
commit: 4af51306d9a51459a5bef922df1037f876ae51fe (patch)
tree: 09ecfc215fce82345a3259f8a0f384b9a67906f0 /sshconnect.c
parent: 5d1705ecf9bd3216dc99a84242bcdf2e7297d307 (diff)
1 files changed, 34 insertions, 22 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 675de6102..bca0bf43a 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.66 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.68 2000/04/14 10:30:33 markus Exp $");
 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
@@ -250,7 +250,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
                        debug("Trying again...");
                /* Loop through addresses for this host, and try each one in
-                   sequence until the connection succeeds. */
+                   sequence until the connection succeeds. */
                for (ai = aitop; ai; ai = ai->ai_next) {
                        if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
                                continue;
@@ -264,7 +264,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
                                host, ntop, strport);
                        /* Create a socket for connecting. */
-                        sock = ssh_create_socket(original_real_uid, 
+                        sock = ssh_create_socket(original_real_uid,
                            !anonymous && geteuid() == 0 && port < IPPORT_RESERVED,
                            ai->ai_family);
                        if (sock < 0)
@@ -1059,7 +1059,7 @@ ssh_exchange_identification()
                        break;
                }
                /* FALLTHROUGH */
-        default: 
+        default:
                mismatch = 1;
                break;
        }
@@ -1363,13 +1363,13 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        debug("Sending KEX init.");
        if (options.ciphers != NULL) {
-                myproposal[PROPOSAL_ENC_ALGS_CTOS] = 
+                myproposal[PROPOSAL_ENC_ALGS_CTOS] =
                myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
        } else if (
            options.cipher == SSH_CIPHER_ARCFOUR ||
-            options.cipher == SSH_CIPHER_3DES_CBC ||
+            options.cipher == SSH_CIPHER_3DES_CBC ||
-            options.cipher == SSH_CIPHER_CAST128_CBC ||
+            options.cipher == SSH_CIPHER_CAST128_CBC ||
-            options.cipher == SSH_CIPHER_BLOWFISH_CBC) {
+            options.cipher == SSH_CIPHER_BLOWFISH_CBC) {
                myproposal[PROPOSAL_ENC_ALGS_CTOS] =
                myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher);
        }
@@ -1411,6 +1411,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        debug("first kex follow == %d", i);
        i = packet_get_int();
        debug("reserved == %d", i);
+        packet_done();
        debug("done read kexinit");
        kex = kex_choose_conf(cprop, sprop, 0);
@@ -1434,7 +1435,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        fprintf(stderr, "\npub= ");
        bignum_print(dh->pub_key);
        fprintf(stderr, "\n");
-        DHparams_print_fp(stderr, dh);
+        DHparams_print_fp(stderr, dh);
 #endif
        debug("Wait SSH2_MSG_KEXDH_REPLY.");
@@ -1466,6 +1467,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        /* signed H */
        signature = packet_get_string(&slen);
+        packet_done();
        if (!dh_pub_is_valid(dh, dh_server_pub))
                packet_disconnect("bad server public DH value");
@@ -1475,14 +1477,14 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        kout = DH_compute_key(kbuf, dh_server_pub, dh);
 #ifdef DEBUG_KEXDH
        debug("shared secret: len %d/%d", klen, kout);
-        fprintf(stderr, "shared secret == ");
+        fprintf(stderr, "shared secret == ");
-        for (i = 0; i< kout; i++)
+        for (i = 0; i< kout; i++)
-                fprintf(stderr, "%02x", (kbuf[i])&0xff);
+                fprintf(stderr, "%02x", (kbuf[i])&0xff);
-        fprintf(stderr, "\n");
+        fprintf(stderr, "\n");
 #endif
-        shared_secret = BN_new();
+        shared_secret = BN_new();
-        BN_bin2bn(kbuf, kout, shared_secret);
+        BN_bin2bn(kbuf, kout, shared_secret);
        memset(kbuf, 0, klen);
        xfree(kbuf);
@@ -1502,10 +1504,10 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        xfree(client_kexinit);
        xfree(server_kexinit);
 #ifdef DEBUG_KEXDH
-        fprintf(stderr, "hash == ");
+        fprintf(stderr, "hash == ");
-        for (i = 0; i< 20; i++)
+        for (i = 0; i< 20; i++)
-                fprintf(stderr, "%02x", (hash[i])&0xff);
+                fprintf(stderr, "%02x", (hash[i])&0xff);
-        fprintf(stderr, "\n");
+        fprintf(stderr, "\n");
 #endif
        dsa_verify(server_host_key, (unsigned char *)signature, slen, hash, 20);
        key_free(server_host_key);
@@ -1518,6 +1520,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        debug("Wait SSH2_MSG_NEWKEYS.");
        packet_read_expect(&payload_len, SSH2_MSG_NEWKEYS);
+        packet_done();
        debug("GOT SSH2_MSG_NEWKEYS.");
        debug("send SSH2_MSG_NEWKEYS.");
@@ -1551,7 +1554,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
        char *server_user, *local_user;
        char *auths;
        char *password;
-        char *service = "ssh-connection";               // service name
+        char *service = "ssh-connection";               /* service name */
        debug("send SSH2_MSG_SERVICE_REQUEST");
        packet_start(SSH2_MSG_SERVICE_REQUEST);
@@ -1563,8 +1566,15 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
        if (type != SSH2_MSG_SERVICE_ACCEPT) {
                fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
        }
-        /* payload empty for ssh-2.0.13 ?? */
+        if (packet_remaining() > 0) {
-        /* reply = packet_get_string(&payload_len); */
+                char *reply = packet_get_string(&plen);
+                debug("service_accept: %s", reply);
+                xfree(reply);
+        } else {
+                /* payload empty for ssh-2.0.13 ?? */
+                log("buggy server: service_accept w/o service");
+        }
+        packet_done();
        debug("got SSH2_MSG_SERVICE_ACCEPT");
        /*XX COMMONCODE: */
@@ -1593,6 +1603,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
                auths = packet_get_string(&dlen);
                debug("authentications that can continue: %s", auths);
                partial = packet_get_char();
+                packet_done();
                if (partial)
                        debug("partial success");
                if (strstr(auths, "password") == NULL)
@@ -1613,6 +1624,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
                packet_send();
                packet_write_wait();
        }
+        packet_done();
        debug("ssh-userauth2 successfull");
 }
author	Damien Miller <djm@mindrot.org>	2000-04-16 11:18:38 +1000
committer	Damien Miller <djm@mindrot.org>	2000-04-16 11:18:38 +1000
commit	4af51306d9a51459a5bef922df1037f876ae51fe (patch)
tree	09ecfc215fce82345a3259f8a0f384b9a67906f0 /sshconnect.c
parent	5d1705ecf9bd3216dc99a84242bcdf2e7297d307 (diff)