diff options
-rw-r--r-- | auth2-hostbased.c | 8 | ||||
-rw-r--r-- | auth2-pubkey.c | 47 | ||||
-rw-r--r-- | auth2.c | 4 | ||||
-rw-r--r-- | authfd.c | 4 | ||||
-rw-r--r-- | channels.c | 45 | ||||
-rw-r--r-- | clientloop.c | 15 | ||||
-rw-r--r-- | compat.c | 71 | ||||
-rw-r--r-- | compat.h | 28 | ||||
-rw-r--r-- | kex.c | 8 | ||||
-rw-r--r-- | monitor.c | 21 | ||||
-rw-r--r-- | serverloop.c | 8 | ||||
-rw-r--r-- | ssh-agent.c | 4 | ||||
-rw-r--r-- | ssh-dss.c | 81 | ||||
-rw-r--r-- | ssh.c | 4 | ||||
-rw-r--r-- | sshconnect.c | 5 | ||||
-rw-r--r-- | sshconnect2.c | 55 | ||||
-rw-r--r-- | sshd.c | 6 |
17 files changed, 111 insertions, 303 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 8112cfaa3..8996f7e05 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-hostbased.c,v 1.32 2017/12/18 02:25:15 djm Exp $ */ | 1 | /* $OpenBSD: auth2-hostbased.c,v 1.33 2018/01/23 05:27:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -62,7 +62,7 @@ userauth_hostbased(struct ssh *ssh) | |||
62 | Authctxt *authctxt = ssh->authctxt; | 62 | Authctxt *authctxt = ssh->authctxt; |
63 | struct sshbuf *b; | 63 | struct sshbuf *b; |
64 | struct sshkey *key = NULL; | 64 | struct sshkey *key = NULL; |
65 | char *pkalg, *cuser, *chost, *service; | 65 | char *pkalg, *cuser, *chost; |
66 | u_char *pkblob, *sig; | 66 | u_char *pkblob, *sig; |
67 | size_t alen, blen, slen; | 67 | size_t alen, blen, slen; |
68 | int r, pktype, authenticated = 0; | 68 | int r, pktype, authenticated = 0; |
@@ -118,15 +118,13 @@ userauth_hostbased(struct ssh *ssh) | |||
118 | goto done; | 118 | goto done; |
119 | } | 119 | } |
120 | 120 | ||
121 | service = ssh->compat & SSH_BUG_HBSERVICE ? "ssh-userauth" : | ||
122 | authctxt->service; | ||
123 | if ((b = sshbuf_new()) == NULL) | 121 | if ((b = sshbuf_new()) == NULL) |
124 | fatal("%s: sshbuf_new failed", __func__); | 122 | fatal("%s: sshbuf_new failed", __func__); |
125 | /* reconstruct packet */ | 123 | /* reconstruct packet */ |
126 | if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || | 124 | if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || |
127 | (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || | 125 | (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || |
128 | (r = sshbuf_put_cstring(b, authctxt->user)) != 0 || | 126 | (r = sshbuf_put_cstring(b, authctxt->user)) != 0 || |
129 | (r = sshbuf_put_cstring(b, service)) != 0 || | 127 | (r = sshbuf_put_cstring(b, authctxt->service)) != 0 || |
130 | (r = sshbuf_put_cstring(b, "hostbased")) != 0 || | 128 | (r = sshbuf_put_cstring(b, "hostbased")) != 0 || |
131 | (r = sshbuf_put_string(b, pkalg, alen)) != 0 || | 129 | (r = sshbuf_put_string(b, pkalg, alen)) != 0 || |
132 | (r = sshbuf_put_string(b, pkblob, blen)) != 0 || | 130 | (r = sshbuf_put_string(b, pkblob, blen)) != 0 || |
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 0713a9de8..e64982283 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-pubkey.c,v 1.74 2017/12/21 00:00:28 djm Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.75 2018/01/23 05:27:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -100,26 +100,10 @@ userauth_pubkey(struct ssh *ssh) | |||
100 | debug2("%s: disabled because of invalid user", __func__); | 100 | debug2("%s: disabled because of invalid user", __func__); |
101 | return 0; | 101 | return 0; |
102 | } | 102 | } |
103 | if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0) | 103 | if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 || |
104 | fatal("%s: sshpkt_get_u8 failed: %s", __func__, ssh_err(r)); | 104 | (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || |
105 | if (ssh->compat & SSH_BUG_PKAUTH) { | 105 | (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0) |
106 | debug2("%s: SSH_BUG_PKAUTH", __func__); | 106 | fatal("%s: parse request failed: %s", __func__, ssh_err(r)); |
107 | if ((b = sshbuf_new()) == NULL) | ||
108 | fatal("%s: sshbuf_new failed", __func__); | ||
109 | /* no explicit pkalg given */ | ||
110 | /* so we have to extract the pkalg from the pkblob */ | ||
111 | /* XXX use sshbuf_from() */ | ||
112 | if ((r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 || | ||
113 | (r = sshbuf_put(b, pkblob, blen)) != 0 || | ||
114 | (r = sshbuf_get_cstring(b, &pkalg, NULL)) != 0) | ||
115 | fatal("%s: failed: %s", __func__, ssh_err(r)); | ||
116 | sshbuf_free(b); | ||
117 | } else { | ||
118 | if ((r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || | ||
119 | (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0) | ||
120 | fatal("%s: sshpkt_get_cstring failed: %s", | ||
121 | __func__, ssh_err(r)); | ||
122 | } | ||
123 | pktype = sshkey_type_from_name(pkalg); | 107 | pktype = sshkey_type_from_name(pkalg); |
124 | if (pktype == KEY_UNSPEC) { | 108 | if (pktype == KEY_UNSPEC) { |
125 | /* this is perfectly legal */ | 109 | /* this is perfectly legal */ |
@@ -188,22 +172,11 @@ userauth_pubkey(struct ssh *ssh) | |||
188 | authctxt->style ? authctxt->style : ""); | 172 | authctxt->style ? authctxt->style : ""); |
