diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | auth-rsa.c | 4 | ||||
-rw-r--r-- | auth1.c | 17 | ||||
-rw-r--r-- | channels.c | 28 | ||||
-rw-r--r-- | clientloop.c | 8 | ||||
-rw-r--r-- | packet.c | 4 | ||||
-rw-r--r-- | packet.h | 12 | ||||
-rw-r--r-- | serverloop.c | 8 | ||||
-rw-r--r-- | session.c | 8 | ||||
-rw-r--r-- | ssh.c | 4 | ||||
-rw-r--r-- | sshconnect1.c | 22 | ||||
-rw-r--r-- | sshd.c | 5 |
12 files changed, 51 insertions, 75 deletions
@@ -51,6 +51,10 @@ | |||
51 | - markus@cvs.openbsd.org 2001/12/27 19:54:53 | 51 | - markus@cvs.openbsd.org 2001/12/27 19:54:53 |
52 | [auth1.c auth.h auth-rh-rsa.c] | 52 | [auth1.c auth.h auth-rh-rsa.c] |
53 | auth_rhosts_rsa now accept generic keys. | 53 | auth_rhosts_rsa now accept generic keys. |
54 | - markus@cvs.openbsd.org 2001/12/27 20:39:58 | ||
55 | [auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h] | ||
56 | [serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c] | ||
57 | get rid of packet_integrity_check, use packet_done() instead. | ||
54 | 58 | ||
55 | 20020121 | 59 | 20020121 |
56 | - (djm) Rework ssh-rand-helper: | 60 | - (djm) Rework ssh-rand-helper: |
@@ -7198,4 +7202,4 @@ | |||
7198 | - Wrote replacements for strlcpy and mkdtemp | 7202 | - Wrote replacements for strlcpy and mkdtemp |
7199 | - Released 1.0pre1 | 7203 | - Released 1.0pre1 |
7200 | 7204 | ||
7201 | $Id: ChangeLog,v 1.1737 2002/01/22 12:11:00 djm Exp $ | 7205 | $Id: ChangeLog,v 1.1738 2002/01/22 12:11:38 djm Exp $ |
diff --git a/auth-rsa.c b/auth-rsa.c index de50b8ef8..1d74a79cd 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -14,7 +14,7 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: auth-rsa.c,v 1.47 2001/12/27 18:22:16 markus Exp $"); | 17 | RCSID("$OpenBSD: auth-rsa.c,v 1.48 2001/12/27 20:39:58 markus Exp $"); |
18 | 18 | ||
19 | #include <openssl/rsa.h> | 19 | #include <openssl/rsa.h> |
20 | #include <openssl/md5.h> | 20 | #include <openssl/md5.h> |
@@ -92,9 +92,9 @@ auth_rsa_challenge_dialog(RSA *pk) | |||
92 | 92 | ||
93 | /* Wait for a response. */ | 93 | /* Wait for a response. */ |
94 | packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE); | 94 | packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE); |
95 | packet_integrity_check(plen, 16, SSH_CMSG_AUTH_RSA_RESPONSE); | ||
96 | for (i = 0; i < 16; i++) | 95 | for (i = 0; i < 16; i++) |
97 | response[i] = packet_get_char(); | 96 | response[i] = packet_get_char(); |
97 | packet_done(); | ||
98 | 98 | ||
99 | /* The response is MD5 of decrypted challenge plus session id. */ | 99 | /* The response is MD5 of decrypted challenge plus session id. */ |
100 | len = BN_num_bytes(challenge); | 100 | len = BN_num_bytes(challenge); |
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth1.c,v 1.30 2001/12/27 19:54:53 markus Exp $"); | 13 | RCSID("$OpenBSD: auth1.c,v 1.31 2001/12/27 20:39:58 markus Exp $"); |
14 | 14 | ||
15 | #include "xmalloc.h" | 15 | #include "xmalloc.h" |
16 | #include "rsa.h" | 16 | #include "rsa.h" |
@@ -120,8 +120,7 @@ do_authloop(Authctxt *authctxt) | |||
120 | verbose("Kerberos authentication disabled."); | 120 | verbose("Kerberos authentication disabled."); |
121 | } else { | 121 | } else { |
122 | char *kdata = packet_get_string(&dlen); | 122 | char *kdata = packet_get_string(&dlen); |
123 | 123 | packet_done(); | |
124 | packet_integrity_check(plen, 4 + dlen, type); | ||
125 | 124 | ||
126 | if (kdata[0] == 4) { /* KRB_PROT_VERSION */ | 125 | if (kdata[0] == 4) { /* KRB_PROT_VERSION */ |
127 | #ifdef KRB4 | 126 | #ifdef KRB4 |
@@ -181,7 +180,7 @@ do_authloop(Authctxt *authctxt) | |||
181 | * IP-spoofing on a local network.) | 180 | * IP-spoofing on a local network.) |
