1 files changed, 99 insertions, 64 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 8a63ef22b..3c888e36a 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: sshconnect.c,v 1.200 2006/10/10 10:12:45 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -13,12 +14,35 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.171 2005/12/06 22:38:27 reyk Exp $");
-#include <openssl/bn.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <ctype.h>
+#include <errno.h>
+#include <netdb.h>
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#include <pwd.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
-#include "ssh.h"
 #include "xmalloc.h"
+#include "key.h"
+#include "hostfile.h"
+#include "ssh.h"
 #include "rsa.h"
 #include "buffer.h"
 #include "packet.h"
@@ -32,6 +56,7 @@ RCSID("$OpenBSD: sshconnect.c,v 1.171 2005/12/06 22:38:27 reyk Exp $");
 #include "atomicio.h"
 #include "misc.h"
 #include "dns.h"
+#include "version.h"
 char *client_version_string = NULL;
 char *server_version_string = NULL;
@@ -69,7 +94,6 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
        int pin[2], pout[2];
        pid_t pid;
        char strport[NI_MAXSERV];
-        size_t len;
        /* Convert the port number into a string. */
        snprintf(strport, sizeof strport, "%hu", port);
@@ -81,10 +105,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
         * Use "exec" to avoid "sh -c" processes on some platforms
         * (e.g. Solaris)
         */
-        len = strlen(proxy_command) + 6;
+        xasprintf(&tmp, "exec %s", proxy_command);
-        tmp = xmalloc(len);
-        strlcpy(tmp, "exec ", len);
-        strlcat(tmp, proxy_command, len);
        command_string = percent_expand(tmp, "h", host,
            "p", strport, (char *)NULL);
        xfree(tmp);
@@ -101,8 +122,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
                char *argv[10];
                /* Child.  Permanently give up superuser privileges. */
-                seteuid(original_real_uid);
+                permanently_drop_suid(original_real_uid);
-                setuid(original_real_uid);
                /* Redirect stdin and stdout. */
                close(pin[1]);
@@ -212,7 +232,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
        fd_set *fdset;
        struct timeval tv;
        socklen_t optlen;
-        int fdsetsz, optval, rc, result = -1;
+        int optval, rc, result = -1;
        if (timeout <= 0)
                return (connect(sockfd, serv_addr, addrlen));
@@ -226,10 +246,8 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
        if (errno != EINPROGRESS)
                return (-1);
-        fdsetsz = howmany(sockfd + 1, NFDBITS) * sizeof(fd_mask);
+        fdset = (fd_set *)xcalloc(howmany(sockfd + 1, NFDBITS),
-        fdset = (fd_set *)xmalloc(fdsetsz);
+            sizeof(fd_mask));
-        memset(fdset, 0, fdsetsz);
        FD_SET(sockfd, fdset);
        tv.tv_sec = timeout;
        tv.tv_usec = 0;
@@ -312,17 +330,16 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
                fatal("%s: %.100s: %s", __progname, host,
                    gai_strerror(gaierr));
-        /*
+        for (attempt = 0; attempt < connection_attempts; attempt++) {
-         * Try to connect several times.  On some machines, the first time
+                if (attempt > 0) {
-         * will sometimes fail.  In general socket code appears to behave
+                        /* Sleep a moment before retrying. */
-         * quite magically on many machines.
+                        sleep(1);
-                 */
-        for (attempt = 0; ;) {
-                if (attempt > 0)
                        debug("Trying again...");
+                }
-                /* Loop through addresses for this host, and try each one in
+                /*
-                   sequence until the connection succeeds. */
+                 * Loop through addresses for this host, and try each one in
+                 * sequence until the connection succeeds.
+                 */
                for (ai = aitop; ai; ai = ai->ai_next) {
                        if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
                                continue;
@@ -349,29 +366,18 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
                        } else {
                                debug("connect to address %s port %s: %s",
                                    ntop, strport, strerror(errno));
-                                /*
-                                 * Close the failed socket; there appear to
-                                 * be some problems when reusing a socket for
-                                 * which connect() has already returned an
-                                 * error.
