diff options
author | djm@openbsd.org <djm@openbsd.org> | 2016-09-28 16:33:06 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-09-29 03:11:32 +1000 |
commit | 0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f (patch) | |
tree | b0271896ec4d6c0e716821954212677438824a05 /sshconnect2.c | |
parent | 27c3a9c2aede2184856b5de1e6eca414bb751c38 (diff) |
upstream commit
Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea in terms of both cryptography (cf. multiple
compression oracle attacks in TLS) and attack surface.
Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.
Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@
NB. pre-auth authentication has been disabled by default in sshd
for >10 years.
Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 5e7d07dc5..a633e76cb 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.248 2016/09/22 02:29:57 dtucker Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.249 2016/09/28 16:33:07 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -174,7 +174,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
174 | compat_cipher_proposal(options.ciphers); | 174 | compat_cipher_proposal(options.ciphers); |
175 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = | 175 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = |
176 | myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? | 176 | myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? |
177 | "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib"; | 177 | "zlib@openssh.com,none" : "none,zlib@openssh.com"; |
178 | myproposal[PROPOSAL_MAC_ALGS_CTOS] = | 178 | myproposal[PROPOSAL_MAC_ALGS_CTOS] = |
179 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; | 179 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; |
180 | if (options.hostkeyalgorithms != NULL) { | 180 | if (options.hostkeyalgorithms != NULL) { |