182 | */ | 181 | */ |
183 | client_user = packet_get_string(&ulen); | 182 | client_user = packet_get_string(&ulen); |
184 | packet_integrity_check(plen, 4 + ulen, type); | 183 | packet_done(); |
185 | 184 | ||
186 | /* Try to authenticate using /etc/hosts.equiv and .rhosts. */ | 185 | /* Try to authenticate using /etc/hosts.equiv and .rhosts. */ |
187 | authenticated = auth_rhosts(pw, client_user); | 186 | authenticated = auth_rhosts(pw, client_user); |
@@ -211,7 +210,7 @@ do_authloop(Authctxt *authctxt) | |||
211 | verbose("Warning: keysize mismatch for client_host_key: " | 210 | verbose("Warning: keysize mismatch for client_host_key: " |
212 | "actual %d, announced %d", | 211 | "actual %d, announced %d", |
213 | BN_num_bits(client_host_key->rsa->n), bits); | 212 | BN_num_bits(client_host_key->rsa->n), bits); |
214 | packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type); | 213 | packet_done(); |
215 | 214 | ||
216 | authenticated = auth_rhosts_rsa(pw, client_user, | 215 | authenticated = auth_rhosts_rsa(pw, client_user, |
217 | client_host_key); | 216 | client_host_key); |
@@ -229,7 +228,7 @@ do_authloop(Authctxt *authctxt) | |||
229 | if ((n = BN_new()) == NULL) | 228 | if ((n = BN_new()) == NULL) |
230 | fatal("do_authloop: BN_new failed"); | 229 | fatal("do_authloop: BN_new failed"); |
231 | packet_get_bignum(n, &nlen); | 230 | packet_get_bignum(n, &nlen); |
232 | packet_integrity_check(plen, nlen, type); | 231 | packet_done(); |
233 | authenticated = auth_rsa(pw, n); | 232 | authenticated = auth_rsa(pw, n); |
234 | BN_clear_free(n); | 233 | BN_clear_free(n); |
235 | break; | 234 | break; |
@@ -245,7 +244,7 @@ do_authloop(Authctxt *authctxt) | |||
245 | * not visible to an outside observer. | 244 | * not visible to an outside observer. |
246 | */ | 245 | */ |
247 | password = packet_get_string(&dlen); | 246 | password = packet_get_string(&dlen); |
248 | packet_integrity_check(plen, 4 + dlen, type); | 247 | packet_done(); |
249 | 248 | ||
250 | #ifdef USE_PAM | 249 | #ifdef USE_PAM |
251 | /* Do PAM auth with password */ | 250 | /* Do PAM auth with password */ |
@@ -283,7 +282,7 @@ do_authloop(Authctxt *authctxt) | |||
283 | if (options.challenge_response_authentication == 1) { | 282 | if (options.challenge_response_authentication == 1) { |
284 | char *response = packet_get_string(&dlen); | 283 | char *response = packet_get_string(&dlen); |
285 | debug("got response '%s'", response); | 284 | debug("got response '%s'", response); |
286 | packet_integrity_check(plen, 4 + dlen, type); | 285 | packet_done(); |
287 | authenticated = verify_response(authctxt, response); | 286 | authenticated = verify_response(authctxt, response); |
288 | memset(response, 'r', dlen); | 287 | memset(response, 'r', dlen); |
289 | xfree(response); | 288 | xfree(response); |
@@ -370,7 +369,7 @@ do_authentication(void) | |||
370 | 369 | ||
371 | /* Get the user name. */ | 370 | /* Get the user name. */ |
372 | user = packet_get_string(&ulen); | 371 | user = packet_get_string(&ulen); |
373 | packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER); | 372 | packet_done(); |
374 | 373 | ||
375 | if ((style = strchr(user, ':')) != NULL) | 374 | if ((style = strchr(user, ':')) != NULL) |
376 | *style++ = '\0'; | 375 | *style++ = '\0'; |
diff --git a/channels.c b/channels.c index cc2613a88..9f042d44e 100644 --- a/channels.c +++ b/channels.c | |||
@@ -39,7 +39,7 @@ | |||
39 | */ | 39 | */ |
40 | 40 | ||
41 | #include "includes.h" | 41 | #include "includes.h" |
42 | RCSID("$OpenBSD: channels.c,v 1.150 2001/12/20 22:50:24 djm Exp $"); | 42 | RCSID("$OpenBSD: channels.c,v 1.151 2001/12/27 20:39:58 markus Exp $"); |
