diff options
Diffstat (limited to 'packet.c')
| -rw-r--r-- | packet.c | 80 |
1 files changed, 55 insertions, 25 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: packet.c,v 1.243 2016/10/11 21:47:45 djm Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.247 2017/03/11 13:07:35 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -353,6 +353,25 @@ ssh_packet_get_mux(struct ssh *ssh) | |||
| 353 | } | 353 | } |
| 354 | 354 | ||
| 355 | int | 355 | int |
| 356 | ssh_packet_set_log_preamble(struct ssh *ssh, const char *fmt, ...) | ||
| 357 | { | ||
| 358 | va_list args; | ||
| 359 | int r; | ||
| 360 | |||
| 361 | free(ssh->log_preamble); | ||
| 362 | if (fmt == NULL) | ||
| 363 | ssh->log_preamble = NULL; | ||
| 364 | else { | ||
| 365 | va_start(args, fmt); | ||
| 366 | r = vasprintf(&ssh->log_preamble, fmt, args); | ||
| 367 | va_end(args); | ||
| 368 | if (r < 0 || ssh->log_preamble == NULL) | ||
| 369 | return SSH_ERR_ALLOC_FAIL; | ||
| 370 | } | ||
| 371 | return 0; | ||
| 372 | } | ||
| 373 | |||
| 374 | int | ||
| 356 | ssh_packet_stop_discard(struct ssh *ssh) | 375 | ssh_packet_stop_discard(struct ssh *ssh) |
| 357 | { | 376 | { |
| 358 | struct session_state *state = ssh->state; | 377 | struct session_state *state = ssh->state; |
| @@ -1049,7 +1068,7 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) | |||
| 1049 | 1068 | ||
| 1050 | /* Time-based rekeying */ | 1069 | /* Time-based rekeying */ |
| 1051 | if (state->rekey_interval != 0 && | 1070 | if (state->rekey_interval != 0 && |
| 1052 | state->rekey_time + state->rekey_interval <= monotime()) | 1071 | (int64_t)state->rekey_time + state->rekey_interval <= monotime()) |
| 1053 | return 1; | 1072 | return 1; |
| 1054 | 1073 | ||
| 1055 | /* Always rekey when MAX_PACKETS sent in either direction */ | 1074 | /* Always rekey when MAX_PACKETS sent in either direction */ |
| @@ -1447,8 +1466,10 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | |||
| 1447 | break; | 1466 | break; |
| 1448 | } | 1467 | } |
| 1449 | } | 1468 | } |
| 1450 | if (r == 0) | 1469 | if (r == 0) { |
| 1451 | return SSH_ERR_CONN_TIMEOUT; | 1470 | r = SSH_ERR_CONN_TIMEOUT; |
| 1471 | goto out; | ||
| 1472 | } | ||
| 1452 | /* Read data from the socket. */ | 1473 | /* Read data from the socket. */ |
| 1453 | len = read(state->connection_in, buf, sizeof(buf)); | 1474 | len = read(state->connection_in, buf, sizeof(buf)); |
| 1454 | if (len == 0) { | 1475 | if (len == 0) { |
| @@ -1829,11 +1850,11 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | |||
| 1829 | if (r != SSH_ERR_MAC_INVALID) | 1850 | if (r != SSH_ERR_MAC_INVALID) |
| 1830 | goto out; | 1851 | goto out; |
| 1831 | logit("Corrupted MAC on input."); | 1852 | logit("Corrupted MAC on input."); |
| 1832 | if (need > PACKET_MAX_SIZE) | 1853 | if (need + block_size > PACKET_MAX_SIZE) |
| 1833 | return SSH_ERR_INTERNAL_ERROR; | 1854 | return SSH_ERR_INTERNAL_ERROR; |
| 1834 | return ssh_packet_start_discard(ssh, enc, mac, | 1855 | return ssh_packet_start_discard(ssh, enc, mac, |
| 1835 | sshbuf_len(state->incoming_packet), | 1856 | sshbuf_len(state->incoming_packet), |
| 1836 | PACKET_MAX_SIZE - need); | 1857 | PACKET_MAX_SIZE - need - block_size); |
