summaryrefslogtreecommitdiff
path: root/deattack.c
diff options
context:
space:
mode:
Diffstat (limited to 'deattack.c')
-rw-r--r--deattack.c26
1 files changed, 24 insertions, 2 deletions
diff --git a/deattack.c b/deattack.c
index 8b55d6686..d174abc76 100644
--- a/deattack.c
+++ b/deattack.c
@@ -27,6 +27,24 @@ RCSID("$OpenBSD: deattack.c,v 1.19 2003/09/18 08:49:45 markus Exp $");
27#include "xmalloc.h" 27#include "xmalloc.h"
28#include "deattack.h" 28#include "deattack.h"
29 29
30/*
31 * CRC attack detection has a worst-case behaviour that is O(N^3) over
32 * the number of identical blocks in a packet. This behaviour can be
33 * exploited to create a limited denial of service attack.
34 *
35 * However, because we are dealing with encrypted data, identical
36 * blocks should only occur every 2^35 maximally-sized packets or so.
37 * Consequently, we can detect this DoS by looking for identical blocks
38 * in a packet.
39 *
40 * The parameter below determines how many identical blocks we will
41 * accept in a single packet, trading off between attack detection and
42 * likelihood of terminating a legitimate connection. A value of 32
43 * corresponds to an average of 2^40 messages before an attack is
44 * misdetected
45 */
46#define MAX_IDENTICAL 32
47
30/* SSH Constants */ 48/* SSH Constants */
31#define SSH_MAXBLOCKS (32 * 1024) 49#define SSH_MAXBLOCKS (32 * 1024)
32#define SSH_BLOCKSIZE (8) 50#define SSH_BLOCKSIZE (8)
@@ -87,7 +105,7 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV)
87 static u_int16_t *h = (u_int16_t *) NULL; 105 static u_int16_t *h = (u_int16_t *) NULL;
88 static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE; 106 static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
89 u_int32_t i, j; 107 u_int32_t i, j;
90 u_int32_t l; 108 u_int32_t l, same;
91 u_char *c; 109 u_char *c;
92 u_char *d; 110 u_char *d;
93 111
@@ -133,17 +151,21 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV)
133 if (IV) 151 if (IV)
134 h[HASH(IV) & (n - 1)] = HASH_IV; 152 h[HASH(IV) & (n - 1)] = HASH_IV;
135 153
136 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) { 154 for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
137 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; 155 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
138 i = (i + 1) & (n - 1)) { 156 i = (i + 1) & (n - 1)) {
139 if (h[i] == HASH_IV) { 157 if (h[i] == HASH_IV) {
140 if (!CMP(c, IV)) { 158 if (!CMP(c, IV)) {
159 if (++same > MAX_IDENTICAL)
160 return (DEATTACK_DOS_DETECTED);
141 if (check_crc(c, buf, len, IV)) 161 if (check_crc(c, buf, len, IV))
142 return (DEATTACK_DETECTED); 162 return (DEATTACK_DETECTED);
143 else 163 else
144 break; 164 break;
145 } 165 }
146 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) { 166 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
167 if (++same > MAX_IDENTICAL)
168 return (DEATTACK_DOS_DETECTED);
147 if (check_crc(c, buf, len, IV)) 169 if (check_crc(c, buf, len, IV))
148 return (DEATTACK_DETECTED); 170 return (DEATTACK_DETECTED);
149 else 171 else