diff options
Diffstat (limited to 'packet.c')
-rw-r--r-- | packet.c | 205 |
1 files changed, 58 insertions, 147 deletions
@@ -37,7 +37,7 @@ | |||
37 | */ | 37 | */ |
38 | 38 | ||
39 | #include "includes.h" | 39 | #include "includes.h" |
40 | RCSID("$OpenBSD: packet.c,v 1.61 2001/04/05 10:42:51 markus Exp $"); | 40 | RCSID("$OpenBSD: packet.c,v 1.62 2001/05/28 23:58:35 markus Exp $"); |
41 | 41 | ||
42 | #include "xmalloc.h" | 42 | #include "xmalloc.h" |
43 | #include "buffer.h" | 43 | #include "buffer.h" |
@@ -75,12 +75,6 @@ RCSID("$OpenBSD: packet.c,v 1.61 2001/04/05 10:42:51 markus Exp $"); | |||
75 | static int connection_in = -1; | 75 | static int connection_in = -1; |
76 | static int connection_out = -1; | 76 | static int connection_out = -1; |
77 | 77 | ||
78 | /* | ||
79 | * Cipher type. This value is only used to determine whether to pad the | ||
80 | * packets with zeroes or random data. | ||
81 | */ | ||
82 | static int cipher_type = SSH_CIPHER_NONE; | ||
83 | |||
84 | /* Protocol flags for the remote side. */ | 78 | /* Protocol flags for the remote side. */ |
85 | static u_int remote_protocol_flags = 0; | 79 | static u_int remote_protocol_flags = 0; |
86 | 80 | ||
@@ -118,20 +112,9 @@ static int initialized = 0; | |||
118 | /* Set to true if the connection is interactive. */ | 112 | /* Set to true if the connection is interactive. */ |
119 | static int interactive_mode = 0; | 113 | static int interactive_mode = 0; |
120 | 114 | ||
121 | /* True if SSH2 packet format is used */ | ||
122 | int use_ssh2_packet_format = 0; | ||
123 | |||
124 | /* Session key information for Encryption and MAC */ | 115 | /* Session key information for Encryption and MAC */ |
125 | Newkeys *newkeys[MODE_MAX]; | 116 | Newkeys *newkeys[MODE_MAX]; |
126 | 117 | ||
127 | void | ||
128 | packet_set_ssh2_format(void) | ||
129 | { | ||
130 | DBG(debug("use_ssh2_packet_format")); | ||
131 | use_ssh2_packet_format = 1; | ||
132 | newkeys[MODE_IN] = newkeys[MODE_OUT] = NULL; | ||
133 | } | ||
134 | |||
135 | /* | 118 | /* |
136 | * Sets the descriptors used for communication. Disables encryption until | 119 | * Sets the descriptors used for communication. Disables encryption until |
137 | * packet_set_encryption_key is called. | 120 | * packet_set_encryption_key is called. |
@@ -144,9 +127,9 @@ packet_set_connection(int fd_in, int fd_out) | |||
144 | fatal("packet_set_connection: cannot load cipher 'none'"); | 127 | fatal("packet_set_connection: cannot load cipher 'none'"); |
145 | connection_in = fd_in; | 128 | connection_in = fd_in; |
146 | connection_out = fd_out; | 129 | connection_out = fd_out; |
147 | cipher_type = SSH_CIPHER_NONE; | ||
148 | cipher_init(&send_context, none, (u_char *) "", 0, NULL, 0); | 130 | cipher_init(&send_context, none, (u_char *) "", 0, NULL, 0); |
149 | cipher_init(&receive_context, none, (u_char *) "", 0, NULL, 0); | 131 | cipher_init(&receive_context, none, (u_char *) "", 0, NULL, 0); |
132 | newkeys[MODE_IN] = newkeys[MODE_OUT] = NULL; | ||
150 | if (!initialized) { | 133 | if (!initialized) { |
151 | initialized = 1; | 134 | initialized = 1; |
152 | buffer_init(&input); | 135 | buffer_init(&input); |
@@ -290,7 +273,7 @@ packet_init_compression() | |||
290 | void | 273 | void |
291 | packet_start_compression(int level) | 274 | packet_start_compression(int level) |