43 | 43 | ||
44 | #include "ssh.h" | 44 | #include "ssh.h" |
45 | #include "ssh1.h" | 45 | #include "ssh1.h" |
@@ -1734,7 +1734,6 @@ channel_input_data(int type, int plen, u_int32_t seq, void *ctxt) | |||
1734 | 1734 | ||
1735 | /* Get the data. */ | 1735 | /* Get the data. */ |
1736 | data = packet_get_string(&data_len); | 1736 | data = packet_get_string(&data_len); |
1737 | packet_done(); | ||
1738 | 1737 | ||
1739 | if (compat20) { | 1738 | if (compat20) { |
1740 | if (data_len > c->local_maxpacket) { | 1739 | if (data_len > c->local_maxpacket) { |
@@ -1748,9 +1747,8 @@ channel_input_data(int type, int plen, u_int32_t seq, void *ctxt) | |||
1748 | return; | 1747 | return; |
1749 | } | 1748 | } |
1750 | c->local_window -= data_len; | 1749 | c->local_window -= data_len; |
1751 | }else{ | ||
1752 | packet_integrity_check(plen, 4 + 4 + data_len, type); | ||
1753 | } | 1750 | } |
1751 | packet_done(); | ||
1754 | buffer_append(&c->output, data, data_len); | 1752 | buffer_append(&c->output, data, data_len); |
1755 | xfree(data); | 1753 | xfree(data); |
1756 | } | 1754 | } |
@@ -1801,9 +1799,8 @@ channel_input_ieof(int type, int plen, u_int32_t seq, void *ctxt) | |||
1801 | int id; | 1799 | int id; |
1802 | Channel *c; | 1800 | Channel *c; |
1803 | 1801 | ||
1804 | packet_integrity_check(plen, 4, type); | ||
1805 | |||
1806 | id = packet_get_int(); | 1802 | id = packet_get_int(); |
1803 | packet_done(); | ||
1807 | c = channel_lookup(id); | 1804 | c = channel_lookup(id); |
1808 | if (c == NULL) | 1805 | if (c == NULL) |
1809 | packet_disconnect("Received ieof for nonexistent channel %d.", id); | 1806 | packet_disconnect("Received ieof for nonexistent channel %d.", id); |
@@ -1823,9 +1820,8 @@ channel_input_close(int type, int plen, u_int32_t seq, void *ctxt) | |||
1823 | int id; | 1820 | int id; |
1824 | Channel *c; | 1821 | Channel *c; |
1825 | 1822 | ||
1826 | packet_integrity_check(plen, 4, type); | ||
1827 | |||
1828 | id = packet_get_int(); | 1823 | id = packet_get_int(); |
1824 | packet_done(); | ||
1829 | c = channel_lookup(id); | 1825 | c = channel_lookup(id); |
1830 | if (c == NULL) | 1826 | if (c == NULL) |
1831 | packet_disconnect("Received close for nonexistent channel %d.", id); | 1827 | packet_disconnect("Received close for nonexistent channel %d.", id); |
@@ -1861,7 +1857,8 @@ channel_input_oclose(int type, int plen, u_int32_t seq, void *ctxt) | |||
1861 | { | 1857 | { |
1862 | int id = packet_get_int(); | 1858 | int id = packet_get_int(); |
1863 | Channel *c = channel_lookup(id); | 1859 | Channel *c = channel_lookup(id); |
1864 | packet_integrity_check(plen, 4, type); | 1860 | |
1861 | packet_done(); | ||
1865 | if (c == NULL) | 1862 | if (c == NULL) |
1866 | packet_disconnect("Received oclose for nonexistent channel %d.", id); | 1863 | packet_disconnect("Received oclose for nonexistent channel %d.", id); |
1867 | chan_rcvd_oclose(c); | 1864 | chan_rcvd_oclose(c); |
@@ -1889,9 +1886,6 @@ channel_input_open_confirmation(int type, int plen, u_int32_t seq, void *ctxt) | |||
1889 | int id, remote_id; | 1886 | int id, remote_id; |
1890 | Channel *c; | 1887 | Channel *c; |
1891 | 1888 | ||
1892 | if (!compat20) | ||
1893 | packet_integrity_check(plen, 4 + 4, type); | ||
1894 | |||
1895 | id = packet_get_int(); | 1889 | id = packet_get_int(); |
1896 | c = channel_lookup(id); | 1890 | c = channel_lookup(id); |
1897 | 1891 | ||
@@ -1906,7 +1900,6 @@ channel_input_open_confirmation(int type, int plen, u_int32_t seq, void *ctxt) | |||
1906 | if (compat20) { | 1900 | if (compat20) { |
1907 | c->remote_window = packet_get_int(); | 1901 | c->remote_window = packet_get_int(); |