| 1837 | } | 1858 | } |
| 1838 | /* Remove MAC from input buffer */ | 1859 | /* Remove MAC from input buffer */ |
| 1839 | DBG(debug("MAC #%d ok", state->p_read.seqnr)); | 1860 | DBG(debug("MAC #%d ok", state->p_read.seqnr)); |
| @@ -2074,27 +2095,36 @@ ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...) | |||
| 2074 | fatal("%s: %s", __func__, ssh_err(r)); | 2095 | fatal("%s: %s", __func__, ssh_err(r)); |
| 2075 | } | 2096 | } |
| 2076 | 2097 | ||
| 2098 | static void | ||
| 2099 | fmt_connection_id(struct ssh *ssh, char *s, size_t l) | ||
| 2100 | { | ||
| 2101 | snprintf(s, l, "%.200s%s%s port %d", | ||
| 2102 | ssh->log_preamble ? ssh->log_preamble : "", | ||
| 2103 | ssh->log_preamble ? " " : "", | ||
| 2104 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); | ||
| 2105 | } | ||
| 2106 | |||
| 2077 | /* | 2107 | /* |
| 2078 | * Pretty-print connection-terminating errors and exit. | 2108 | * Pretty-print connection-terminating errors and exit. |
| 2079 | */ | 2109 | */ |
| 2080 | void | 2110 | void |
| 2081 | sshpkt_fatal(struct ssh *ssh, const char *tag, int r) | 2111 | sshpkt_fatal(struct ssh *ssh, const char *tag, int r) |
| 2082 | { | 2112 | { |
| 2113 | char remote_id[512]; | ||
| 2114 | |||
| 2115 | fmt_connection_id(ssh, remote_id, sizeof(remote_id)); | ||
| 2116 | |||
| 2083 | switch (r) { | 2117 | switch (r) { |
| 2084 | case SSH_ERR_CONN_CLOSED: | 2118 | case SSH_ERR_CONN_CLOSED: |
| 2085 | logdie("Connection closed by %.200s port %d", | 2119 | logdie("Connection closed by %s", remote_id); |
| 2086 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); | ||
| 2087 | case SSH_ERR_CONN_TIMEOUT: | 2120 | case SSH_ERR_CONN_TIMEOUT: |
| 2088 | logdie("Connection %s %.200s port %d timed out", | 2121 | logdie("Connection %s %s timed out", |
| 2089 | ssh->state->server_side ? "from" : "to", | 2122 | ssh->state->server_side ? "from" : "to", remote_id); |
| 2090 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); | ||
| 2091 | case SSH_ERR_DISCONNECTED: | 2123 | case SSH_ERR_DISCONNECTED: |
| 2092 | logdie("Disconnected from %.200s port %d", | 2124 | logdie("Disconnected from %s", remote_id); |
| 2093 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); | ||
| 2094 | case SSH_ERR_SYSTEM_ERROR: | 2125 | case SSH_ERR_SYSTEM_ERROR: |
| 2095 | if (errno == ECONNRESET) | 2126 | if (errno == ECONNRESET) |
| 2096 | logdie("Connection reset by %.200s port %d", | 2127 | logdie("Connection reset by %s", remote_id); |
| 2097 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); | ||
| 2098 | /* FALLTHROUGH */ | 2128 | /* FALLTHROUGH */ |
| 2099 | case SSH_ERR_NO_CIPHER_ALG_MATCH: | 2129 | case SSH_ERR_NO_CIPHER_ALG_MATCH: |
| 2100 | case SSH_ERR_NO_MAC_ALG_MATCH: | 2130 | case SSH_ERR_NO_MAC_ALG_MATCH: |
| @@ -2102,17 +2132,16 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) | |||
| 2102 | case SSH_ERR_NO_KEX_ALG_MATCH: | 2132 | case SSH_ERR_NO_KEX_ALG_MATCH: |
| 2103 | case SSH_ERR_NO_HOSTKEY_ALG_MATCH: | 2133 | case SSH_ERR_NO_HOSTKEY_ALG_MATCH: |
| 2104 | if (ssh && ssh->kex && ssh->kex->failed_choice) { | 2134 | if (ssh && ssh->kex && ssh->kex->failed_choice) { |