292 | { | 275 | { |
293 | if (packet_compression && !use_ssh2_packet_format) | 276 | if (packet_compression && !compat20) |
294 | fatal("Compression already enabled."); | 277 | fatal("Compression already enabled."); |
295 | packet_compression = 1; | 278 | packet_compression = 1; |
296 | packet_init_compression(); | 279 | packet_init_compression(); |
@@ -299,43 +282,10 @@ packet_start_compression(int level) | |||
299 | } | 282 | } |
300 | 283 | ||
301 | /* | 284 | /* |
302 | * Encrypts the given number of bytes, copying from src to dest. bytes is | ||
303 | * known to be a multiple of 8. | ||
304 | */ | ||
305 | |||
306 | void | ||
307 | packet_encrypt(CipherContext * cc, void *dest, void *src, | ||
308 | u_int bytes) | ||
309 | { | ||
310 | cipher_encrypt(cc, dest, src, bytes); | ||
311 | } | ||
312 | |||
313 | /* | ||
314 | * Decrypts the given number of bytes, copying from src to dest. bytes is | ||
315 | * known to be a multiple of 8. | ||
316 | */ | ||
317 | |||
318 | void | ||
319 | packet_decrypt(CipherContext *context, void *dest, void *src, u_int bytes) | ||
320 | { | ||
321 | /* | ||
322 | * Cryptographic attack detector for ssh - Modifications for packet.c | ||
323 | * (C)1998 CORE-SDI, Buenos Aires Argentina Ariel Futoransky(futo@core-sdi.com) | ||
324 | */ | ||
325 | if (!compat20 && | ||
326 | context->cipher->number != SSH_CIPHER_NONE && | ||
327 | detect_attack(src, bytes, NULL) == DEATTACK_DETECTED) | ||
328 | packet_disconnect("crc32 compensation attack: network attack detected"); | ||
329 | |||
330 | cipher_decrypt(context, dest, src, bytes); | ||
331 | } | ||
332 | |||
333 | /* | ||
334 | * Causes any further packets to be encrypted using the given key. The same | 285 | * Causes any further packets to be encrypted using the given key. The same |
335 | * key is used for both sending and reception. However, both directions are | 286 | * key is used for both sending and reception. However, both directions are |
336 | * encrypted independently of each other. | 287 | * encrypted independently of each other. |
337 | */ | 288 | */ |
338 | |||
339 | void | 289 | void |
340 | packet_set_encryption_key(const u_char *key, u_int keylen, | 290 | packet_set_encryption_key(const u_char *key, u_int keylen, |
341 | int number) | 291 | int number) |
@@ -349,61 +299,33 @@ packet_set_encryption_key(const u_char *key, u_int keylen, | |||
349 | cipher_init(&send_context, cipher, key, keylen, NULL, 0); | 299 | cipher_init(&send_context, cipher, key, keylen, NULL, 0); |
350 | } | 300 | } |
351 | 301 | ||
352 | /* Starts constructing a packet to send. */ | 302 | /* Start constructing a packet to send. */ |
353 | |||
354 | void | 303 | void |
355 | packet_start1(int type) | 304 | packet_start(u_char type) |
356 | { | 305 | { |
357 | char buf[9]; | 306 | u_char buf[9]; |
358 | 307 | int len; | |
359 | buffer_clear(&outgoing_packet); | ||
360 | memset(buf, 0, 8); | ||
361 | buf[8] = type; | ||
362 | buffer_append(&outgoing_packet, buf, 9); | ||
363 | } | ||
364 | |||
365 | void | ||
366 | packet_start2(int type) | ||
367 | { | ||
368 | char buf[4+1+1]; | ||
369 | |||
370 | buffer_clear(&outgoing_packet); | ||
371 | memset(buf, 0, sizeof buf); | ||
372 | /* buf[0..3] = payload_len; */ | ||
373 | /* buf[4] = pad_len; */ | ||
374 | buf[5] = type & 0xff; | ||
