New upstream release (7.3p1).

author: Colin Watson <cjwatson@debian.org> 2016-08-06 10:49:59 +0100
committer: Colin Watson <cjwatson@debian.org> 2016-08-07 12:18:58 +0100
commit: 477bb7636238c106f8cd7c868a8c0c5eabcfb3db (patch)
tree: 601176af2ecf358c36b766776a86845ad7a3cd6f /sshd.c
parent: 747fac2de0d889183f67f6900194c0462c558544 (diff)
parent: 4c914ccd85bbf391c4dc61b85e3c178fef465e3f (diff)
1 files changed, 121 insertions, 58 deletions
diff --git a/sshd.c b/sshd.c
index 8802d18b2..868df9e65 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.465 2016/02/15 09:47:49 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.470 2016/05/24 04:43:45 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -386,7 +386,8 @@ grace_alarm_handler(int sig)
        }
        /* Log error and exit. */
-        sigdie("Timeout before authentication for %s", get_remote_ipaddr());
+        sigdie("Timeout before authentication for %s port %d",
+            ssh_remote_ipaddr(active_state), ssh_remote_port(active_state));
 }
 /*
@@ -422,7 +423,7 @@ key_regeneration_alarm(int sig)
 }
 static void
-sshd_exchange_identification(int sock_in, int sock_out)
+sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
 {
        u_int i;
        int mismatch;
@@ -455,7 +456,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
        if (atomicio(vwrite, sock_out, server_version_string,
            strlen(server_version_string))
            != strlen(server_version_string)) {
-                logit("Could not write ident string to %s", get_remote_ipaddr());
+                logit("Could not write ident string to %s port %d",
+                    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
                cleanup_exit(255);
        }
@@ -463,8 +465,9 @@ sshd_exchange_identification(int sock_in, int sock_out)
        memset(buf, 0, sizeof(buf));
        for (i = 0; i < sizeof(buf) - 1; i++) {
                if (atomicio(read, sock_in, &buf[i], 1) != 1) {
-                        logit("Did not receive identification string from %s",
+                        logit("Did not receive identification string "
-                            get_remote_ipaddr());
+                            "from %s port %d",
+                            ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
                        cleanup_exit(255);
                }
                if (buf[i] == '\r') {
@@ -493,7 +496,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
                (void) atomicio(vwrite, sock_out, s, strlen(s));
                logit("Bad protocol version identification '%.100s' "
                    "from %s port %d", client_version_string,
-                    get_remote_ipaddr(), get_remote_port());
+                    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
                close(sock_in);
                close(sock_out);
                cleanup_exit(255);
@@ -501,23 +504,25 @@ sshd_exchange_identification(int sock_in, int sock_out)
        debug("Client protocol version %d.%d; client software version %.100s",
            remote_major, remote_minor, remote_version);
-        active_state->compat = compat_datafellows(remote_version);
+        ssh->compat = compat_datafellows(remote_version);
-        if ((datafellows & SSH_BUG_PROBE) != 0) {
+        if ((ssh->compat & SSH_BUG_PROBE) != 0) {
-                logit("probed from %s with %s.  Don't panic.",
+                logit("probed from %s port %d with %s.  Don't panic.",
-                    get_remote_ipaddr(), client_version_string);
+                    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
+                    client_version_string);
                cleanup_exit(255);
        }
-        if ((datafellows & SSH_BUG_SCANNER) != 0) {
+        if ((ssh->compat & SSH_BUG_SCANNER) != 0) {
-                logit("scanned from %s with %s.  Don't panic.",
+                logit("scanned from %s port %d with %s.  Don't panic.",
-                    get_remote_ipaddr(), client_version_string);
+                    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
+                    client_version_string);
                cleanup_exit(255);
        }
-        if ((datafellows & SSH_BUG_RSASIGMD5) != 0) {
+        if ((ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
                logit("Client version \"%.100s\" uses unsafe RSA signature "
                    "scheme; disabling use of RSA keys", remote_version);
        }
-        if ((datafellows & SSH_BUG_DERIVEKEY) != 0) {
+        if ((ssh->compat & SSH_BUG_DERIVEKEY) != 0) {
                fatal("Client version \"%.100s\" uses unsafe key agreement; "
                    "refusing connection", remote_version);
        }
@@ -562,8 +567,9 @@ sshd_exchange_identification(int sock_in, int sock_out)