-                                 */
                                close(sock);
+                                sock = -1;
                        }
                }
-                if (ai)
+                if (sock != -1)
                        break;  /* Successful connection. */
-                attempt++;
-                if (attempt >= connection_attempts)
-                        break;
-                /* Sleep a moment before retrying. */
-                sleep(1);
        }
        freeaddrinfo(aitop);
        /* Return failure if we didn't get a successful connection. */
-        if (attempt >= connection_attempts) {
+        if (sock == -1) {
                error("ssh: connect to host %s port %s: %s",
                    host, strport, strerror(errno));
                return (-1);
@@ -403,22 +409,23 @@ ssh_exchange_identification(void)
        int connection_in = packet_get_connection_in();
        int connection_out = packet_get_connection_out();
        int minor1 = PROTOCOL_MINOR_1;
-        u_int i;
+        u_int i, n;
        struct sigaction sa, osa;
        /* Read other side's version identification.
-         * If SetupTimeOut has been set, give up after
+         * If SetupTimeOut has been set, give up after the specified amount
-         * the specified amount of time
+         * of time.
         */
-        if(options.setuptimeout > 0){
+        if (options.setuptimeout > 0) {
                memset(&sa, 0, sizeof(sa));
                sa.sa_handler = banner_alarm_catch;
-                /*throw away any pending alarms, since we'd block otherwise*/
+                /* throw away any pending alarms, since we'd block otherwise */
                alarm(0);
                sigaction(SIGALRM, &sa, &osa);
                alarm(options.setuptimeout);
        }
-        for (;;) {
+        /* Read other side's version identification. */
+        for (n = 0;;) {
                for (i = 0; i < sizeof(buf) - 1; ) {
                        ssize_t len = read(connection_in, &buf[i], 1);
                        if (banner_timedout)
@@ -450,6 +457,8 @@ ssh_exchange_identification(void)
                                buf[i] = '\n';
                                buf[i + 1] = 0;         /**XXX wait for \n */
                        }
+                        if (++n > 65536)
+                                fatal("ssh_exchange_identification: No banner received");
                        i++;
                }
                buf[sizeof(buf) - 1] = 0;
@@ -464,7 +473,7 @@ ssh_exchange_identification(void)
         */
        if (options.setuptimeout > 0) {
                alarm(0);
-                sigaction(SIGALRM,&osa,NULL);
+                sigaction(SIGALRM, &osa, NULL);
        }
        /*
@@ -560,13 +569,17 @@ confirm(const char *prompt)
 * check whether the supplied host key is valid, return -1 if the key
 * is not valid. the user_hostfile will not be updated if 'readonly' is true.
 */
+#define RDRW    0
+#define RDONLY  1
+#define ROQUIET 2
 static int
-check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
+check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
-    int readonly, const char *user_hostfile, const char *system_hostfile)
+    Key *host_key, int readonly, const char *user_hostfile,
+    const char *system_hostfile)
 {
        Key *file_key;
        const char *type = key_type(host_key);
-        char *ip = NULL;
+        char *ip = NULL, *host = NULL;
        char hostline[1000], *hostp, *fp;
        HostStatus host_status;
        HostStatus ip_status;
@@ -617,7 +630,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
                    NULL, 0, NI_NUMERICHOST) != 0)
                        fatal("check_host_key: getnameinfo failed");
-                ip = xstrdup(ntop);
+                ip = put_host_port(ntop, port);
        } else {
                ip = xstrdup("<no hostip for proxy command>");
        }
@@ -625,18 +638,21 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
         * Turn off check_host_ip if the connection is to localhost, via proxy
         * command or if we don't have a hostname to compare with
         */
-        if (options.check_host_ip &&
+        if (options.check_host_ip && (local ||
-            (local || strcmp(host, ip) == 0 || options.proxy_command != NULL))
+            strcmp(hostname, ip) == 0 || options.proxy_command != NULL))
                options.check_host_ip = 0;
        /*
-         * Allow the user to record the key under a different name. This is
+         * Allow the user to record the key under a different name or
-         * useful for ssh tunneling over forwarded connections or if you run
+         * differentiate a non-standard port.  This is useful for ssh
-         * multiple sshd's on different ports on the same machine.
+         * tunneling over forwarded connections or if you run multiple
+         * sshd's on different ports on the same machine.