375 | buffer_append(&outgoing_packet, buf, sizeof buf); | ||
376 | } | ||
377 | 308 | ||
378 | void | ||
379 | packet_start(int type) | ||
380 | { | ||
381 | DBG(debug("packet_start[%d]", type)); | 309 | DBG(debug("packet_start[%d]", type)); |
382 | if (use_ssh2_packet_format) | 310 | len = compat20 ? 6 : 9; |
383 | packet_start2(type); | 311 | memset(buf, 0, len - 1); |
384 | else | 312 | buf[len - 1] = type; |
385 | packet_start1(type); | 313 | buffer_clear(&outgoing_packet); |
314 | buffer_append(&outgoing_packet, buf, len); | ||
386 | } | 315 | } |
387 | 316 | ||
388 | /* Appends a character to the packet data. */ | 317 | /* Append payload. */ |
389 | |||
390 | void | 318 | void |
391 | packet_put_char(int value) | 319 | packet_put_char(int value) |
392 | { | 320 | { |
393 | char ch = value; | 321 | char ch = value; |
394 | buffer_append(&outgoing_packet, &ch, 1); | 322 | buffer_append(&outgoing_packet, &ch, 1); |
395 | } | 323 | } |
396 | |||
397 | /* Appends an integer to the packet data. */ | ||
398 | |||
399 | void | 324 | void |
400 | packet_put_int(u_int value) | 325 | packet_put_int(u_int value) |
401 | { | 326 | { |
402 | buffer_put_int(&outgoing_packet, value); | 327 | buffer_put_int(&outgoing_packet, value); |
403 | } | 328 | } |
404 | |||
405 | /* Appends a string to packet data. */ | ||
406 | |||
407 | void | 329 | void |
408 | packet_put_string(const char *buf, u_int len) | 330 | packet_put_string(const char *buf, u_int len) |
409 | { | 331 | { |
@@ -414,16 +336,11 @@ packet_put_cstring(const char *str) | |||
414 | { | 336 | { |
415 | buffer_put_string(&outgoing_packet, str, strlen(str)); | 337 | buffer_put_string(&outgoing_packet, str, strlen(str)); |
416 | } | 338 | } |
417 | |||
418 | void | 339 | void |
419 | packet_put_raw(const char *buf, u_int len) | 340 | packet_put_raw(const char *buf, u_int len) |
420 | { | 341 | { |
421 | buffer_append(&outgoing_packet, buf, len); | 342 | buffer_append(&outgoing_packet, buf, len); |
422 | } | 343 | } |
423 | |||
424 | |||
425 | /* Appends an arbitrary precision integer to packet data. */ | ||
426 | |||
427 | void | 344 | void |
428 | packet_put_bignum(BIGNUM * value) | 345 | packet_put_bignum(BIGNUM * value) |
429 | { | 346 | { |
@@ -468,7 +385,7 @@ packet_send1(void) | |||
468 | 385 | ||
469 | /* Insert padding. Initialized to zero in packet_start1() */ | 386 | /* Insert padding. Initialized to zero in packet_start1() */ |
470 | padding = 8 - len % 8; | 387 | padding = 8 - len % 8; |
471 | if (cipher_type != SSH_CIPHER_NONE) { | 388 | if (send_context.cipher->number != SSH_CIPHER_NONE) { |
472 | cp = buffer_ptr(&outgoing_packet); | 389 | cp = buffer_ptr(&outgoing_packet); |
473 | for (i = 0; i < padding; i++) { | 390 | for (i = 0; i < padding; i++) { |
474 | if (i % 4 == 0) | 391 | if (i % 4 == 0) |
@@ -494,7 +411,7 @@ packet_send1(void) | |||
494 | PUT_32BIT(buf, len); | 411 | PUT_32BIT(buf, len); |
495 | buffer_append(&output, buf, 4); | 412 | buffer_append(&output, buf, 4); |
496 | buffer_append_space(&output, &cp, buffer_len(&outgoing_packet)); | 413 | buffer_append_space(&output, &cp, buffer_len(&outgoing_packet)); |
497 | packet_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet), | 414 | cipher_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet), |