189 | if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || | 173 | if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || |
190 | (r = sshbuf_put_cstring(b, userstyle)) != 0 || | 174 | (r = sshbuf_put_cstring(b, userstyle)) != 0 || |
191 | (r = sshbuf_put_cstring(b, ssh->compat & SSH_BUG_PKSERVICE ? | 175 | (r = sshbuf_put_cstring(b, authctxt->service)) != 0 || |
192 | "ssh-userauth" : authctxt->service)) != 0) | 176 | (r = sshbuf_put_cstring(b, "publickey")) != 0 || |
193 | fatal("%s: build packet failed: %s", | 177 | (r = sshbuf_put_u8(b, have_sig)) != 0 || |
194 | __func__, ssh_err(r)); | 178 | (r = sshbuf_put_cstring(b, pkalg) != 0) || |
195 | if (ssh->compat & SSH_BUG_PKAUTH) { | 179 | (r = sshbuf_put_string(b, pkblob, blen)) != 0) |
196 | if ((r = sshbuf_put_u8(b, have_sig)) != 0) | ||
197 | fatal("%s: build packet failed: %s", | ||
198 | __func__, ssh_err(r)); | ||
199 | } else { | ||
200 | if ((r = sshbuf_put_cstring(b, "publickey")) != 0 || | ||
201 | (r = sshbuf_put_u8(b, have_sig)) != 0 || | ||
202 | (r = sshbuf_put_cstring(b, pkalg) != 0)) | ||
203 | fatal("%s: build packet failed: %s", | ||
204 | __func__, ssh_err(r)); | ||
205 | } | ||
206 | if ((r = sshbuf_put_string(b, pkblob, blen)) != 0) | ||
207 | fatal("%s: build packet failed: %s", | 180 | fatal("%s: build packet failed: %s", |
208 | __func__, ssh_err(r)); | 181 | __func__, ssh_err(r)); |
209 | #ifdef DEBUG_PK | 182 | #ifdef DEBUG_PK |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2.c,v 1.143 2017/06/24 06:34:38 djm Exp $ */ | 1 | /* $OpenBSD: auth2.c,v 1.144 2018/01/23 05:27:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -153,7 +153,7 @@ userauth_banner(void) | |||
153 | { | 153 | { |
154 | char *banner = NULL; | 154 | char *banner = NULL; |
155 | 155 | ||
156 | if (options.banner == NULL || (datafellows & SSH_BUG_BANNER) != 0) | 156 | if (options.banner == NULL) |
157 | return; | 157 | return; |
158 | 158 | ||
159 | if ((banner = PRIVSEP(auth2_read_banner())) == NULL) | 159 | if ((banner = PRIVSEP(auth2_read_banner())) == NULL) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfd.c,v 1.105 2017/07/01 13:50:45 djm Exp $ */ | 1 | /* $OpenBSD: authfd.c,v 1.106 2018/01/23 05:27:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -353,8 +353,6 @@ ssh_agent_sign(int sock, const struct sshkey *key, | |||
353 | 353 | ||
354 | if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE) | 354 | if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE) |
355 | return SSH_ERR_INVALID_ARGUMENT; | 355 | return SSH_ERR_INVALID_ARGUMENT; |
356 | if (compat & SSH_BUG_SIGBLOB) | ||
357 | flags |= SSH_AGENT_OLD_SIGNATURE; | ||
358 | if ((msg = sshbuf_new()) == NULL) | 356 | if ((msg = sshbuf_new()) == NULL) |
359 | return SSH_ERR_ALLOC_FAIL; | 357 | return SSH_ERR_ALLOC_FAIL; |
360 | if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) | 358 | if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) |
diff --git a/channels.c b/channels.c index c2706ace7..1c381e0e2 100644 --- a/channels.c +++ b/channels.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.c,v 1.377 2017/12/05 01:30:19 djm Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.378 2018/01/23 05:27:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1582,13 +1582,8 @@ channel_post_x11_listener(struct ssh *ssh, Channel *c, | |||
1582 | SSH_CHANNEL_OPENING, newsock, newsock, -1, | 1582 | SSH_CHANNEL_OPENING, newsock, newsock, -1, |
1583 | c->local_window_max, c->local_maxpacket, 0, buf, 1); | 1583 | c->local_window_max, c->local_maxpacket, 0, buf, 1); |
1584 | open_preamble(ssh, __func__, nc, "x11"); | 1584 | open_preamble(ssh, __func__, nc, "x11"); |
1585 | if ((r = sshpkt_put_cstring(ssh, remote_ipaddr)) != 0) { | 1585 | if ((r = sshpkt_put_cstring(ssh, remote_ipaddr)) != 0 || |
1586 | fatal("%s: channel %i: reply %s", __func__, | 1586 | (r = sshpkt_put_u32(ssh, remote_port)) != 0) { |
1587 | c->self, ssh_err(r)); | ||
1588 | } | ||
1589 | if ((datafellows & SSH_BUG_X11FWD) != 0) | ||
1590 | debug2("channel %d: ssh2 x11 bug compat mode", nc->self); | ||
1591 | else if ((r = sshpkt_put_u32(ssh, remote_port)) != 0) { | ||
1592 | fatal("%s: channel %i: reply %s", __func__, | 1587 | fatal("%s: channel %i: reply %s", __func__, |
1593 | c->self, ssh_err(r)); | 1588 | c->self, ssh_err(r)); |
1594 | } | 1589 | } |
@@ -1824,15 +1819,13 @@ channel_post_connecting(struct ssh *ssh, Channel *c, | |||
1824 | if ((r = sshpkt_start(ssh, | 1819 | if ((r = sshpkt_start(ssh, |
1825 | SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 || | 1820 | SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 || |
1826 | (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || | 1821 | (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || |
1827 | (r = sshpkt_put_u32(ssh, SSH2_OPEN_CONNECT_FAILED)) | 1822 | (r = sshpkt_put_u32(ssh, |
1828 | != 0) | 1823 | SSH2_OPEN_CONNECT_FAILED)) != 0 || |
1829 | fatal("%s: channel %i: failure: %s", __func__, | 1824 | (r = sshpkt_put_cstring(ssh, strerror(err))) != 0 || |