                (void) atomicio(vwrite, sock_out, s, strlen(s));
                close(sock_in);
                close(sock_out);
-                logit("Protocol major versions differ for %s: %.200s vs. %.200s",
+                logit("Protocol major versions differ for %s port %d: "
-                    get_remote_ipaddr(),
+                    "%.200s vs. %.200s",
+                    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
                    server_version_string, client_version_string);
                cleanup_exit(255);
        }
@@ -855,8 +861,8 @@ list_hostkey_types(void)
                        break;
                }
        }
-        buffer_append(&b, "\0", 1);
+        if ((ret = sshbuf_dup_string(&b)) == NULL)
-        ret = xstrdup(buffer_ptr(&b));
+                fatal("%s: sshbuf_dup_string failed", __func__);
        buffer_free(&b);
        debug("list_hostkey_types: %s", ret);
        return ret;
@@ -1037,12 +1043,13 @@ usage(void)
 }
 static void
-send_rexec_state(int fd, Buffer *conf)
+send_rexec_state(int fd, struct sshbuf *conf)
 {
-        Buffer m;
+        struct sshbuf *m;
+        int r;
-        debug3("%s: entering fd = %d config len %d", __func__, fd,
+        debug3("%s: entering fd = %d config len %zu", __func__, fd,
-            buffer_len(conf));
+            sshbuf_len(conf));
        /*
         * Protocol from reexec master to child:
@@ -1056,31 +1063,41 @@ send_rexec_state(int fd, Buffer *conf)
         *      bignum  q                       "
         *      string rngseed          (only if OpenSSL is not self-seeded)
         */
-        buffer_init(&m);
+        if ((m = sshbuf_new()) == NULL)
-        buffer_put_cstring(&m, buffer_ptr(conf));
+                fatal("%s: sshbuf_new failed", __func__);
+        if ((r = sshbuf_put_stringb(m, conf)) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
 #ifdef WITH_SSH1
        if (sensitive_data.server_key != NULL &&
            sensitive_data.server_key->type == KEY_RSA1) {
-                buffer_put_int(&m, 1);
+                if ((r = sshbuf_put_u32(m, 1)) != 0 ||
-                buffer_put_bignum(&m, sensitive_data.server_key->rsa->e);
+                    (r = sshbuf_put_bignum1(m,
-                buffer_put_bignum(&m, sensitive_data.server_key->rsa->n);
+                    sensitive_data.server_key->rsa->e)) != 0 ||
-                buffer_put_bignum(&m, sensitive_data.server_key->rsa->d);
+                    (r = sshbuf_put_bignum1(m,
-                buffer_put_bignum(&m, sensitive_data.server_key->rsa->iqmp);
+                    sensitive_data.server_key->rsa->n)) != 0 ||
-                buffer_put_bignum(&m, sensitive_data.server_key->rsa->p);
+                    (r = sshbuf_put_bignum1(m,
-                buffer_put_bignum(&m, sensitive_data.server_key->rsa->q);
+                    sensitive_data.server_key->rsa->d)) != 0 ||
+                    (r = sshbuf_put_bignum1(m,
+                    sensitive_data.server_key->rsa->iqmp)) != 0 ||
+                    (r = sshbuf_put_bignum1(m,
+                    sensitive_data.server_key->rsa->p)) != 0 ||
+                    (r = sshbuf_put_bignum1(m,
+                    sensitive_data.server_key->rsa->q)) != 0)
+                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
        } else
 #endif
-                buffer_put_int(&m, 0);
+                if ((r = sshbuf_put_u32(m, 1)) != 0)
+                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
 #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
-        rexec_send_rng_seed(&m);
+        rexec_send_rng_seed(m);
 #endif
-        if (ssh_msg_send(fd, 0, &m) == -1)
+        if (ssh_msg_send(fd, 0, m) == -1)
                fatal("%s: ssh_msg_send failed", __func__);
-        buffer_free(&m);
+        sshbuf_free(m);
        debug3("%s: done", __func__);
 }
@@ -1103,7 +1120,7 @@ recv_rexec_state(int fd, Buffer *conf)
        cp = buffer_get_string(&m, &len);
        if (conf != NULL)
-                buffer_append(conf, cp, len + 1);
+                buffer_append(conf, cp, len);
        free(cp);
        if (buffer_get_int(&m)) {
@@ -1468,6 +1485,47 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
        }
 }
+/*
+ * If IP options are supported, make sure there are none (log and
+ * return an error if any are found).  Basically we are worried about
+ * source routing; it can be used to pretend you are somebody
+ * (ip-address) you are not. That itself may be "almost acceptable"
+ * under certain circumstances, but rhosts autentication is useless
+ * if source routing is accepted. Notice also that if we just dropped
+ * source routing here, the other side could use IP spoofing to do
+ * rest of the interaction and could still bypass security.  So we
+ * exit here if we detect any IP options.