498 | buffer_len(&outgoing_packet)); | 415 | buffer_len(&outgoing_packet)); |
499 | 416 | ||
500 | #ifdef PACKET_DEBUG | 417 | #ifdef PACKET_DEBUG |
@@ -568,12 +485,11 @@ void | |||
568 | packet_send2(void) | 485 | packet_send2(void) |
569 | { | 486 | { |
570 | static u_int32_t seqnr = 0; | 487 | static u_int32_t seqnr = 0; |
571 | u_char *macbuf = NULL; | 488 | u_char type, *ucp, *macbuf = NULL; |
572 | char *cp; | 489 | char *cp; |
573 | u_int packet_length = 0; | 490 | u_int packet_length = 0; |
574 | u_int i, padlen, len; | 491 | u_int i, padlen, len; |
575 | u_int32_t rand = 0; | 492 | u_int32_t rand = 0; |
576 | int type; | ||
577 | Enc *enc = NULL; | 493 | Enc *enc = NULL; |
578 | Mac *mac = NULL; | 494 | Mac *mac = NULL; |
579 | Comp *comp = NULL; | 495 | Comp *comp = NULL; |
@@ -586,8 +502,8 @@ packet_send2(void) | |||
586 | } | 502 | } |
587 | block_size = enc ? enc->cipher->block_size : 8; | 503 | block_size = enc ? enc->cipher->block_size : 8; |
588 | 504 | ||
589 | cp = buffer_ptr(&outgoing_packet); | 505 | ucp = (u_char *) buffer_ptr(&outgoing_packet); |
590 | type = cp[5] & 0xff; | 506 | type = ucp[5]; |
591 | 507 | ||
592 | #ifdef PACKET_DEBUG | 508 | #ifdef PACKET_DEBUG |
593 | fprintf(stderr, "plain: "); | 509 | fprintf(stderr, "plain: "); |
@@ -633,9 +549,9 @@ packet_send2(void) | |||
633 | } | 549 | } |
634 | /* packet_length includes payload, padding and padding length field */ | 550 | /* packet_length includes payload, padding and padding length field */ |
635 | packet_length = buffer_len(&outgoing_packet) - 4; | 551 | packet_length = buffer_len(&outgoing_packet) - 4; |
636 | cp = buffer_ptr(&outgoing_packet); | 552 | ucp = (u_char *)buffer_ptr(&outgoing_packet); |
637 | PUT_32BIT(cp, packet_length); | 553 | PUT_32BIT(ucp, packet_length); |
638 | cp[4] = padlen & 0xff; | 554 | ucp[4] = padlen; |
639 | DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen)); | 555 | DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen)); |
640 | 556 | ||
641 | /* compute MAC over seqnr and packet(length fields, payload, padding) */ | 557 | /* compute MAC over seqnr and packet(length fields, payload, padding) */ |
@@ -647,7 +563,7 @@ packet_send2(void) | |||
647 | } | 563 | } |
648 | /* encrypt packet and append to output buffer. */ | 564 | /* encrypt packet and append to output buffer. */ |
649 | buffer_append_space(&output, &cp, buffer_len(&outgoing_packet)); | 565 | buffer_append_space(&output, &cp, buffer_len(&outgoing_packet)); |
650 | packet_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet), | 566 | cipher_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet), |
651 | buffer_len(&outgoing_packet)); | 567 | buffer_len(&outgoing_packet)); |
652 | /* append unencrypted MAC */ | 568 | /* append unencrypted MAC */ |
653 | if (mac && mac->enabled) | 569 | if (mac && mac->enabled) |
@@ -668,7 +584,7 @@ packet_send2(void) | |||
668 | void | 584 | void |
669 | packet_send() | 585 | packet_send() |
670 | { | 586 | { |
671 | if (use_ssh2_packet_format) | 587 | if (compat20) |
672 | packet_send2(); | 588 | packet_send2(); |
673 | else | 589 | else |
674 | packet_send1(); | 590 | packet_send1(); |
@@ -699,7 +615,7 @@ packet_read(int *payload_len_ptr) | |||
699 | for (;;) { | 615 | for (;;) { |
700 | /* Try to read a packet from the buffer. */ | 616 | /* Try to read a packet from the buffer. */ |