1830 | c->self, ssh_err(r)); | 1825 | (r = sshpkt_put_cstring(ssh, "")) != 0) { |
1831 | if ((datafellows & SSH_BUG_OPENFAILURE) == 0 && | ||
1832 | ((r = sshpkt_put_cstring(ssh, strerror(err))) != 0 || | ||
1833 | (r = sshpkt_put_cstring(ssh, "")) != 0)) | ||
1834 | fatal("%s: channel %i: failure: %s", __func__, | 1826 | fatal("%s: channel %i: failure: %s", __func__, |
1835 | c->self, ssh_err(r)); | 1827 | c->self, ssh_err(r)); |
1828 | } | ||
1836 | if ((r = sshpkt_send(ssh)) != 0) | 1829 | if ((r = sshpkt_send(ssh)) != 0) |
1837 | fatal("%s: channel %i: %s", __func__, c->self, | 1830 | fatal("%s: channel %i: %s", __func__, c->self, |
1838 | ssh_err(r)); | 1831 | ssh_err(r)); |
@@ -3110,13 +3103,11 @@ channel_input_open_failure(int type, u_int32_t seq, struct ssh *ssh) | |||
3110 | error("%s: reason: %s", __func__, ssh_err(r)); | 3103 | error("%s: reason: %s", __func__, ssh_err(r)); |
3111 | packet_disconnect("Invalid open failure message"); | 3104 | packet_disconnect("Invalid open failure message"); |
3112 | } | 3105 | } |
3113 | if ((datafellows & SSH_BUG_OPENFAILURE) == 0) { | 3106 | /* skip language */ |
3114 | /* skip language */ | 3107 | if ((r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 || |
3115 | if ((r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 || | 3108 | (r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0) { |
3116 | (r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0) { | 3109 | error("%s: message/lang: %s", __func__, ssh_err(r)); |
3117 | error("%s: message/lang: %s", __func__, ssh_err(r)); | 3110 | packet_disconnect("Invalid open failure message"); |
3118 | packet_disconnect("Invalid open failure message"); | ||
3119 | } | ||
3120 | } | 3111 | } |
3121 | ssh_packet_check_eom(ssh); | 3112 | ssh_packet_check_eom(ssh); |
3122 | logit("channel %d: open failed: %s%s%s", c->self, | 3113 | logit("channel %d: open failed: %s%s%s", c->self, |
@@ -3664,15 +3655,9 @@ static const char * | |||
3664 | channel_rfwd_bind_host(const char *listen_host) | 3655 | channel_rfwd_bind_host(const char *listen_host) |
3665 | { | 3656 | { |
3666 | if (listen_host == NULL) { | 3657 | if (listen_host == NULL) { |
3667 | if (datafellows & SSH_BUG_RFWD_ADDR) | 3658 | return "localhost"; |
3668 | return "127.0.0.1"; | ||
3669 | else | ||
3670 | return "localhost"; | ||
3671 | } else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0) { | 3659 | } else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0) { |
3672 | if (datafellows & SSH_BUG_RFWD_ADDR) | 3660 | return ""; |
3673 | return "0.0.0.0"; | ||
3674 | else | ||
3675 | return ""; | ||
3676 | } else | 3661 | } else |
3677 | return listen_host; | 3662 | return listen_host; |
3678 | } | 3663 | } |
diff --git a/clientloop.c b/clientloop.c index c187ae570..ed9bebdfa 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.309 2017/12/18 23:16:23 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.310 2018/01/23 05:27:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1541,12 +1541,7 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan) | |||
1541 | return NULL; | 1541 | return NULL; |
1542 | } | 1542 | } |
1543 | originator = packet_get_string(NULL); | 1543 | originator = packet_get_string(NULL); |
1544 | if (datafellows & SSH_BUG_X11FWD) { | 1544 | originator_port = packet_get_int(); |
1545 | debug2("buggy server: x11 request w/o originator_port"); | ||
1546 | originator_port = 0; | ||
1547 | } else { | ||
1548 | originator_port = packet_get_int(); | ||
1549 | } | ||
1550 | packet_check_eom(); | 1545 | packet_check_eom(); |
1551 | /* XXX check permission */ | 1546 | /* XXX check permission */ |
1552 | debug("client_request_x11: request from %s %d", originator, | 1547 | debug("client_request_x11: request from %s %d", originator, |
@@ -1678,10 +1673,8 @@ client_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) | |||
1678 | packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); | 1673 | packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); |
1679 | packet_put_int(rchan); | 1674 | packet_put_int(rchan); |
1680 | packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED); | 1675 | packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED); |
1681 | if (!(datafellows & SSH_BUG_OPENFAILURE)) { | 1676 | packet_put_cstring("open failed"); |
1682 | packet_put_cstring("open failed"); | 1677 | packet_put_cstring(""); |
1683 | packet_put_cstring(""); | ||
1684 | } | ||
1685 | packet_send(); | 1678 | packet_send(); |
1686 | } | 1679 | } |
1687 | free(ctype); | 1680 | free(ctype); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: compat.c,v 1.104 2017/07/25 09:22:25 dtucker Exp $ */ | 1 | /* $OpenBSD: compat.c,v 1.105 2018/01/23 05:27:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -50,83 +50,20 @@ compat_datafellows(const char *version) | |||
50 | char *pat; | 50 | char *pat; |
51 | int bugs; | 51 | int bugs; |
52 | } check[] = { | 52 | } check[] = { |
53 | { "OpenSSH-2.0*," | ||
54 | "OpenSSH-2.1*," | ||
55 | "OpenSSH_2.1*," | ||
56 | "OpenSSH_2.2*", SSH_OLD_SESSIONID|SSH_BUG_BANNER| | ||