| 2105 | logdie("Unable to negotiate with %.200s port %d: %s. " | 2135 | logdie("Unable to negotiate with %s: %s. " |
| 2106 | "Their offer: %s", ssh_remote_ipaddr(ssh), | 2136 | "Their offer: %s", remote_id, ssh_err(r), |
| 2107 | ssh_remote_port(ssh), ssh_err(r), | ||
| 2108 | ssh->kex->failed_choice); | 2137 | ssh->kex->failed_choice); |
| 2109 | } | 2138 | } |
| 2110 | /* FALLTHROUGH */ | 2139 | /* FALLTHROUGH */ |
| 2111 | default: | 2140 | default: |
| 2112 | logdie("%s%sConnection %s %.200s port %d: %s", | 2141 | logdie("%s%sConnection %s %s: %s", |
| 2113 | tag != NULL ? tag : "", tag != NULL ? ": " : "", | 2142 | tag != NULL ? tag : "", tag != NULL ? ": " : "", |
| 2114 | ssh->state->server_side ? "from" : "to", | 2143 | ssh->state->server_side ? "from" : "to", |
| 2115 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), ssh_err(r)); | 2144 | remote_id, ssh_err(r)); |
| 2116 | } | 2145 | } |
| 2117 | } | 2146 | } |
| 2118 | 2147 | ||
| @@ -2125,7 +2154,7 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) | |||
| 2125 | void | 2154 | void |
| 2126 | ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...) | 2155 | ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...) |
| 2127 | { | 2156 | { |
| 2128 | char buf[1024]; | 2157 | char buf[1024], remote_id[512]; |
| 2129 | va_list args; | 2158 | va_list args; |
| 2130 | static int disconnecting = 0; | 2159 | static int disconnecting = 0; |
| 2131 | int r; | 2160 | int r; |
| @@ -2138,12 +2167,13 @@ ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...) | |||
| 2138 | * Format the message. Note that the caller must make sure the | 2167 | * Format the message. Note that the caller must make sure the |
| 2139 | * message is of limited size. | 2168 | * message is of limited size. |
| 2140 | */ | 2169 | */ |
| 2170 | fmt_connection_id(ssh, remote_id, sizeof(remote_id)); | ||
| 2141 | va_start(args, fmt); | 2171 | va_start(args, fmt); |
| 2142 | vsnprintf(buf, sizeof(buf), fmt, args); | 2172 | vsnprintf(buf, sizeof(buf), fmt, args); |
| 2143 | va_end(args); | 2173 | va_end(args); |
| 2144 | 2174 | ||
| 2145 | /* Display the error locally */ | 2175 | /* Display the error locally */ |
| 2146 | logit("Disconnecting: %.100s", buf); | 2176 | logit("Disconnecting %s: %.100s", remote_id, buf); |
| 2147 | 2177 | ||
| 2148 | /* | 2178 | /* |
| 2149 | * Send the disconnect message to the other side, and wait | 2179 | * Send the disconnect message to the other side, and wait |
| @@ -2396,10 +2426,10 @@ ssh_packet_send_ignore(struct ssh *ssh, int nbytes) | |||
| 2396 | } | 2426 | } |
| 2397 | 2427 | ||
| 2398 | void | 2428 | void |
| 2399 | ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds) | 2429 | ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, u_int32_t seconds) |
| 2400 | { | 2430 | { |
| 2401 | debug3("rekey after %llu bytes, %d seconds", (unsigned long long)bytes, | 2431 | debug3("rekey after %llu bytes, %u seconds", (unsigned long long)bytes, |
| 2402 | (int)seconds); | 2432 | (unsigned int)seconds); |
| 2403 | ssh->state->rekey_limit = bytes; | 2433 | ssh->state->rekey_limit = bytes; |
| 2404 | ssh->state->rekey_interval = seconds; | 2434 | ssh->state->rekey_interval = seconds; |
| 2405 | } | 2435 | } |