+ */
+static void
+check_ip_options(struct ssh *ssh)
+{
+#ifdef IP_OPTIONS
+        int sock_in = ssh_packet_get_connection_in(ssh);
+        struct sockaddr_storage from;
+        socklen_t option_size, i, fromlen = sizeof(from);
+        u_char opts[200];
+        char text[sizeof(opts) * 3 + 1];
+        memset(&from, 0, sizeof(from));
+        if (getpeername(sock_in, (struct sockaddr *)&from,
+            &fromlen) < 0)
+                return;
+        if (from.ss_family != AF_INET)
+                return;
+        /* XXX IPv6 options? */
+        if (getsockopt(sock_in, IPPROTO_IP, IP_OPTIONS, opts,
+            &option_size) >= 0 && option_size != 0) {
+                text[0] = '\0';
+                for (i = 0; i < option_size; i++)
+                        snprintf(text + i*3, sizeof(text) - i*3,
+                            " %2.2x", opts[i]);
+                fatal("Connection from %.100s port %d with IP opts: %.800s",
+                    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text);
+        }
+        return;
+#endif /* IP_OPTIONS */
+}
 /*
 * Main program for the daemon.
@@ -1475,6 +1533,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 int
 main(int ac, char **av)
 {
+        struct ssh *ssh = NULL;
        extern char *optarg;
        extern int optind;
        int r, opt, i, j, on = 1;
@@ -2152,28 +2211,25 @@ main(int ac, char **av)
         */
        packet_set_connection(sock_in, sock_out);
        packet_set_server();
+        ssh = active_state; /* XXX */
+        check_ip_options(ssh);
        /* Set SO_KEEPALIVE if requested. */
        if (options.tcp_keep_alive && packet_connection_is_on_socket() &&
            setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0)
                error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
-        if ((remote_port = get_remote_port()) < 0) {
+        if ((remote_port = ssh_remote_port(ssh)) < 0) {
-                debug("get_remote_port failed");
+                debug("ssh_remote_port failed");
                cleanup_exit(255);
        }
        /*
-         * We use get_canonical_hostname with usedns = 0 instead of
-         * get_remote_ipaddr here so IP options will be checked.
-         */
-        (void) get_canonical_hostname(0);
-        /*
         * The rest of the code depends on the fact that
-         * get_remote_ipaddr() caches the remote ip, even if
+         * ssh_remote_ipaddr() caches the remote ip, even if
         * the socket goes away.