701 | type = packet_read_poll(payload_len_ptr); | 617 | type = packet_read_poll(payload_len_ptr); |
702 | if (!use_ssh2_packet_format && ( | 618 | if (!compat20 && ( |
703 | type == SSH_SMSG_SUCCESS | 619 | type == SSH_SMSG_SUCCESS |
704 | || type == SSH_SMSG_FAILURE | 620 | || type == SSH_SMSG_FAILURE |
705 | || type == SSH_CMSG_EOF | 621 | || type == SSH_CMSG_EOF |
@@ -772,8 +688,8 @@ int | |||
772 | packet_read_poll1(int *payload_len_ptr) | 688 | packet_read_poll1(int *payload_len_ptr) |
773 | { | 689 | { |
774 | u_int len, padded_len; | 690 | u_int len, padded_len; |
775 | u_char *ucp; | 691 | u_char *ucp, type; |
776 | char buf[8], *cp; | 692 | char *cp; |
777 | u_int checksum, stored_checksum; | 693 | u_int checksum, stored_checksum; |
778 | 694 | ||
779 | /* Check if input size is less than minimum packet size. */ | 695 | /* Check if input size is less than minimum packet size. */ |
@@ -795,10 +711,20 @@ packet_read_poll1(int *payload_len_ptr) | |||
795 | /* Consume packet length. */ | 711 | /* Consume packet length. */ |
796 | buffer_consume(&input, 4); | 712 | buffer_consume(&input, 4); |
797 | 713 | ||
798 | /* Copy data to incoming_packet. */ | 714 | /* |
715 | * Cryptographic attack detector for ssh | ||
716 | * (C)1998 CORE-SDI, Buenos Aires Argentina | ||
717 | * Ariel Futoransky(futo@core-sdi.com) | ||
718 | */ | ||
719 | if (receive_context.cipher->number != SSH_CIPHER_NONE && | ||
720 | detect_attack(buffer_ptr(&input), padded_len, NULL) == DEATTACK_DETECTED) | ||
721 | packet_disconnect("crc32 compensation attack: network attack detected"); | ||
722 | |||
723 | /* Decrypt data to incoming_packet. */ | ||
799 | buffer_clear(&incoming_packet); | 724 | buffer_clear(&incoming_packet); |
800 | buffer_append_space(&incoming_packet, &cp, padded_len); | 725 | buffer_append_space(&incoming_packet, &cp, padded_len); |
801 | packet_decrypt(&receive_context, cp, buffer_ptr(&input), padded_len); | 726 | cipher_decrypt(&receive_context, cp, buffer_ptr(&input), padded_len); |
727 | |||
802 | buffer_consume(&input, padded_len); | 728 | buffer_consume(&input, padded_len); |
803 | 729 | ||
804 | #ifdef PACKET_DEBUG | 730 | #ifdef PACKET_DEBUG |
@@ -814,7 +740,6 @@ packet_read_poll1(int *payload_len_ptr) | |||
814 | buffer_consume(&incoming_packet, 8 - len % 8); | 740 | buffer_consume(&incoming_packet, 8 - len % 8); |
815 | 741 | ||
816 | /* Test check bytes. */ | 742 | /* Test check bytes. */ |
817 | |||
818 | if (len != buffer_len(&incoming_packet)) | 743 | if (len != buffer_len(&incoming_packet)) |
819 | packet_disconnect("packet_read_poll: len %d != buffer_len %d.", | 744 | packet_disconnect("packet_read_poll: len %d != buffer_len %d.", |
820 | len, buffer_len(&incoming_packet)); | 745 | len, buffer_len(&incoming_packet)); |
@@ -825,7 +750,6 @@ packet_read_poll1(int *payload_len_ptr) | |||
825 | packet_disconnect("Corrupted check bytes on input."); | 750 | packet_disconnect("Corrupted check bytes on input."); |
826 | buffer_consume_end(&incoming_packet, 4); | 751 | buffer_consume_end(&incoming_packet, 4); |
827 | 752 | ||
828 | /* If using packet compression, decompress the packet. */ | ||
829 | if (packet_compression) { | 753 | if (packet_compression) { |
830 | buffer_clear(&compression_buffer); | 754 | buffer_clear(&compression_buffer); |