1908 | c->remote_maxpacket = packet_get_int(); | 1902 | c->remote_maxpacket = packet_get_int(); |
1909 | packet_done(); | ||
1910 | if (c->cb_fn != NULL && c->cb_event == type) { | 1903 | if (c->cb_fn != NULL && c->cb_event == type) { |
1911 | debug2("callback start"); | 1904 | debug2("callback start"); |
1912 | c->cb_fn(c->self, c->cb_arg); | 1905 | c->cb_fn(c->self, c->cb_arg); |
@@ -1915,6 +1908,7 @@ channel_input_open_confirmation(int type, int plen, u_int32_t seq, void *ctxt) | |||
1915 | debug("channel %d: open confirm rwindow %d rmax %d", c->self, | 1908 | debug("channel %d: open confirm rwindow %d rmax %d", c->self, |
1916 | c->remote_window, c->remote_maxpacket); | 1909 | c->remote_window, c->remote_maxpacket); |
1917 | } | 1910 | } |
1911 | packet_done(); | ||
1918 | } | 1912 | } |
1919 | 1913 | ||
1920 | static char * | 1914 | static char * |
@@ -1940,9 +1934,6 @@ channel_input_open_failure(int type, int plen, u_int32_t seq, void *ctxt) | |||
1940 | char *msg = NULL, *lang = NULL; | 1934 | char *msg = NULL, *lang = NULL; |
1941 | Channel *c; | 1935 | Channel *c; |
1942 | 1936 | ||
1943 | if (!compat20) | ||
1944 | packet_integrity_check(plen, 4, type); | ||
1945 | |||
1946 | id = packet_get_int(); | 1937 | id = packet_get_int(); |
1947 | c = channel_lookup(id); | 1938 | c = channel_lookup(id); |
1948 | 1939 | ||
@@ -1955,7 +1946,6 @@ channel_input_open_failure(int type, int plen, u_int32_t seq, void *ctxt) | |||
1955 | msg = packet_get_string(NULL); | 1946 | msg = packet_get_string(NULL); |
1956 | lang = packet_get_string(NULL); | 1947 | lang = packet_get_string(NULL); |
1957 | } | 1948 | } |
1958 | packet_done(); | ||
1959 | log("channel %d: open failed: %s%s%s", id, | 1949 | log("channel %d: open failed: %s%s%s", id, |
1960 | reason2txt(reason), msg ? ": ": "", msg ? msg : ""); | 1950 | reason2txt(reason), msg ? ": ": "", msg ? msg : ""); |
1961 | if (msg != NULL) | 1951 | if (msg != NULL) |
@@ -1963,6 +1953,7 @@ channel_input_open_failure(int type, int plen, u_int32_t seq, void *ctxt) | |||
1963 | if (lang != NULL) | 1953 | if (lang != NULL) |
1964 | xfree(lang); | 1954 | xfree(lang); |
1965 | } | 1955 | } |
1956 | packet_done(); | ||
1966 | /* Free the channel. This will also close the socket. */ | 1957 | /* Free the channel. This will also close the socket. */ |
1967 | channel_free(c); | 1958 | channel_free(c); |
1968 | } | 1959 | } |
@@ -2888,10 +2879,9 @@ auth_input_open_request(int type, int plen, u_int32_t seq, void *ctxt) | |||
2888 | int remote_id, sock; | 2879 | int remote_id, sock; |
2889 | char *name; | 2880 | char *name; |
2890 | 2881 | ||
2891 | packet_integrity_check(plen, 4, type); | ||
2892 | |||
2893 | /* Read the remote channel number from the message. */ | 2882 | /* Read the remote channel number from the message. */ |
2894 | remote_id = packet_get_int(); | 2883 | remote_id = packet_get_int(); |
2884 | packet_done(); | ||
2895 | 2885 | ||
2896 | /* | 2886 | /* |
2897 | * Get a connection to the local authentication agent (this may again | 2887 | * Get a connection to the local authentication agent (this may again |
diff --git a/clientloop.c b/clientloop.c index 9e4f247c6..f71717554 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -59,7 +59,7 @@ | |||
59 | */ | 59 | */ |
60 | 60 | ||
61 | #include "includes.h" | 61 | #include "includes.h" |
62 | RCSID("$OpenBSD: clientloop.c,v 1.91 2001/12/20 22:50:24 djm Exp $"); | 62 | RCSID("$OpenBSD: clientloop.c,v 1.92 2001/12/27 20:39:58 markus Exp $"); |
63 | 63 | ||
64 | #include "ssh.h" | 64 | #include "ssh.h" |
65 | #include "ssh1.h" | 65 | #include "ssh1.h" |
@@ -1012,7 +1012,7 @@ client_input_stdout_data(int type, int plen, u_int32_t seq, void *ctxt) | |||
