diff options
Diffstat (limited to 'deattack.c')
| -rw-r--r-- | deattack.c | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/deattack.c b/deattack.c index 8b55d6686..d174abc76 100644 --- a/deattack.c +++ b/deattack.c | |||
| @@ -27,6 +27,24 @@ RCSID("$OpenBSD: deattack.c,v 1.19 2003/09/18 08:49:45 markus Exp $"); | |||
| 27 | #include "xmalloc.h" | 27 | #include "xmalloc.h" |
| 28 | #include "deattack.h" | 28 | #include "deattack.h" |
| 29 | 29 | ||
| 30 | /* | ||
| 31 | * CRC attack detection has a worst-case behaviour that is O(N^3) over | ||
| 32 | * the number of identical blocks in a packet. This behaviour can be | ||
| 33 | * exploited to create a limited denial of service attack. | ||
| 34 | * | ||
| 35 | * However, because we are dealing with encrypted data, identical | ||
| 36 | * blocks should only occur every 2^35 maximally-sized packets or so. | ||
| 37 | * Consequently, we can detect this DoS by looking for identical blocks | ||
| 38 | * in a packet. | ||
| 39 | * | ||
| 40 | * The parameter below determines how many identical blocks we will | ||
| 41 | * accept in a single packet, trading off between attack detection and | ||
| 42 | * likelihood of terminating a legitimate connection. A value of 32 | ||
| 43 | * corresponds to an average of 2^40 messages before an attack is | ||
| 44 | * misdetected | ||
| 45 | */ | ||
| 46 | #define MAX_IDENTICAL 32 | ||
| 47 | |||
| 30 | /* SSH Constants */ | 48 | /* SSH Constants */ |
| 31 | #define SSH_MAXBLOCKS (32 * 1024) | 49 | #define SSH_MAXBLOCKS (32 * 1024) |
| 32 | #define SSH_BLOCKSIZE (8) | 50 | #define SSH_BLOCKSIZE (8) |
| @@ -87,7 +105,7 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV) | |||
| 87 | static u_int16_t *h = (u_int16_t *) NULL; | 105 | static u_int16_t *h = (u_int16_t *) NULL; |
| 88 | static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE; | 106 | static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE; |
| 89 | u_int32_t i, j; | 107 | u_int32_t i, j; |
| 90 | u_int32_t l; | 108 | u_int32_t l, same; |
| 91 | u_char *c; | 109 | u_char *c; |
| 92 | u_char *d; | 110 | u_char *d; |
| 93 | 111 | ||
| @@ -133,17 +151,21 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV) | |||
| 133 | if (IV) | 151 | if (IV) |
| 134 | h[HASH(IV) & (n - 1)] = HASH_IV; | 152 | h[HASH(IV) & (n - 1)] = HASH_IV; |
| 135 | 153 | ||
| 136 | for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) { | 154 | for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) { |
| 137 | for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; | 155 | for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; |
| 138 | i = (i + 1) & (n - 1)) { | 156 | i = (i + 1) & (n - 1)) { |
| 139 | if (h[i] == HASH_IV) { | 157 | if (h[i] == HASH_IV) { |
| 140 | if (!CMP(c, IV)) { | 158 | if (!CMP(c, IV)) { |
| 159 | if (++same > MAX_IDENTICAL) | ||
| 160 | return (DEATTACK_DOS_DETECTED); | ||
| 141 | if (check_crc(c, buf, len, IV)) | 161 | if (check_crc(c, buf, len, IV)) |
| 142 | return (DEATTACK_DETECTED); | 162 | return (DEATTACK_DETECTED); |
| 143 | else | 163 | else |
| 144 | break; | 164 | break; |
| 145 | } | 165 | } |
| 146 | } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) { | 166 | } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) { |
| 167 | if (++same > MAX_IDENTICAL) | ||
| 168 | return (DEATTACK_DOS_DETECTED); | ||
| 147 | if (check_crc(c, buf, len, IV)) | 169 | if (check_crc(c, buf, len, IV)) |
| 148 | return (DEATTACK_DETECTED); | 170 | return (DEATTACK_DETECTED); |
| 149 | else | 171 | else |