57 | SSH_OLD_DHGEX|SSH_BUG_NOREKEY| | ||
58 | SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, | ||
59 | { "OpenSSH_2.3.0*", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES| | ||
60 | SSH_OLD_DHGEX|SSH_BUG_NOREKEY| | ||
61 | SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, | ||
62 | { "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| | ||
63 | SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| | ||
64 | SSH_OLD_FORWARD_ADDR}, | ||
65 | { "OpenSSH_2.5.0p1*," | ||
66 | "OpenSSH_2.5.1p1*", | ||
67 | SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| | ||
68 | SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| | ||
69 | SSH_OLD_FORWARD_ADDR}, | ||
70 | { "OpenSSH_2.5.0*," | ||
71 | "OpenSSH_2.5.1*," | ||
72 | "OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY| | ||
73 | SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, | ||
74 | { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| | ||
75 | SSH_OLD_FORWARD_ADDR}, | ||
76 | { "OpenSSH_2.*," | 53 | { "OpenSSH_2.*," |
77 | "OpenSSH_3.0*," | 54 | "OpenSSH_3.0*," |
78 | "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, | 55 | "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, |
79 | { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR }, | 56 | { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR }, |
80 | { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, | 57 | { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, |
81 | { "OpenSSH_4*", 0 }, | 58 | { "OpenSSH_2*," |
59 | "OpenSSH_3*," | ||
60 | "OpenSSH_4*", 0 }, | ||
82 | { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT}, | 61 | { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT}, |
83 | { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH}, | 62 | { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH}, |
84 | { "OpenSSH_6.5*," | 63 | { "OpenSSH_6.5*," |
85 | "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD}, | 64 | "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD}, |
86 | { "OpenSSH*", SSH_NEW_OPENSSH }, | 65 | { "OpenSSH*", SSH_NEW_OPENSSH }, |
87 | { "*MindTerm*", 0 }, | 66 | { "*MindTerm*", 0 }, |
88 | { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | ||
89 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | ||
90 | SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE| | ||
91 | SSH_BUG_FIRSTKEX }, | ||
92 | { "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | ||
93 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | ||
94 | SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE| | ||
95 | SSH_BUG_FIRSTKEX }, | ||
96 | { "2.0.13*," | ||
97 | "2.0.14*," | ||
98 | "2.0.15*," | ||
99 | "2.0.16*," | ||
100 | "2.0.17*," | ||
101 | "2.0.18*," | ||
102 | "2.0.19*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | ||
103 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | ||
104 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| | ||
105 | SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| | ||
106 | SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE| | ||
107 | SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX }, | ||
108 | { "2.0.11*," | ||
109 | "2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | ||
110 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | ||
111 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| | ||
112 | SSH_BUG_PKAUTH|SSH_BUG_PKOK| | ||
113 | SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| | ||
114 | SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX }, | ||
115 | { "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | ||
116 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | ||
117 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| | ||
118 | SSH_BUG_PKAUTH|SSH_BUG_PKOK| | ||
119 | SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| | ||
120 | SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN| | ||
121 | SSH_BUG_FIRSTKEX }, | ||
122 | { "2.2.0*," | ||
123 | "2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG| | ||
124 | SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX }, | ||
125 | { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5| | ||
126 | SSH_BUG_FIRSTKEX }, | ||
127 | { "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */ | ||
128 | { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX| | ||
129 | SSH_BUG_RFWD_ADDR }, | ||
130 | { "3.0.*", SSH_BUG_DEBUG }, | 67 | { "3.0.*", SSH_BUG_DEBUG }, |
131 | { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, | 68 | { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, |
132 | { "1.7 SecureFX*", SSH_OLD_SESSIONID }, | 69 | { "1.7 SecureFX*", SSH_OLD_SESSIONID }, |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: compat.h,v 1.49 2017/04/30 23:13:25 djm Exp $ */ | 1 | /* $OpenBSD: compat.h,v 1.50 2018/01/23 05:27:21 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. |
@@ -32,31 +32,31 @@ | |||
32 | #define SSH_PROTO_1_PREFERRED 0x02 | 32 | #define SSH_PROTO_1_PREFERRED 0x02 |
33 | #define SSH_PROTO_2 0x04 | 33 | #define SSH_PROTO_2 0x04 |
