diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | compat.c | 4 | ||||
-rw-r--r-- | sshconnect.c | 47 |
3 files changed, 42 insertions, 14 deletions
@@ -17,6 +17,11 @@ | |||
17 | [ssh-keygen.c] | 17 | [ssh-keygen.c] |
18 | print details of which host lines were deleted when using | 18 | print details of which host lines were deleted when using |
19 | "ssh-keygen -R host"; ok markus@ | 19 | "ssh-keygen -R host"; ok markus@ |
20 | - djm@cvs.openbsd.org 2012/08/17 01:30:00 | ||
21 | [compat.c sshconnect.c] | ||
22 | Send client banner immediately, rather than waiting for the server to | ||
23 | move first for SSH protocol 2 connections (the default). Patch based on | ||
24 | one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@ | ||
20 | 25 | ||
21 | 20120830 | 26 | 20120830 |
22 | - (dtucker) [moduli] Import new moduli file. | 27 | - (dtucker) [moduli] Import new moduli file. |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: compat.c,v 1.79 2011/09/23 07:45:05 markus Exp $ */ | 1 | /* $OpenBSD: compat.c,v 1.80 2012/08/17 01:30:00 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -45,6 +45,8 @@ int datafellows = 0; | |||
45 | void | 45 | void |
46 | enable_compat20(void) | 46 | enable_compat20(void) |
47 | { | 47 | { |
48 | if (compat20) | ||
49 | return; | ||
48 | debug("Enabling compatibility mode for protocol 2.0"); | 50 | debug("Enabling compatibility mode for protocol 2.0"); |
49 | compat20 = 1; | 51 | compat20 = 1; |
50 | } | 52 | } |
diff --git a/sshconnect.c b/sshconnect.c index 0ee726637..3d44b2e46 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.234 2011/05/24 07:15:47 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.235 2012/08/17 01:30:00 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -429,6 +429,26 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
429 | return 0; | 429 | return 0; |
430 | } | 430 | } |
431 | 431 | ||
432 | static void | ||
433 | send_client_banner(int connection_out, int minor1) | ||
434 | { | ||
435 | char buf[256]; | ||
436 | |||
437 | /* Send our own protocol version identification. */ | ||
438 | if (compat20) { | ||
439 | xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", | ||
440 | PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); | ||
441 | } else { | ||
442 | xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", | ||
443 | PROTOCOL_MAJOR_1, minor1, SSH_VERSION); | ||
444 | } | ||
445 | if (roaming_atomicio(vwrite, connection_out, client_version_string, | ||
446 | strlen(client_version_string)) != strlen(client_version_string)) | ||
447 | fatal("write: %.100s", strerror(errno)); | ||
448 | chop(client_version_string); | ||
449 | debug("Local version string %.100s", client_version_string); | ||
450 | } | ||
451 | |||
432 | /* | 452 | /* |
433 | * Waits for the server identification string, and sends our own | 453 | * Waits for the server identification string, and sends our own |
434 | * identification string. | 454 | * identification string. |
@@ -440,7 +460,7 @@ ssh_exchange_identification(int timeout_ms) | |||
440 | int remote_major, remote_minor, mismatch; | 460 | int remote_major, remote_minor, mismatch; |
441 | int connection_in = packet_get_connection_in(); | 461 | int connection_in = packet_get_connection_in(); |
442 | int connection_out = packet_get_connection_out(); | 462 | int connection_out = packet_get_connection_out(); |
443 | int minor1 = PROTOCOL_MINOR_1; | 463 | int minor1 = PROTOCOL_MINOR_1, client_banner_sent = 0; |
444 | u_int i, n; | 464 | u_int i, n; |
445 | size_t len; | 465 | size_t len; |
446 | int fdsetsz, remaining, rc; | 466 | int fdsetsz, remaining, rc; |
@@ -450,6 +470,16 @@ ssh_exchange_identification(int timeout_ms) | |||
450 | fdsetsz = howmany(connection_in + 1, NFDBITS) * sizeof(fd_mask); | 470 | fdsetsz = howmany(connection_in + 1, NFDBITS) * sizeof(fd_mask); |
451 | fdset = xcalloc(1, fdsetsz); | 471 | fdset = xcalloc(1, fdsetsz); |
452 | 472 | ||
473 | /* | ||
474 | * If we are SSH2-only then we can send the banner immediately and | ||
475 | * save a round-trip. | ||
476 | */ | ||
477 | if (options.protocol == SSH_PROTO_2) { | ||
478 | enable_compat20(); | ||
479 | send_client_banner(connection_out, 0); | ||
480 | client_banner_sent = 1; | ||
481 | } | ||
482 | |||
453 | /* Read other side's version identification. */ | 483 | /* Read other side's version identification. */ |
454 | remaining = timeout_ms; | 484 | remaining = timeout_ms; |
455 | for (n = 0;;) { | 485 | for (n = 0;;) { |
@@ -552,18 +582,9 @@ ssh_exchange_identification(int timeout_ms) | |||
552 | fatal("Protocol major versions differ: %d vs. %d", | 582 | fatal("Protocol major versions differ: %d vs. %d", |
553 | (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, | 583 | (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, |
554 | remote_major); | 584 | remote_major); |
555 | /* Send our own protocol version identification. */ | 585 | if (!client_banner_sent) |
556 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", | 586 | send_client_banner(connection_out, minor1); |
557 | compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, | ||
558 | compat20 ? PROTOCOL_MINOR_2 : minor1, | ||
559 | SSH_VERSION, compat20 ? "\r\n" : "\n"); | ||
560 | if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf)) | ||
561 | != strlen(buf)) | ||
562 | fatal("write: %.100s", strerror(errno)); | ||
563 | client_version_string = xstrdup(buf); | ||
564 | chop(client_version_string); | ||
565 | chop(server_version_string); | 587 | chop(server_version_string); |
566 | debug("Local version string %.100s", client_version_string); | ||
567 | } | 588 | } |
568 | 589 | ||
569 | /* defaults to 'no' */ | 590 | /* defaults to 'no' */ |