         */
-        remote_ip = get_remote_ipaddr();
+        remote_ip = ssh_remote_ipaddr(ssh);
 #ifdef SSH_AUDIT_EVENTS
        audit_connection_from(remote_ip, remote_port);
@@ -2200,7 +2256,7 @@ main(int ac, char **av)
        /* Log the connection. */
        laddr = get_local_ipaddr(sock_in);
        verbose("Connection from %s port %d on %s port %d",
-            remote_ip, remote_port, laddr,  get_local_port());
+            remote_ip, remote_port, laddr,  ssh_local_port(ssh));
        free(laddr);
 #ifdef USE_SECURITY_SESSION_API
@@ -2269,7 +2325,7 @@ main(int ac, char **av)
        if (!debug_flag)
                alarm(options.login_grace_time);
-        sshd_exchange_identification(sock_in, sock_out);
+        sshd_exchange_identification(ssh, sock_in, sock_out);
        /* In inetd mode, generate ephemeral key only for proto 1 connections */
        if (!compat20 && inetd_flag && sensitive_data.server_key == NULL)
@@ -2405,6 +2461,7 @@ main(int ac, char **av)
 int
 ssh1_session_key(BIGNUM *session_key_int)
 {
+        struct ssh *ssh = active_state; /* XXX */
        int rsafail = 0;
        if (BN_cmp(sensitive_data.server_key->rsa->n,
@@ -2413,9 +2470,9 @@ ssh1_session_key(BIGNUM *session_key_int)
                if (BN_num_bits(sensitive_data.server_key->rsa->n) <
                    BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
                    SSH_KEY_BITS_RESERVED) {
-                        fatal("do_connection: %s: "
+                        fatal("do_connection: %s port %d: "
                            "server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d",
-                            get_remote_ipaddr(),
+                            ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
                            BN_num_bits(sensitive_data.server_key->rsa->n),
                            BN_num_bits(sensitive_data.ssh1_host_key->rsa->n),
                            SSH_KEY_BITS_RESERVED);
@@ -2431,9 +2488,9 @@ ssh1_session_key(BIGNUM *session_key_int)
                if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) <
                    BN_num_bits(sensitive_data.server_key->rsa->n) +
                    SSH_KEY_BITS_RESERVED) {
-                        fatal("do_connection: %s: "
+                        fatal("do_connection: %s port %d: "
                            "host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d",
-                            get_remote_ipaddr(),
+                            ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
                            BN_num_bits(sensitive_data.ssh1_host_key->rsa->n),
                            BN_num_bits(sensitive_data.server_key->rsa->n),
                            SSH_KEY_BITS_RESERVED);
@@ -2454,6 +2511,7 @@ ssh1_session_key(BIGNUM *session_key_int)
 static void
 do_ssh1_kex(void)
 {
+        struct ssh *ssh = active_state; /* XXX */
        int i, len;
        int rsafail = 0;
        BIGNUM *session_key_int, *fake_key_int, *real_key_int;
@@ -2571,9 +2629,10 @@ do_ssh1_kex(void)
        (void) BN_mask_bits(session_key_int, sizeof(session_key) * 8);
        len = BN_num_bytes(session_key_int);
        if (len < 0 || (u_int)len > sizeof(session_key)) {
-                error("do_ssh1_kex: bad session key len from %s: "
+                error("%s: bad session key len from %s port %d: "
-                    "session_key_int %d > sizeof(session_key) %lu",
+                    "session_key_int %d > sizeof(session_key) %lu", __func__,
-                    get_remote_ipaddr(), len, (u_long)sizeof(session_key));
+                    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
+                    len, (u_long)sizeof(session_key));
                rsafail++;
        } else {
                explicit_bzero(session_key, sizeof(session_key));
@@ -2664,10 +2723,11 @@ do_ssh2_kex(void)
        if (options.compression == COMP_NONE) {
                myproposal[PROPOSAL_COMP_ALGS_CTOS] =
-                myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
+                    myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
        } else if (options.compression == COMP_DELAYED) {
                myproposal[PROPOSAL_COMP_ALGS_CTOS] =
-                myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
+                    myproposal[PROPOSAL_COMP_ALGS_STOC] =
+                    "none,zlib@openssh.com";
        }
        if (options.rekey_limit || options.rekey_interval)
@@ -2726,6 +2786,9 @@ do_ssh2_kex(void)
 #ifdef WITH_OPENSSL
        kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
        kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
+        kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
+        kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
+        kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
        kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
        kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
 # ifdef OPENSSL_HAS_ECC
author	Colin Watson <cjwatson@debian.org>	2016-08-06 10:49:59 +0100
committer	Colin Watson <cjwatson@debian.org>	2016-08-07 12:18:58 +0100
commit	477bb7636238c106f8cd7c868a8c0c5eabcfb3db (patch)
tree	601176af2ecf358c36b766776a86845ad7a3cd6f /sshd.c
parent	747fac2de0d889183f67f6900194c0462c558544 (diff)
parent	4c914ccd85bbf391c4dc61b85e3c178fef465e3f (diff)