34 | 34 | ||
35 | #define SSH_BUG_SIGBLOB 0x00000001 | 35 | /* #define unused 0x00000001 */ |
36 | #define SSH_BUG_PKSERVICE 0x00000002 | 36 | /* #define unused 0x00000002 */ |
37 | #define SSH_BUG_HMAC 0x00000004 | 37 | /* #define unused 0x00000004 */ |
38 | #define SSH_BUG_X11FWD 0x00000008 | 38 | /* #define unused 0x00000008 */ |
39 | #define SSH_OLD_SESSIONID 0x00000010 | 39 | #define SSH_OLD_SESSIONID 0x00000010 |
40 | #define SSH_BUG_PKAUTH 0x00000020 | 40 | /* #define unused 0x00000020 */ |
41 | #define SSH_BUG_DEBUG 0x00000040 | 41 | #define SSH_BUG_DEBUG 0x00000040 |
42 | #define SSH_BUG_BANNER 0x00000080 | 42 | /* #define unused 0x00000080 */ |
43 | #define SSH_BUG_IGNOREMSG 0x00000100 | 43 | #define SSH_BUG_IGNOREMSG 0x00000100 |
44 | #define SSH_BUG_PKOK 0x00000200 | 44 | /* #define unused 0x00000200 */ |
45 | #define SSH_BUG_PASSWORDPAD 0x00000400 | 45 | #define SSH_BUG_PASSWORDPAD 0x00000400 |
46 | #define SSH_BUG_SCANNER 0x00000800 | 46 | #define SSH_BUG_SCANNER 0x00000800 |
47 | #define SSH_BUG_BIGENDIANAES 0x00001000 | 47 | #define SSH_BUG_BIGENDIANAES 0x00001000 |
48 | #define SSH_BUG_RSASIGMD5 0x00002000 | 48 | #define SSH_BUG_RSASIGMD5 0x00002000 |
49 | #define SSH_OLD_DHGEX 0x00004000 | 49 | #define SSH_OLD_DHGEX 0x00004000 |
50 | #define SSH_BUG_NOREKEY 0x00008000 | 50 | #define SSH_BUG_NOREKEY 0x00008000 |
51 | #define SSH_BUG_HBSERVICE 0x00010000 | 51 | /* #define unused 0x00010000 */ |
52 | #define SSH_BUG_OPENFAILURE 0x00020000 | 52 | /* #define unused 0x00020000 */ |
53 | #define SSH_BUG_DERIVEKEY 0x00040000 | 53 | /* #define unused 0x00040000 */ |
54 | #define SSH_BUG_DUMMYCHAN 0x00100000 | 54 | /* #define unused 0x00100000 */ |
55 | #define SSH_BUG_EXTEOF 0x00200000 | 55 | #define SSH_BUG_EXTEOF 0x00200000 |
56 | #define SSH_BUG_PROBE 0x00400000 | 56 | #define SSH_BUG_PROBE 0x00400000 |
57 | #define SSH_BUG_FIRSTKEX 0x00800000 | 57 | /* #define unused 0x00800000 */ |
58 | #define SSH_OLD_FORWARD_ADDR 0x01000000 | 58 | #define SSH_OLD_FORWARD_ADDR 0x01000000 |
59 | #define SSH_BUG_RFWD_ADDR 0x02000000 | 59 | /* #define unused 0x02000000 */ |
60 | #define SSH_NEW_OPENSSH 0x04000000 | 60 | #define SSH_NEW_OPENSSH 0x04000000 |
61 | #define SSH_BUG_DYNAMIC_RPORT 0x08000000 | 61 | #define SSH_BUG_DYNAMIC_RPORT 0x08000000 |
62 | #define SSH_BUG_CURVE25519PAD 0x10000000 | 62 | #define SSH_BUG_CURVE25519PAD 0x10000000 |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.134 2017/06/13 12:13:59 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.135 2018/01/23 05:27:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -675,9 +675,6 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server) | |||
675 | free(name); | 675 | free(name); |
676 | return SSH_ERR_INTERNAL_ERROR; | 676 | return SSH_ERR_INTERNAL_ERROR; |
677 | } | 677 | } |
678 | /* truncate the key */ | ||
679 | if (ssh->compat & SSH_BUG_HMAC) | ||
680 | mac->key_len = 16; | ||
681 | mac->name = name; | 678 | mac->name = name; |
682 | mac->key = NULL; | 679 | mac->key = NULL; |
683 | mac->enabled = 0; | 680 | mac->enabled = 0; |
@@ -866,8 +863,7 @@ kex_choose_conf(struct ssh *ssh) | |||
866 | kex->dh_need = dh_need; | 863 | kex->dh_need = dh_need; |
867 | 864 | ||
868 | /* ignore the next message if the proposals do not match */ | 865 | /* ignore the next message if the proposals do not match */ |
869 | if (first_kex_follows && !proposals_match(my, peer) && | 866 | if (first_kex_follows && !proposals_match(my, peer)) |
870 | !(ssh->compat & SSH_BUG_FIRSTKEX)) | ||
871 | ssh->dispatch_skip_packets = 1; | 867 | ssh->dispatch_skip_packets = 1; |
872 | r = 0; | 868 | r = 0; |
873 | out: | 869 | out: |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.177 2017/12/21 00:00:28 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.178 2018/01/23 05:27:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -1255,18 +1255,13 @@ monitor_valid_userblob(u_char *data, u_int datalen) | |||
1255 | free(userstyle); | 1255 | free(userstyle); |
1256 | free(cp); | 1256 | free(cp); |
1257 | buffer_skip_string(&b); | 1257 | buffer_skip_string(&b); |
1258 | if (datafellows & SSH_BUG_PKAUTH) { | 1258 | cp = buffer_get_cstring(&b, NULL); |
1259 | if (!buffer_get_char(&b)) | 1259 | if (strcmp("publickey", cp) != 0) |
1260 | fail++; | 1260 | fail++; |
1261 | } else { | 1261 | free(cp); |
1262 | cp = buffer_get_cstring(&b, NULL); | 1262 | if (!buffer_get_char(&b)) |
1263 | if (strcmp("publickey", cp) != 0) | 1263 | fail++; |
1264 | fail++; | 1264 | buffer_skip_string(&b); |
1265 | free(cp); | ||
1266 | if (!buffer_get_char(&b)) | ||
1267 | fail++; | ||
1268 | buffer_skip_string(&b); | ||
1269 | } | ||
1270 | buffer_skip_string(&b); | 1265 | buffer_skip_string(&b); |
1271 | if (buffer_len(&b) != 0) | 1266 | if (buffer_len(&b) != 0) |
1272 | fail++; | 1267 | fail++; |
diff --git a/serverloop.c b/serverloop.c index 615921c38..feaf35c1a 100644 --- a/serverloop.c +++ b/serverloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: serverloop.c,v 1.202 2017/12/18 23:16:24 djm Exp $ */ | 1 | /* $OpenBSD: serverloop.c,v 1.203 2018/01/23 05:27:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -655,10 +655,8 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) | |||
