diff options
-rw-r--r-- | packet.c | 17 | ||||
-rw-r--r-- | packet.h | 7 |
2 files changed, 22 insertions, 2 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.c,v 1.242 2016/09/30 09:19:13 markus Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.243 2016/10/11 21:47:45 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -219,6 +219,10 @@ struct session_state { | |||
219 | /* SSH1 CRC compensation attack detector */ | 219 | /* SSH1 CRC compensation attack detector */ |
220 | struct deattack_ctx deattack; | 220 | struct deattack_ctx deattack; |
221 | 221 | ||
222 | /* Hook for fuzzing inbound packets */ | ||
223 | ssh_packet_hook_fn *hook_in; | ||
224 | void *hook_in_ctx; | ||
225 | |||
222 | TAILQ_HEAD(, packet) outgoing; | 226 | TAILQ_HEAD(, packet) outgoing; |
223 | }; | 227 | }; |
224 | 228 | ||
@@ -263,6 +267,13 @@ ssh_alloc_session_state(void) | |||
263 | return NULL; | 267 | return NULL; |
264 | } | 268 | } |
265 | 269 | ||
270 | void | ||
271 | ssh_packet_set_input_hook(struct ssh *ssh, ssh_packet_hook_fn *hook, void *ctx) | ||
272 | { | ||
273 | ssh->state->hook_in = hook; | ||
274 | ssh->state->hook_in_ctx = ctx; | ||
275 | } | ||
276 | |||
266 | /* Returns nonzero if rekeying is in progress */ | 277 | /* Returns nonzero if rekeying is in progress */ |
267 | int | 278 | int |
268 | ssh_packet_is_rekeying(struct ssh *ssh) | 279 | ssh_packet_is_rekeying(struct ssh *ssh) |
@@ -1884,6 +1895,10 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | |||
1884 | return r; | 1895 | return r; |
1885 | return SSH_ERR_PROTOCOL_ERROR; | 1896 | return SSH_ERR_PROTOCOL_ERROR; |
1886 | } | 1897 | } |
1898 | if (state->hook_in != NULL && | ||
1899 | (r = state->hook_in(ssh, state->incoming_packet, typep, | ||
1900 | state->hook_in_ctx)) != 0) | ||
1901 | return r; | ||
1887 | if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side) | 1902 | if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side) |
1888 | r = ssh_packet_enable_delayed_compress(ssh); | 1903 | r = ssh_packet_enable_delayed_compress(ssh); |
1889 | else | 1904 | else |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.h,v 1.73 2016/09/30 09:19:13 markus Exp $ */ | 1 | /* $OpenBSD: packet.h,v 1.74 2016/10/11 21:47:45 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -78,6 +78,9 @@ struct ssh { | |||
78 | void *app_data; | 78 | void *app_data; |
79 | }; | 79 | }; |
80 | 80 | ||
81 | typedef int (ssh_packet_hook_fn)(struct ssh *, struct sshbuf *, | ||
82 | u_char *, void *); | ||
83 | |||
81 | struct ssh *ssh_alloc_session_state(void); | 84 | struct ssh *ssh_alloc_session_state(void); |
82 | struct ssh *ssh_packet_set_connection(struct ssh *, int, int); | 85 | struct ssh *ssh_packet_set_connection(struct ssh *, int, int); |
83 | void ssh_packet_set_timeout(struct ssh *, int, int); | 86 | void ssh_packet_set_timeout(struct ssh *, int, int); |
@@ -88,6 +91,8 @@ int ssh_packet_get_connection_in(struct ssh *); | |||
88 | int ssh_packet_get_connection_out(struct ssh *); | 91 | int ssh_packet_get_connection_out(struct ssh *); |
89 | void ssh_packet_close(struct ssh *); | 92 | void ssh_packet_close(struct ssh *); |
90 | void ssh_packet_set_encryption_key(struct ssh *, const u_char *, u_int, int); | 93 | void ssh_packet_set_encryption_key(struct ssh *, const u_char *, u_int, int); |
94 | void ssh_packet_set_input_hook(struct ssh *, ssh_packet_hook_fn *, void *); | ||
95 | |||
91 | int ssh_packet_is_rekeying(struct ssh *); | 96 | int ssh_packet_is_rekeying(struct ssh *); |
92 | void ssh_packet_set_protocol_flags(struct ssh *, u_int); | 97 | void ssh_packet_set_protocol_flags(struct ssh *, u_int); |
93 | u_int ssh_packet_get_protocol_flags(struct ssh *); | 98 | u_int ssh_packet_get_protocol_flags(struct ssh *); |