1012 | { | 1012 | { |
1013 | u_int data_len; | 1013 | u_int data_len; |
1014 | char *data = packet_get_string(&data_len); | 1014 | char *data = packet_get_string(&data_len); |
1015 | packet_integrity_check(plen, 4 + data_len, type); | 1015 | packet_done(); |
1016 | buffer_append(&stdout_buffer, data, data_len); | 1016 | buffer_append(&stdout_buffer, data, data_len); |
1017 | memset(data, 0, data_len); | 1017 | memset(data, 0, data_len); |
1018 | xfree(data); | 1018 | xfree(data); |
@@ -1022,7 +1022,7 @@ client_input_stderr_data(int type, int plen, u_int32_t seq, void *ctxt) | |||
1022 | { | 1022 | { |
1023 | u_int data_len; | 1023 | u_int data_len; |
1024 | char *data = packet_get_string(&data_len); | 1024 | char *data = packet_get_string(&data_len); |
1025 | packet_integrity_check(plen, 4 + data_len, type); | 1025 | packet_done(); |
1026 | buffer_append(&stderr_buffer, data, data_len); | 1026 | buffer_append(&stderr_buffer, data, data_len); |
1027 | memset(data, 0, data_len); | 1027 | memset(data, 0, data_len); |
1028 | xfree(data); | 1028 | xfree(data); |
@@ -1030,8 +1030,8 @@ client_input_stderr_data(int type, int plen, u_int32_t seq, void *ctxt) | |||
1030 | static void | 1030 | static void |
1031 | client_input_exit_status(int type, int plen, u_int32_t seq, void *ctxt) | 1031 | client_input_exit_status(int type, int plen, u_int32_t seq, void *ctxt) |
1032 | { | 1032 | { |
1033 | packet_integrity_check(plen, 4, type); | ||
1034 | exit_status = packet_get_int(); | 1033 | exit_status = packet_get_int(); |
1034 | packet_done(); | ||
1035 | /* Acknowledge the exit. */ | 1035 | /* Acknowledge the exit. */ |
1036 | packet_start(SSH_CMSG_EXIT_CONFIRMATION); | 1036 | packet_start(SSH_CMSG_EXIT_CONFIRMATION); |
1037 | packet_send(); | 1037 | packet_send(); |
@@ -37,7 +37,7 @@ | |||
37 | */ | 37 | */ |
38 | 38 | ||
39 | #include "includes.h" | 39 | #include "includes.h" |
40 | RCSID("$OpenBSD: packet.c,v 1.77 2001/12/20 22:50:24 djm Exp $"); | 40 | RCSID("$OpenBSD: packet.c,v 1.78 2001/12/27 20:39:58 markus Exp $"); |
41 | 41 | ||
42 | #include "xmalloc.h" | 42 | #include "xmalloc.h" |
43 | #include "buffer.h" | 43 | #include "buffer.h" |
@@ -632,7 +632,7 @@ packet_read_seqnr(int *payload_len_ptr, u_int32_t *seqnr_p) | |||
632 | || type == SSH_SMSG_FAILURE | 632 | || type == SSH_SMSG_FAILURE |
633 | || type == SSH_CMSG_EOF | 633 | || type == SSH_CMSG_EOF |
634 | || type == SSH_CMSG_EXIT_CONFIRMATION)) | 634 | || type == SSH_CMSG_EXIT_CONFIRMATION)) |
635 | packet_integrity_check(*payload_len_ptr, 0, type); | 635 | packet_done(); |
636 | /* If we got a packet, return it. */ | 636 | /* If we got a packet, return it. */ |
637 | if (type != SSH_MSG_NONE) { | 637 | if (type != SSH_MSG_NONE) { |
638 | xfree(setp); | 638 | xfree(setp); |
@@ -11,7 +11,7 @@ | |||
11 | * called by a name other than "ssh" or "Secure Shell". | 11 | * called by a name other than "ssh" or "Secure Shell". |
12 | */ | 12 | */ |
13 | 13 | ||
14 | /* RCSID("$OpenBSD: packet.h,v 1.28 2001/12/20 22:50:24 djm Exp $"); */ | 14 | /* RCSID("$OpenBSD: packet.h,v 1.29 2001/12/27 20:39:58 markus Exp $"); */ |
15 | 15 | ||
16 | #ifndef PACKET_H | 16 | #ifndef PACKET_H |
17 | #define PACKET_H | 17 | #define PACKET_H |
@@ -74,16 +74,6 @@ extern int max_packet_size; | |||
74 | int packet_set_maxsize(int); | 74 | int packet_set_maxsize(int); |
75 | #define packet_get_maxsize() max_packet_size | 75 | #define packet_get_maxsize() max_packet_size |
76 | 76 | ||
77 | #define packet_integrity_check(payload_len, expected_len, type) \ | ||
78 | do { \ | ||
79 | int _p = (payload_len), _e = (expected_len); \ | ||
80 | if (_p != _e) { \ | ||