655 | packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); | 655 | packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); |
656 | packet_put_int(rchan); | 656 | packet_put_int(rchan); |
657 | packet_put_int(reason); | 657 | packet_put_int(reason); |
658 | if (!(datafellows & SSH_BUG_OPENFAILURE)) { | 658 | packet_put_cstring(errmsg ? errmsg : "open failed"); |
659 | packet_put_cstring(errmsg ? errmsg : "open failed"); | 659 | packet_put_cstring(""); |
660 | packet_put_cstring(""); | ||
661 | } | ||
662 | packet_send(); | 660 | packet_send(); |
663 | } | 661 | } |
664 | free(ctype); | 662 | free(ctype); |
diff --git a/ssh-agent.c b/ssh-agent.c index 8cb00f620..39888a72c 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.226 2017/11/15 02:10:16 djm Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.227 2018/01/23 05:27:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -292,8 +292,6 @@ process_sign_request2(SocketEntry *e) | |||
292 | goto send; | 292 | goto send; |
293 | } | 293 | } |
294 | 294 | ||
295 | if (flags & SSH_AGENT_OLD_SIGNATURE) | ||
296 | compat = SSH_BUG_SIGBLOB; | ||
297 | if ((id = lookup_identity(key)) == NULL) { | 295 | if ((id = lookup_identity(key)) == NULL) { |
298 | verbose("%s: %s key not found", __func__, sshkey_type(key)); | 296 | verbose("%s: %s key not found", __func__, sshkey_type(key)); |
299 | goto send; | 297 | goto send; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-dss.c,v 1.35 2016/04/21 06:08:02 djm Exp $ */ | 1 | /* $OpenBSD: ssh-dss.c,v 1.36 2018/01/23 05:27:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -86,38 +86,25 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |||
86 | BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); | 86 | BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); |
87 | BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen); | 87 | BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen); |
88 | 88 | ||
89 | if (compat & SSH_BUG_SIGBLOB) { | 89 | if ((b = sshbuf_new()) == NULL) { |
90 | if (sigp != NULL) { | 90 | ret = SSH_ERR_ALLOC_FAIL; |
91 | if ((*sigp = malloc(SIGBLOB_LEN)) == NULL) { | 91 | goto out; |
92 | ret = SSH_ERR_ALLOC_FAIL; | 92 | } |
93 | goto out; | 93 | if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 || |
94 | } | 94 | (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0) |
95 | memcpy(*sigp, sigblob, SIGBLOB_LEN); | 95 | goto out; |
96 | } | 96 | |
97 | if (lenp != NULL) | 97 | len = sshbuf_len(b); |
98 | *lenp = SIGBLOB_LEN; | 98 | if (sigp != NULL) { |
99 | ret = 0; | 99 | if ((*sigp = malloc(len)) == NULL) { |
100 | } else { | ||
101 | /* ietf-drafts */ | ||
102 | if ((b = sshbuf_new()) == NULL) { | ||
103 | ret = SSH_ERR_ALLOC_FAIL; | 100 | ret = SSH_ERR_ALLOC_FAIL; |
104 | goto out; | 101 | goto out; |
105 | } | 102 | } |
106 | if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 || | 103 | memcpy(*sigp, sshbuf_ptr(b), len); |
107 | (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0) | ||
108 | goto out; | ||
109 | len = sshbuf_len(b); | ||
110 | if (sigp != NULL) { | ||
111 | if ((*sigp = malloc(len)) == NULL) { | ||
112 | ret = SSH_ERR_ALLOC_FAIL; | ||
113 | goto out; | ||
114 | } | ||
115 | memcpy(*sigp, sshbuf_ptr(b), len); | ||
116 | } | ||
117 | if (lenp != NULL) | ||
118 | *lenp = len; | ||
119 | ret = 0; | ||
120 | } | 104 | } |
105 | if (lenp != NULL) | ||
106 | *lenp = len; | ||
107 | ret = 0; | ||
121 | out: | 108 | out: |
122 | explicit_bzero(digest, sizeof(digest)); | 109 | explicit_bzero(digest, sizeof(digest)); |
123 | if (sig != NULL) | 110 | if (sig != NULL) |
@@ -146,28 +133,20 @@ ssh_dss_verify(const struct sshkey *key, | |||
146 | return SSH_ERR_INTERNAL_ERROR; | 133 | return SSH_ERR_INTERNAL_ERROR; |
147 | 134 | ||
148 | /* fetch signature */ | 135 | /* fetch signature */ |
149 | if (compat & SSH_BUG_SIGBLOB) { | 136 | if ((b = sshbuf_from(signature, signaturelen)) == NULL) |
150 | if ((sigblob = malloc(signaturelen)) == NULL) | 137 | return SSH_ERR_ALLOC_FAIL; |
151 | return SSH_ERR_ALLOC_FAIL; | 138 | if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || |
152 | memcpy(sigblob, signature, signaturelen); | 139 | sshbuf_get_string(b, &sigblob, &len) != 0) { |
153 | len = signaturelen; | 140 | ret = SSH_ERR_INVALID_FORMAT; |
154 | } else { | 141 | goto out; |
155 | /* ietf-drafts */ | 142 | } |
156 | if ((b = sshbuf_from(signature, signaturelen)) == NULL) | 143 | if (strcmp("ssh-dss", ktype) != 0) { |
157 | return SSH_ERR_ALLOC_FAIL; | 144 | ret = SSH_ERR_KEY_TYPE_MISMATCH; |
158 | if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || | 145 | goto out; |
159 | sshbuf_get_string(b, &sigblob, &len) != 0) { | 146 | } |
160 | ret = SSH_ERR_INVALID_FORMAT; | 147 | if (sshbuf_len(b) != 0) { |
161 | goto out; | 148 | ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; |
