diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | compat.c | 22 | ||||
-rw-r--r-- | compat.h | 3 | ||||
-rw-r--r-- | kex.c | 5 |
4 files changed, 23 insertions, 13 deletions
@@ -24,6 +24,10 @@ | |||
24 | [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] | 24 | [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] |
25 | [readconf.h serverloop.c sshconnect2.c] | 25 | [readconf.h serverloop.c sshconnect2.c] |
26 | backout rekeying changes (for 3.6.1) | 26 | backout rekeying changes (for 3.6.1) |
27 | - markus@cvs.openbsd.org 2003/04/01 10:31:26 | ||
28 | [compat.c compat.h kex.c] | ||
29 | bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@; | ||
30 | tested by ho@ and myself | ||
27 | 31 | ||
28 | 20030326 | 32 | 20030326 |
29 | - (djm) OpenBSD CVS Sync | 33 | - (djm) OpenBSD CVS Sync |
@@ -1286,4 +1290,4 @@ | |||
1286 | save auth method before monitor_reset_key_state(); bugzilla bug #284; | 1290 | save auth method before monitor_reset_key_state(); bugzilla bug #284; |
1287 | ok provos@ | 1291 | ok provos@ |
1288 | 1292 | ||
1289 | $Id: ChangeLog,v 1.2644 2003/04/01 11:43:39 djm Exp $ | 1293 | $Id: ChangeLog,v 1.2645 2003/04/01 11:44:37 djm Exp $ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: compat.c,v 1.65 2002/09/27 10:42:09 mickey Exp $"); | 26 | RCSID("$OpenBSD: compat.c,v 1.66 2003/04/01 10:31:26 markus Exp $"); |
27 | 27 | ||
28 | #include "buffer.h" | 28 | #include "buffer.h" |
29 | #include "packet.h" | 29 | #include "packet.h" |
@@ -85,10 +85,12 @@ compat_datafellows(const char *version) | |||
85 | { "*MindTerm*", 0 }, | 85 | { "*MindTerm*", 0 }, |
86 | { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 86 | { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
87 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | 87 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
88 | SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, | 88 | SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE| |
89 | SSH_BUG_FIRSTKEX }, | ||
89 | { "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 90 | { "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
90 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | 91 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
91 | SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, | 92 | SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE| |
93 | SSH_BUG_FIRSTKEX }, | ||
92 | { "2.0.13*," | 94 | { "2.0.13*," |
93 | "2.0.14*," | 95 | "2.0.14*," |
94 | "2.0.15*," | 96 | "2.0.15*," |
@@ -100,26 +102,28 @@ compat_datafellows(const char *version) | |||
100 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| | 102 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
101 | SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| | 103 | SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| |
102 | SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE| | 104 | SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE| |
103 | SSH_BUG_DUMMYCHAN }, | 105 | SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX }, |
104 | { "2.0.11*," | 106 | { "2.0.11*," |
105 | "2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 107 | "2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
106 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | 108 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
107 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| | 109 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
108 | SSH_BUG_PKAUTH|SSH_BUG_PKOK| | 110 | SSH_BUG_PKAUTH|SSH_BUG_PKOK| |
109 | SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| | 111 | SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| |
110 | SSH_BUG_DUMMYCHAN }, | 112 | SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX }, |
111 | { "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 113 | { "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
112 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | 114 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
113 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| | 115 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
114 | SSH_BUG_PKAUTH|SSH_BUG_PKOK| | 116 | SSH_BUG_PKAUTH|SSH_BUG_PKOK| |
115 | SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| | 117 | SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| |
116 | SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN }, | 118 | SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN| |
119 | SSH_BUG_FIRSTKEX }, | ||
117 | { "2.2.0*," | 120 | { "2.2.0*," |
118 | "2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG| | 121 | "2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG| |
119 | SSH_BUG_RSASIGMD5 }, | 122 | SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX }, |
120 | { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5 }, | 123 | { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5| |
124 | SSH_BUG_FIRSTKEX }, | ||
121 | { "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */ | 125 | { "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */ |
122 | { "2.*", SSH_BUG_DEBUG }, | 126 | { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX }, |
123 | { "3.0.*", SSH_BUG_DEBUG }, | 127 | { "3.0.*", SSH_BUG_DEBUG }, |
124 | { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, | 128 | { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, |
125 | { "1.7 SecureFX*", SSH_OLD_SESSIONID }, | 129 | { "1.7 SecureFX*", SSH_OLD_SESSIONID }, |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: compat.h,v 1.33 2002/09/27 10:42:09 mickey Exp $ */ | 1 | /* $OpenBSD: compat.h,v 1.34 2003/04/01 10:31:26 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. |
@@ -55,6 +55,7 @@ | |||
55 | #define SSH_BUG_EXTEOF 0x00200000 | 55 | #define SSH_BUG_EXTEOF 0x00200000 |
56 | #define SSH_BUG_K5USER 0x00400000 | 56 | #define SSH_BUG_K5USER 0x00400000 |
57 | #define SSH_BUG_PROBE 0x00800000 | 57 | #define SSH_BUG_PROBE 0x00800000 |
58 | #define SSH_BUG_FIRSTKEX 0x01000000 | ||
58 | 59 | ||
59 | void enable_compat13(void); | 60 | void enable_compat13(void); |
60 | void enable_compat20(void); | 61 | void enable_compat20(void); |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: kex.c,v 1.54 2003/02/16 17:09:57 markus Exp $"); | 26 | RCSID("$OpenBSD: kex.c,v 1.55 2003/04/01 10:31:26 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/crypto.h> | 28 | #include <openssl/crypto.h> |
29 | 29 | ||
@@ -392,7 +392,8 @@ kex_choose_conf(Kex *kex) | |||
392 | kex->we_need = need; | 392 | kex->we_need = need; |
393 | 393 | ||
394 | /* ignore the next message if the proposals do not match */ | 394 | /* ignore the next message if the proposals do not match */ |
395 | if (first_kex_follows && !proposals_match(my, peer)) { | 395 | if (first_kex_follows && !proposals_match(my, peer) && |
396 | !(datafellows & SSH_BUG_FIRSTKEX)) { | ||
396 | type = packet_read(); | 397 | type = packet_read(); |
397 | debug2("skipping next packet (type %u)", type); | 398 | debug2("skipping next packet (type %u)", type); |
398 | } | 399 | } |