diff options
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | deattack.c | 33 | ||||
-rw-r--r-- | deattack.h | 4 |
3 files changed, 15 insertions, 30 deletions
@@ -56,6 +56,12 @@ | |||
56 | - jakob@cvs.openbsd.org 2006/03/22 21:16:24 | 56 | - jakob@cvs.openbsd.org 2006/03/22 21:16:24 |
57 | [ssh.1] | 57 | [ssh.1] |
58 | simplify SSHFP example; ok jmc@ | 58 | simplify SSHFP example; ok jmc@ |
59 | - djm@cvs.openbsd.org 2006/03/22 21:27:15 | ||
60 | [deattack.c deattack.h] | ||
61 | remove IV support from the CRC attack detector, OpenSSH has never used | ||
62 | it - it only applied to IDEA-CFB, which we don't support. | ||
63 | prompted by NetBSD Coverity report via elad AT netbsd.org; | ||
64 | feedback markus@ "nuke it" deraadt@ | ||
59 | 65 | ||
60 | 20060318 | 66 | 20060318 |
61 | - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via | 67 | - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via |
@@ -4248,4 +4254,4 @@ | |||
4248 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 4254 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
4249 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 4255 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
4250 | 4256 | ||
4251 | $Id: ChangeLog,v 1.4240 2006/03/25 13:07:02 djm Exp $ | 4257 | $Id: ChangeLog,v 1.4241 2006/03/25 13:11:46 djm Exp $ |
diff --git a/deattack.c b/deattack.c index 3d48afc89..bf4451b88 100644 --- a/deattack.c +++ b/deattack.c | |||
@@ -49,22 +49,17 @@ static void | |||
49 | crc_update(u_int32_t *a, u_int32_t b) | 49 | crc_update(u_int32_t *a, u_int32_t b) |
50 | { | 50 | { |
51 | b ^= *a; | 51 | b ^= *a; |
52 | *a = ssh_crc32((u_char *) &b, sizeof(b)); | 52 | *a = ssh_crc32((u_char *)&b, sizeof(b)); |
53 | } | 53 | } |
54 | 54 | ||
55 | /* detect if a block is used in a particular pattern */ | 55 | /* detect if a block is used in a particular pattern */ |
56 | static int | 56 | static int |
57 | check_crc(u_char *S, u_char *buf, u_int32_t len, | 57 | check_crc(u_char *S, u_char *buf, u_int32_t len) |
58 | u_char *IV) | ||
59 | { | 58 | { |
60 | u_int32_t crc; | 59 | u_int32_t crc; |
61 | u_char *c; | 60 | u_char *c; |
62 | 61 | ||
63 | crc = 0; | 62 | crc = 0; |
64 | if (IV && !CMP(S, IV)) { | ||
65 | crc_update(&crc, 1); | ||
66 | crc_update(&crc, 0); | ||
67 | } | ||
68 | for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) { | 63 | for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) { |
69 | if (!CMP(S, c)) { | 64 | if (!CMP(S, c)) { |
70 | crc_update(&crc, 1); | 65 | crc_update(&crc, 1); |
@@ -80,7 +75,7 @@ check_crc(u_char *S, u_char *buf, u_int32_t len, | |||
80 | 75 | ||
81 | /* Detect a crc32 compensation attack on a packet */ | 76 | /* Detect a crc32 compensation attack on a packet */ |
82 | int | 77 | int |
83 | detect_attack(u_char *buf, u_int32_t len, u_char *IV) | 78 | detect_attack(u_char *buf, u_int32_t len) |
84 | { | 79 | { |
85 | static u_int16_t *h = (u_int16_t *) NULL; | 80 | static u_int16_t *h = (u_int16_t *) NULL; |
86 | static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE; | 81 | static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE; |
@@ -109,15 +104,9 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV) | |||
109 | 104 | ||
110 | if (len <= HASH_MINBLOCKS) { | 105 | if (len <= HASH_MINBLOCKS) { |
111 | for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) { | 106 | for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) { |
112 | if (IV && (!CMP(c, IV))) { | ||
113 | if ((check_crc(c, buf, len, IV))) | ||
114 | return (DEATTACK_DETECTED); | ||
115 | else | ||
116 | break; | ||
117 | } | ||
118 | for (d = buf; d < c; d += SSH_BLOCKSIZE) { | 107 | for (d = buf; d < c; d += SSH_BLOCKSIZE) { |
119 | if (!CMP(c, d)) { | 108 | if (!CMP(c, d)) { |
120 | if ((check_crc(c, buf, len, IV))) | 109 | if ((check_crc(c, buf, len))) |
121 | return (DEATTACK_DETECTED); | 110 | return (DEATTACK_DETECTED); |
122 | else | 111 | else |
123 | break; | 112 | break; |
@@ -128,21 +117,11 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV) | |||
128 | } | 117 | } |
129 | memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE); | 118 | memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE); |
130 | 119 | ||
131 | if (IV) | ||
132 | h[HASH(IV) & (n - 1)] = HASH_IV; | ||
133 | |||
134 | for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) { | 120 | for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) { |
135 | for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; | 121 | for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; |
136 | i = (i + 1) & (n - 1)) { | 122 | i = (i + 1) & (n - 1)) { |
137 | if (h[i] == HASH_IV) { | 123 | if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) { |
138 | if (!CMP(c, IV)) { | 124 | if (check_crc(c, buf, len)) |
139 | if (check_crc(c, buf, len, IV)) | ||
140 | return (DEATTACK_DETECTED); | ||
141 | else | ||
142 | break; | ||
143 | } | ||
144 | } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) { | ||
145 | if (check_crc(c, buf, len, IV)) | ||
146 | return (DEATTACK_DETECTED); | 125 | return (DEATTACK_DETECTED); |
147 | else | 126 | else |
148 | break; | 127 | break; |
diff --git a/deattack.h b/deattack.h index ddccdea50..7bb6100d0 100644 --- a/deattack.h +++ b/deattack.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: deattack.h,v 1.7 2001/06/26 17:27:23 markus Exp $ */ | 1 | /* $OpenBSD: deattack.h,v 1.8 2006/03/22 21:27:15 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Cryptographic attack detector for ssh - Header file | 4 | * Cryptographic attack detector for ssh - Header file |
@@ -26,5 +26,5 @@ | |||
26 | #define DEATTACK_OK 0 | 26 | #define DEATTACK_OK 0 |
27 | #define DEATTACK_DETECTED 1 | 27 | #define DEATTACK_DETECTED 1 |
28 | 28 | ||
29 | int detect_attack(u_char *, u_int32_t, u_char[8]); | 29 | int detect_attack(u_char *, u_int32_t); |
30 | #endif | 30 | #endif |