162 | } | 149 | goto out; |
163 | if (strcmp("ssh-dss", ktype) != 0) { | ||
164 | ret = SSH_ERR_KEY_TYPE_MISMATCH; | ||
165 | goto out; | ||
166 | } | ||
167 | if (sshbuf_len(b) != 0) { | ||
168 | ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; | ||
169 | goto out; | ||
170 | } | ||
171 | } | 150 | } |
172 | 151 | ||
173 | if (len != SIGBLOB_LEN) { | 152 | if (len != SIGBLOB_LEN) { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.470 2018/01/23 05:06:25 djm Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.471 2018/01/23 05:27:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1931,7 +1931,7 @@ ssh_session2(struct ssh *ssh, struct passwd *pw) | |||
1931 | if (options.control_persist && muxserver_sock == -1) | 1931 | if (options.control_persist && muxserver_sock == -1) |
1932 | ssh_init_stdio_forwarding(ssh); | 1932 | ssh_init_stdio_forwarding(ssh); |
1933 | 1933 | ||
1934 | if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) | 1934 | if (!no_shell_flag) |
1935 | id = ssh_session2_open(ssh); | 1935 | id = ssh_session2_open(ssh); |
1936 | else { | 1936 | else { |
1937 | packet_set_interactive( | 1937 | packet_set_interactive( |
diff --git a/sshconnect.c b/sshconnect.c index c25e192c8..0e195a31d 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.290 2018/01/23 05:17:04 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.291 2018/01/23 05:27:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -617,9 +617,6 @@ ssh_exchange_identification(int timeout_ms) | |||
617 | if (mismatch) | 617 | if (mismatch) |
618 | fatal("Protocol major versions differ: %d vs. %d", | 618 | fatal("Protocol major versions differ: %d vs. %d", |
619 | PROTOCOL_MAJOR_2, remote_major); | 619 | PROTOCOL_MAJOR_2, remote_major); |
620 | if ((datafellows & SSH_BUG_DERIVEKEY) != 0) | ||
621 | fatal("Server version \"%.100s\" uses unsafe key agreement; " | ||
622 | "refusing connection", remote_version); | ||
623 | if ((datafellows & SSH_BUG_RSASIGMD5) != 0) | 620 | if ((datafellows & SSH_BUG_RSASIGMD5) != 0) |
624 | logit("Server version \"%.100s\" uses unsafe RSA signature " | 621 | logit("Server version \"%.100s\" uses unsafe RSA signature " |
625 | "scheme; disabling use of RSA keys", remote_version); | 622 | "scheme; disabling use of RSA keys", remote_version); |
diff --git a/sshconnect2.c b/sshconnect2.c index be9397e48..870c3d270 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.266 2017/08/27 00:38:41 dtucker Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.267 2018/01/23 05:27:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -578,7 +578,6 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) | |||
578 | Authctxt *authctxt = ssh->authctxt; | 578 | Authctxt *authctxt = ssh->authctxt; |
579 | struct sshkey *key = NULL; | 579 | struct sshkey *key = NULL; |
580 | Identity *id = NULL; | 580 | Identity *id = NULL; |
581 | Buffer b; | ||
582 | int pktype, sent = 0; | 581 | int pktype, sent = 0; |
583 | u_int alen, blen; | 582 | u_int alen, blen; |
584 | char *pkalg, *fp; | 583 | char *pkalg, *fp; |
@@ -586,18 +585,9 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) | |||
586 | 585 | ||
587 | if (authctxt == NULL) | 586 | if (authctxt == NULL) |
588 | fatal("input_userauth_pk_ok: no authentication context"); | 587 | fatal("input_userauth_pk_ok: no authentication context"); |
589 | if (datafellows & SSH_BUG_PKOK) { | 588 | |
590 | /* this is similar to SSH_BUG_PKAUTH */ | 589 | pkalg = packet_get_string(&alen); |
591 | debug2("input_userauth_pk_ok: SSH_BUG_PKOK"); | 590 | pkblob = packet_get_string(&blen); |
592 | pkblob = packet_get_string(&blen); | ||
593 | buffer_init(&b); | ||
594 | buffer_append(&b, pkblob, blen); | ||
595 | pkalg = buffer_get_string(&b, &alen); | ||
596 | buffer_free(&b); | ||
597 | } else { | ||
598 | pkalg = packet_get_string(&alen); | ||
599 | pkblob = packet_get_string(&blen); | ||
600 | } | ||
601 | packet_check_eom(); | 591 | packet_check_eom(); |
602 | 592 | ||
603 | debug("Server accepts key: pkalg %s blen %u", pkalg, blen); | 593 | debug("Server accepts key: pkalg %s blen %u", pkalg, blen); |
@@ -1100,17 +1090,10 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) | |||
1100 | } | 1090 | } |
1101 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | 1091 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
1102 | buffer_put_cstring(&b, authctxt->server_user); | 1092 | buffer_put_cstring(&b, authctxt->server_user); |
1103 | buffer_put_cstring(&b, | 1093 | buffer_put_cstring(&b, authctxt->service); |
1104 | datafellows & SSH_BUG_PKSERVICE ? | 1094 | buffer_put_cstring(&b, authctxt->method->name); |
1105 | "ssh-userauth" : | 1095 | buffer_put_char(&b, have_sig); |
1106 | authctxt->service); | 1096 | buffer_put_cstring(&b, key_sign_encode(id->key)); |
1107 | if (datafellows & SSH_BUG_PKAUTH) { | ||
1108 | buffer_put_char(&b, have_sig); | ||
1109 | } else { | ||
1110 | buffer_put_cstring(&b, authctxt->method->name); | ||
1111 | buffer_put_char(&b, have_sig); | ||
1112 | buffer_put_cstring(&b, key_sign_encode(id->key)); | ||