81 | log("Packet integrity error (%d != %d) at %s:%d", \ | ||
82 | _p, _e, __FILE__, __LINE__); \ | ||
83 | packet_disconnect("Packet integrity error. (%d)", (type)); \ | ||
84 | } \ | ||
85 | } while (0) | ||
86 | |||
87 | #define packet_done() \ | 77 | #define packet_done() \ |
88 | do { \ | 78 | do { \ |
89 | int _len = packet_remaining(); \ | 79 | int _len = packet_remaining(); \ |
diff --git a/serverloop.c b/serverloop.c index d28b8611e..39aa1560e 100644 --- a/serverloop.c +++ b/serverloop.c | |||
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: serverloop.c,v 1.89 2001/12/21 12:17:33 markus Exp $"); | 38 | RCSID("$OpenBSD: serverloop.c,v 1.90 2001/12/27 20:39:58 markus Exp $"); |
39 | 39 | ||
40 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
41 | #include "packet.h" | 41 | #include "packet.h" |
@@ -806,7 +806,7 @@ server_input_stdin_data(int type, int plen, u_int32_t seq, void *ctxt) | |||
806 | if (fdin == -1) | 806 | if (fdin == -1) |
807 | return; | 807 | return; |
808 | data = packet_get_string(&data_len); | 808 | data = packet_get_string(&data_len); |
809 | packet_integrity_check(plen, (4 + data_len), type); | 809 | packet_done(); |
810 | buffer_append(&stdin_buffer, data, data_len); | 810 | buffer_append(&stdin_buffer, data, data_len); |
811 | memset(data, 0, data_len); | 811 | memset(data, 0, data_len); |
812 | xfree(data); | 812 | xfree(data); |
@@ -821,7 +821,7 @@ server_input_eof(int type, int plen, u_int32_t seq, void *ctxt) | |||
821 | * drained. | 821 | * drained. |
822 | */ | 822 | */ |
823 | debug("EOF received for stdin."); | 823 | debug("EOF received for stdin."); |
824 | packet_integrity_check(plen, 0, type); | 824 | packet_done(); |
825 | stdin_eof = 1; | 825 | stdin_eof = 1; |
826 | } | 826 | } |
827 | 827 | ||
@@ -834,7 +834,7 @@ server_input_window_size(int type, int plen, u_int32_t seq, void *ctxt) | |||
834 | int ypixel = packet_get_int(); | 834 | int ypixel = packet_get_int(); |
835 | 835 | ||
836 | debug("Window change received."); | 836 | debug("Window change received."); |
837 | packet_integrity_check(plen, 4 * 4, type); | 837 | packet_done(); |
838 | if (fdin != -1) | 838 | if (fdin != -1) |
839 | pty_change_window_size(fdin, row, col, xpixel, ypixel); | 839 | pty_change_window_size(fdin, row, col, xpixel, ypixel); |
840 | } | 840 | } |
@@ -33,7 +33,7 @@ | |||
33 | */ | 33 | */ |
34 | 34 | ||
35 | #include "includes.h" | 35 | #include "includes.h" |
36 | RCSID("$OpenBSD: session.c,v 1.114 2001/12/20 16:37:29 markus Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.115 2001/12/27 20:39:58 markus Exp $"); |
37 | 37 | ||
38 | #include "ssh.h" | 38 | #include "ssh.h" |
39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
@@ -254,8 +254,8 @@ do_authenticated1(Authctxt *authctxt) | |||
254 | /* Process the packet. */ | 254 | /* Process the packet. */ |
255 | switch (type) { | 255 | switch (type) { |
256 | case SSH_CMSG_REQUEST_COMPRESSION: | 256 | case SSH_CMSG_REQUEST_COMPRESSION: |
257 | packet_integrity_check(plen, 4, type); | ||
258 | compression_level = packet_get_int(); | 257 | compression_level = packet_get_int(); |
258 | packet_done(); | ||
259 | if (compression_level < 1 || compression_level > 9) { | 259 | if (compression_level < 1 || compression_level > 9) { |
260 | packet_send_debug("Received illegal compression level %d.", | 260 | packet_send_debug("Received illegal compression level %d.", |
261 | compression_level); | 261 | compression_level); |
@@ -330,7 +330,7 @@ do_authenticated1(Authctxt *authctxt) | |||
330 | verbose("Kerberos TGT passing disabled."); | 330 | verbose("Kerberos TGT passing disabled."); |
331 | } else { | 331 | } else { |