831 | buffer_uncompress(&incoming_packet, &compression_buffer); | 755 | buffer_uncompress(&incoming_packet, &compression_buffer); |
@@ -833,14 +757,9 @@ packet_read_poll1(int *payload_len_ptr) | |||
833 | buffer_append(&incoming_packet, buffer_ptr(&compression_buffer), | 757 | buffer_append(&incoming_packet, buffer_ptr(&compression_buffer), |
834 | buffer_len(&compression_buffer)); | 758 | buffer_len(&compression_buffer)); |
835 | } | 759 | } |
836 | /* Get packet type. */ | 760 | type = buffer_get_char(&incoming_packet); |
837 | buffer_get(&incoming_packet, &buf[0], 1); | ||
838 | |||
839 | /* Return length of payload (without type field). */ | ||
840 | *payload_len_ptr = buffer_len(&incoming_packet); | 761 | *payload_len_ptr = buffer_len(&incoming_packet); |
841 | 762 | return type; | |
842 | /* Return type. */ | ||
843 | return (u_char) buf[0]; | ||
844 | } | 763 | } |
845 | 764 | ||
846 | int | 765 | int |
@@ -849,10 +768,8 @@ packet_read_poll2(int *payload_len_ptr) | |||
849 | static u_int32_t seqnr = 0; | 768 | static u_int32_t seqnr = 0; |
850 | static u_int packet_length = 0; | 769 | static u_int packet_length = 0; |
851 | u_int padlen, need; | 770 | u_int padlen, need; |
852 | u_char buf[8], *macbuf; | 771 | u_char *macbuf, *ucp, type; |
853 | u_char *ucp; | ||
854 | char *cp; | 772 | char *cp; |
855 | int type; | ||
856 | int maclen, block_size; | 773 | int maclen, block_size; |
857 | Enc *enc = NULL; | 774 | Enc *enc = NULL; |
858 | Mac *mac = NULL; | 775 | Mac *mac = NULL; |
@@ -875,7 +792,7 @@ packet_read_poll2(int *payload_len_ptr) | |||
875 | return SSH_MSG_NONE; | 792 | return SSH_MSG_NONE; |
876 | buffer_clear(&incoming_packet); | 793 | buffer_clear(&incoming_packet); |
877 | buffer_append_space(&incoming_packet, &cp, block_size); | 794 | buffer_append_space(&incoming_packet, &cp, block_size); |
878 | packet_decrypt(&receive_context, cp, buffer_ptr(&input), | 795 | cipher_decrypt(&receive_context, cp, buffer_ptr(&input), |
879 | block_size); | 796 | block_size); |
880 | ucp = (u_char *) buffer_ptr(&incoming_packet); | 797 | ucp = (u_char *) buffer_ptr(&incoming_packet); |
881 | packet_length = GET_32BIT(ucp); | 798 | packet_length = GET_32BIT(ucp); |
@@ -904,7 +821,7 @@ packet_read_poll2(int *payload_len_ptr) | |||
904 | buffer_dump(&input); | 821 | buffer_dump(&input); |
905 | #endif | 822 | #endif |
906 | buffer_append_space(&incoming_packet, &cp, need); | 823 | buffer_append_space(&incoming_packet, &cp, need); |
907 | packet_decrypt(&receive_context, cp, buffer_ptr(&input), need); | 824 | cipher_decrypt(&receive_context, cp, buffer_ptr(&input), need); |
908 | buffer_consume(&input, need); | 825 | buffer_consume(&input, need); |
909 | /* | 826 | /* |
910 | * compute MAC over seqnr and packet, | 827 | * compute MAC over seqnr and packet, |
@@ -924,7 +841,7 @@ packet_read_poll2(int *payload_len_ptr) | |||
924 | 841 | ||
925 | /* get padlen */ | 842 | /* get padlen */ |
926 | cp = buffer_ptr(&incoming_packet) + 4; | 843 | cp = buffer_ptr(&incoming_packet) + 4; |
927 | padlen = *cp & 0xff; | 844 | padlen = (u_char) *cp; |
928 | DBG(debug("input: padlen %d", padlen)); | 845 | DBG(debug("input: padlen %d", padlen)); |
929 | if (padlen < 4) | 846 | if (padlen < 4) |
930 | packet_disconnect("Corrupted padlen %d on input.", padlen); | 847 | packet_disconnect("Corrupted padlen %d on input.", padlen); |