1113 | } | ||
1114 | buffer_put_string(&b, blob, bloblen); | 1097 | buffer_put_string(&b, blob, bloblen); |
1115 | 1098 | ||
1116 | /* | 1099 | /* |
@@ -1170,19 +1153,6 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) | |||
1170 | #ifdef DEBUG_PK | 1153 | #ifdef DEBUG_PK |
1171 | buffer_dump(&b); | 1154 | buffer_dump(&b); |
1172 | #endif | 1155 | #endif |
1173 | if (datafellows & SSH_BUG_PKSERVICE) { | ||
1174 | buffer_clear(&b); | ||
1175 | buffer_append(&b, session_id2, session_id2_len); | ||
1176 | skip = session_id2_len; | ||
1177 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | ||
1178 | buffer_put_cstring(&b, authctxt->server_user); | ||
1179 | buffer_put_cstring(&b, authctxt->service); | ||
1180 | buffer_put_cstring(&b, authctxt->method->name); | ||
1181 | buffer_put_char(&b, have_sig); | ||
1182 | if (!(datafellows & SSH_BUG_PKAUTH)) | ||
1183 | buffer_put_cstring(&b, key_ssh_name(id->key)); | ||
1184 | buffer_put_string(&b, blob, bloblen); | ||
1185 | } | ||
1186 | free(blob); | 1156 | free(blob); |
1187 | 1157 | ||
1188 | /* append signature */ | 1158 | /* append signature */ |
@@ -1224,8 +1194,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) | |||
1224 | packet_put_cstring(authctxt->service); | 1194 | packet_put_cstring(authctxt->service); |
1225 | packet_put_cstring(authctxt->method->name); | 1195 | packet_put_cstring(authctxt->method->name); |
1226 | packet_put_char(have_sig); | 1196 | packet_put_char(have_sig); |
1227 | if (!(datafellows & SSH_BUG_PKAUTH)) | 1197 | packet_put_cstring(key_sign_encode(id->key)); |
1228 | packet_put_cstring(key_sign_encode(id->key)); | ||
1229 | packet_put_string(blob, bloblen); | 1198 | packet_put_string(blob, bloblen); |
1230 | free(blob); | 1199 | free(blob); |
1231 | packet_send(); | 1200 | packet_send(); |
@@ -1741,7 +1710,6 @@ userauth_hostbased(Authctxt *authctxt) | |||
1741 | struct ssh *ssh = active_state; | 1710 | struct ssh *ssh = active_state; |
1742 | struct sshkey *private = NULL; | 1711 | struct sshkey *private = NULL; |
1743 | struct sshbuf *b = NULL; | 1712 | struct sshbuf *b = NULL; |
1744 | const char *service; | ||
1745 | u_char *sig = NULL, *keyblob = NULL; | 1713 | u_char *sig = NULL, *keyblob = NULL; |
1746 | char *fp = NULL, *chost = NULL, *lname = NULL; | 1714 | char *fp = NULL, *chost = NULL, *lname = NULL; |
1747 | size_t siglen = 0, keylen = 0; | 1715 | size_t siglen = 0, keylen = 0; |
@@ -1812,9 +1780,6 @@ userauth_hostbased(Authctxt *authctxt) | |||
1812 | xasprintf(&chost, "%s.", lname); | 1780 | xasprintf(&chost, "%s.", lname); |
1813 | debug2("%s: chost %s", __func__, chost); | 1781 | debug2("%s: chost %s", __func__, chost); |
1814 | 1782 | ||
1815 | service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : | ||
1816 | authctxt->service; | ||
1817 | |||
1818 | /* construct data */ | 1783 | /* construct data */ |
1819 | if ((b = sshbuf_new()) == NULL) { | 1784 | if ((b = sshbuf_new()) == NULL) { |
1820 | error("%s: sshbuf_new failed", __func__); | 1785 | error("%s: sshbuf_new failed", __func__); |
@@ -1827,7 +1792,7 @@ userauth_hostbased(Authctxt *authctxt) | |||
1827 | if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || | 1792 | if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || |
1828 | (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || | 1793 | (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || |
1829 | (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 || | 1794 | (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 || |
1830 | (r = sshbuf_put_cstring(b, service)) != 0 || | 1795 | (r = sshbuf_put_cstring(b, authctxt->service)) != 0 || |
1831 | (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 || | 1796 | (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 || |
1832 | (r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 || | 1797 | (r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 || |
1833 | (r = sshbuf_put_string(b, keyblob, keylen)) != 0 || | 1798 | (r = sshbuf_put_string(b, keyblob, keylen)) != 0 || |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.501 2018/01/23 05:12:12 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.502 2018/01/23 05:27:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -446,10 +446,6 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) | |||
446 | logit("Client version \"%.100s\" uses unsafe RSA signature " | 446 | logit("Client version \"%.100s\" uses unsafe RSA signature " |
447 | "scheme; disabling use of RSA keys", remote_version); | 447 | "scheme; disabling use of RSA keys", remote_version); |
448 | } | 448 | } |
449 | if ((ssh->compat & SSH_BUG_DERIVEKEY) != 0) { | ||
450 | fatal("Client version \"%.100s\" uses unsafe key agreement; " | ||
451 | "refusing connection", remote_version); | ||
452 | } | ||
453 | 449 | ||
454 | chop(server_version_string); | 450 | chop(server_version_string); |
455 | debug("Local version string %.200s", server_version_string); | 451 | debug("Local version string %.200s", server_version_string); |