332 | char *kdata = packet_get_string(&dlen); | 332 | char *kdata = packet_get_string(&dlen); |
333 | packet_integrity_check(plen, 4 + dlen, type); | 333 | packet_done(); |
334 | 334 | ||
335 | /* XXX - 0x41, see creds_to_radix version */ | 335 | /* XXX - 0x41, see creds_to_radix version */ |
336 | if (kdata[0] != 0x41) { | 336 | if (kdata[0] != 0x41) { |
@@ -364,7 +364,7 @@ do_authenticated1(Authctxt *authctxt) | |||
364 | } else { | 364 | } else { |
365 | /* Accept AFS token. */ | 365 | /* Accept AFS token. */ |
366 | char *token = packet_get_string(&dlen); | 366 | char *token = packet_get_string(&dlen); |
367 | packet_integrity_check(plen, 4 + dlen, type); | 367 | packet_done(); |
368 | 368 | ||
369 | if (auth_afs_token(s->authctxt, token)) | 369 | if (auth_afs_token(s->authctxt, token)) |
370 | success = 1; | 370 | success = 1; |
@@ -39,7 +39,7 @@ | |||
39 | */ | 39 | */ |
40 | 40 | ||
41 | #include "includes.h" | 41 | #include "includes.h" |
42 | RCSID("$OpenBSD: ssh.c,v 1.153 2001/12/20 22:50:24 djm Exp $"); | 42 | RCSID("$OpenBSD: ssh.c,v 1.154 2001/12/27 20:39:58 markus Exp $"); |
43 | 43 | ||
44 | #include <openssl/evp.h> | 44 | #include <openssl/evp.h> |
45 | #include <openssl/err.h> | 45 | #include <openssl/err.h> |
@@ -976,7 +976,7 @@ ssh_session(void) | |||
976 | 976 | ||
977 | /* Read response from the server. */ | 977 | /* Read response from the server. */ |
978 | type = packet_read(&plen); | 978 | type = packet_read(&plen); |
979 | packet_integrity_check(plen, 0, type); | 979 | packet_done(); |
980 | if (type != SSH_SMSG_SUCCESS) | 980 | if (type != SSH_SMSG_SUCCESS) |
981 | log("Warning: Remote host denied authentication agent forwarding."); | 981 | log("Warning: Remote host denied authentication agent forwarding."); |
982 | } | 982 | } |
diff --git a/sshconnect1.c b/sshconnect1.c index 166e392e7..240bdffe2 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect1.c,v 1.43 2001/12/27 18:22:16 markus Exp $"); | 16 | RCSID("$OpenBSD: sshconnect1.c,v 1.44 2001/12/27 20:39:58 markus Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | #include <openssl/evp.h> | 19 | #include <openssl/evp.h> |
@@ -109,8 +109,7 @@ try_agent_authentication(void) | |||
109 | type); | 109 | type); |
110 | 110 | ||
111 | packet_get_bignum(challenge, &clen); | 111 | packet_get_bignum(challenge, &clen); |
112 | 112 | packet_done(); | |
113 | packet_integrity_check(plen, clen, type); | ||
114 | 113 | ||
115 | debug("Received RSA challenge from server."); | 114 | debug("Received RSA challenge from server."); |
116 | 115 | ||
@@ -244,8 +243,7 @@ try_rsa_authentication(int idx) | |||
244 | if ((challenge = BN_new()) == NULL) | 243 | if ((challenge = BN_new()) == NULL) |
245 | fatal("try_rsa_authentication: BN_new failed"); | 244 | fatal("try_rsa_authentication: BN_new failed"); |
246 | packet_get_bignum(challenge, &clen); | 245 | packet_get_bignum(challenge, &clen); |
247 | 246 | packet_done(); | |
248 | packet_integrity_check(plen, clen, type); | ||
249 | 247 | ||
250 | debug("Received RSA challenge from server."); | 248 | debug("Received RSA challenge from server."); |
251 | 249 | ||
@@ -359,8 +357,7 @@ try_rhosts_rsa_authentication(const char *local_user, Key * host_key) | |||
359 | if ((challenge = BN_new()) == NULL) | 357 | if ((challenge = BN_new()) == NULL) |
360 | fatal("try_rhosts_rsa_authentication: BN_new failed"); | 358 | fatal("try_rhosts_rsa_authentication: BN_new failed"); |
361 | packet_get_bignum(challenge, &clen); | 359 | packet_get_bignum(challenge, &clen); |
362 | 360 | packet_done(); | |
363 | packet_integrity_check(plen, clen, type); | ||
364 | 361 | ||