@@ -946,37 +863,30 @@ packet_read_poll2(int *payload_len_ptr) | |||
946 | * get packet type, implies consume. | 863 | * get packet type, implies consume. |
947 | * return length of payload (without type field) | 864 | * return length of payload (without type field) |
948 | */ | 865 | */ |
949 | buffer_get(&incoming_packet, (char *)&buf[0], 1); | 866 | type = buffer_get_char(&incoming_packet); |
950 | *payload_len_ptr = buffer_len(&incoming_packet); | ||
951 | |||
952 | /* reset for next packet */ | ||
953 | packet_length = 0; | ||
954 | |||
955 | /* extract packet type */ | ||
956 | type = (u_char)buf[0]; | ||
957 | |||
958 | if (type == SSH2_MSG_NEWKEYS) | 867 | if (type == SSH2_MSG_NEWKEYS) |
959 | set_newkeys(MODE_IN); | 868 | set_newkeys(MODE_IN); |
960 | 869 | *payload_len_ptr = buffer_len(&incoming_packet); | |
961 | #ifdef PACKET_DEBUG | 870 | #ifdef PACKET_DEBUG |
962 | fprintf(stderr, "read/plain[%d]:\r\n", type); | 871 | fprintf(stderr, "read/plain[%d]:\r\n", type); |
963 | buffer_dump(&incoming_packet); | 872 | buffer_dump(&incoming_packet); |
964 | #endif | 873 | #endif |
965 | return (u_char)type; | 874 | /* reset for next packet */ |
875 | packet_length = 0; | ||
876 | return type; | ||
966 | } | 877 | } |
967 | 878 | ||
968 | int | 879 | int |
969 | packet_read_poll(int *payload_len_ptr) | 880 | packet_read_poll(int *payload_len_ptr) |
970 | { | 881 | { |
882 | int reason; | ||
883 | u_char type; | ||
971 | char *msg; | 884 | char *msg; |
972 | for (;;) { | ||
973 | int type = use_ssh2_packet_format ? | ||
974 | packet_read_poll2(payload_len_ptr): | ||
975 | packet_read_poll1(payload_len_ptr); | ||
976 | 885 | ||
977 | if(compat20) { | 886 | for (;;) { |
978 | int reason; | 887 | if (compat20) { |
979 | if (type != 0) | 888 | type = packet_read_poll2(payload_len_ptr); |
889 | if (type) | ||
980 | DBG(debug("received packet type %d", type)); | 890 | DBG(debug("received packet type %d", type)); |
981 | switch(type) { | 891 | switch(type) { |
982 | case SSH2_MSG_IGNORE: | 892 | case SSH2_MSG_IGNORE: |
@@ -1002,6 +912,7 @@ packet_read_poll(int *payload_len_ptr) | |||
1002 | break; | 912 | break; |
1003 | } | 913 | } |
1004 | } else { | 914 | } else { |
915 | type = packet_read_poll1(payload_len_ptr); | ||
1005 | switch(type) { | 916 | switch(type) { |
1006 | case SSH_MSG_IGNORE: | 917 | case SSH_MSG_IGNORE: |
1007 | break; | 918 | break; |
@@ -1018,7 +929,7 @@ packet_read_poll(int *payload_len_ptr) | |||
1018 | xfree(msg); | 929 | xfree(msg); |
1019 | break; | 930 | break; |
1020 | default: | 931 | default: |
1021 | if (type != 0) | 932 | if (type) |
1022 | DBG(debug("received packet type %d", type)); | 933 | DBG(debug("received packet type %d", type)); |
1023 | return type; | 934 | return type; |
1024 | break; | 935 | break; |
@@ -1345,7 +1256,7 @@ packet_inject_ignore(int sumlen) | |||
1345 | int blocksize, padlen, have, need, nb, mini, nbytes; | 1256 | int blocksize, padlen, have, need, nb, mini, nbytes; |
1346 | Enc *enc = NULL; | 1257 | Enc *enc = NULL; |
1347 | 1258 | ||
1348 | if (use_ssh2_packet_format == 0) | 1259 | if (compat20 == 0) |
1349 | return; | 1260 | return; |
1350 | 1261 | ||
1351 | have = buffer_len(&outgoing_packet); | 1262 | have = buffer_len(&outgoing_packet); |