365 | debug("Received RSA challenge for host key from server."); | 362 | debug("Received RSA challenge for host key from server."); |
366 | 363 | ||
@@ -467,7 +464,7 @@ try_krb4_authentication(void) | |||
467 | memcpy(auth.dat, reply, auth.length); | 464 | memcpy(auth.dat, reply, auth.length); |
468 | xfree(reply); | 465 | xfree(reply); |
469 | 466 | ||
470 | packet_integrity_check(plen, 4 + auth.length, type); | 467 | packet_done(); |
471 | 468 | ||
472 | /* | 469 | /* |
473 | * If his response isn't properly encrypted with the session | 470 | * If his response isn't properly encrypted with the session |
@@ -576,8 +573,7 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context) | |||
576 | 573 | ||
577 | /* Get server's response. */ | 574 | /* Get server's response. */ |
578 | ap.data = packet_get_string((unsigned int *) &ap.length); | 575 | ap.data = packet_get_string((unsigned int *) &ap.length); |
579 | 576 | packet_done(); | |
580 | packet_integrity_check(payload_len, 4 + ap.length, type); | ||
581 | /* XXX je to dobre? */ | 577 | /* XXX je to dobre? */ |
582 | 578 | ||
583 | problem = krb5_rd_rep(*context, *auth_context, &ap, &reply); | 579 | problem = krb5_rd_rep(*context, *auth_context, &ap, &reply); |
@@ -842,7 +838,7 @@ try_challenge_response_authentication(void) | |||
842 | return 0; | 838 | return 0; |
843 | } | 839 | } |
844 | challenge = packet_get_string(&clen); | 840 | challenge = packet_get_string(&clen); |
845 | packet_integrity_check(payload_len, (4 + clen), type); | 841 | packet_done(); |
846 | snprintf(prompt, sizeof prompt, "%s%s", challenge, | 842 | snprintf(prompt, sizeof prompt, "%s%s", challenge, |
847 | strchr(challenge, '\n') ? "" : "\nResponse: "); | 843 | strchr(challenge, '\n') ? "" : "\nResponse: "); |
848 | xfree(challenge); | 844 | xfree(challenge); |
@@ -968,13 +964,11 @@ ssh_kex(char *host, struct sockaddr *hostaddr) | |||
968 | 964 | ||
969 | supported_ciphers = packet_get_int(); | 965 | supported_ciphers = packet_get_int(); |
970 | supported_authentications = packet_get_int(); | 966 | supported_authentications = packet_get_int(); |
967 | packet_done(); | ||
971 | 968 | ||
972 | debug("Received server public key (%d bits) and host key (%d bits).", | 969 | debug("Received server public key (%d bits) and host key (%d bits).", |
973 | BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n)); | 970 | BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n)); |
974 | 971 | ||
975 | packet_integrity_check(payload_len, | ||
976 | 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4, | ||
977 | SSH_SMSG_PUBLIC_KEY); | ||
978 | if (verify_host_key(host, hostaddr, host_key) == -1) | 972 | if (verify_host_key(host, hostaddr, host_key) == -1) |
979 | fatal("Host key verification failed."); | 973 | fatal("Host key verification failed."); |
980 | 974 | ||
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: sshd.c,v 1.218 2001/12/27 18:22:16 markus Exp $"); | 43 | RCSID("$OpenBSD: sshd.c,v 1.219 2001/12/27 20:39:58 markus Exp $"); |
44 | 44 | ||
45 | #include <openssl/dh.h> | 45 | #include <openssl/dh.h> |
46 | #include <openssl/bn.h> | 46 | #include <openssl/bn.h> |
@@ -1358,8 +1358,7 @@ do_ssh1_kex(void) | |||
1358 | 1358 | ||
1359 | protocol_flags = packet_get_int(); | 1359 | protocol_flags = packet_get_int(); |
1360 | packet_set_protocol_flags(protocol_flags); | 1360 | packet_set_protocol_flags(protocol_flags); |
1361 | 1361 | packet_done(); | |
1362 | packet_integrity_check(plen, 1 + 8 + slen + 4, SSH_CMSG_SESSION_KEY); | ||
1363 | 1362 | ||
1364 | /* | 1363 | /* |
1365 | * Decrypt it using our private server key and private host key (key | 1364 | * Decrypt it using our private server key and private host key (key |