         */
        if (options.host_key_alias != NULL) {
-                host = options.host_key_alias;
+                host = xstrdup(options.host_key_alias);
                debug("using hostkeyalias: %s", host);
+        } else {
+                host = put_host_port(hostname, port);
        }
        /*
@@ -705,6 +721,15 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                }
                break;
        case HOST_NEW:
+                if (options.host_key_alias == NULL && port != 0 &&
+                    port != SSH_DEFAULT_PORT) {
+                        debug("checking without port identifier");
+                        if (check_host_key(hostname, hostaddr, 0, host_key, 2,
+                            user_hostfile, system_hostfile) == 0) {
+                                debug("found matching key w/out port");
+                                break;
+                        }
+                }
                if (readonly)
                        goto fail;
                /* The host is new. */
@@ -784,6 +809,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                            "list of known hosts.", hostp, type);
                break;
        case HOST_CHANGED:
+                if (readonly == ROQUIET)
+                        goto fail;
                if (options.check_host_ip && host_ip_differ) {
                        char *key_msg;
                        if (ip_status == HOST_NEW)
@@ -822,7 +849,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                /*
                 * If strict host key checking has not been requested, allow
                 * the connection but without MITM-able authentication or
-                 * agent forwarding.
+                 * forwarding.
                 */
                if (options.password_authentication) {
                        error("Password authentication is disabled to avoid "
@@ -857,6 +884,11 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                        options.num_local_forwards =
                            options.num_remote_forwards = 0;
                }
+                if (options.tun_open != SSH_TUNMODE_NO) {
+                        error("Tunnel forwarding is disabled to avoid "
+                            "man-in-the-middle attacks.");
+                        options.tun_open = SSH_TUNMODE_NO;
+                }
                /*
                 * XXX Should permit the user to change to use the new id.
                 * This could be done by converting the host key to an
@@ -898,10 +930,12 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
        }
        xfree(ip);
+        xfree(host);
        return 0;
 fail:
        xfree(ip);
+        xfree(host);
        return -1;
 }
@@ -935,12 +969,13 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
        /* return ok if the key can be found in an old keyfile */
        if (stat(options.system_hostfile2, &st) == 0 ||
            stat(options.user_hostfile2, &st) == 0) {
-                if (check_host_key(host, hostaddr, host_key, /*readonly*/ 1,
+                if (check_host_key(host, hostaddr, options.port, host_key,
-                    options.user_hostfile2, options.system_hostfile2) == 0)
+                    RDONLY, options.user_hostfile2,
+                    options.system_hostfile2) == 0)
                        return 0;
        }
-        return check_host_key(host, hostaddr, host_key, /*readonly*/ 0,
+        return check_host_key(host, hostaddr, options.port, host_key,
-            options.user_hostfile, options.system_hostfile);
+            RDRW, options.user_hostfile, options.system_hostfile);
 }
 /*
@@ -964,7 +999,7 @@ ssh_login(Sensitive *sensitive, const char *orighost,
        host = xstrdup(orighost);
        for (cp = host; *cp; cp++)
                if (isupper(*cp))
-                        *cp = tolower(*cp);
+                        *cp = (char)tolower(*cp);
        /* Exchange protocol version identification strings with the server. */
        ssh_exchange_identification();
@@ -981,6 +1016,7 @@ ssh_login(Sensitive *sensitive, const char *orighost,
                ssh_kex(host, hostaddr);
                ssh_userauth1(local_user, server_user, host, sensitive);
        }
+        xfree(local_user);
 }
 void
@@ -994,8 +1030,7 @@ ssh_put_password(char *password)
                return;
        }
        size = roundup(strlen(password) + 1, 32);
-        padded = xmalloc(size);
+        padded = xcalloc(1, size);
-        memset(padded, 0, size);
        strlcpy(padded, password, size);
        packet_put_string(padded, size);
        memset(padded, 0, size);

diff --git a/sshconnect.c b/sshconnect.c index 8a63ef22b..3c888e36a 100644 --- a/sshconnect.c +++ b/sshconnect.c
@@ -1,3 +1,4 @@
		1	/* $OpenBSD: sshconnect.c,v 1.200 2006/10/10 10:12:45 markus Exp $ */
1	/*	2	/*
2	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -13,12 +14,35 @@
13	*/	14	*/
14		15
15	#include "includes.h"	16	#include "includes.h"
16	RCSID("$OpenBSD: sshconnect.c,v 1.171 2005/12/06 22:38:27 reyk Exp $");
17		17
18	#include <openssl/bn.h>	18	#include <sys/types.h>
		19	#include <sys/wait.h>
		20	#include <sys/stat.h>
		21	#include <sys/socket.h>
		22	#ifdef HAVE_SYS_TIME_H
		23	# include <sys/time.h>
		24	#endif
		25
		26	#include <netinet/in.h>
		27	#include <arpa/inet.h>
		28
		29	#include <ctype.h>
		30	#include <errno.h>
		31	#include <netdb.h>
		32	#ifdef HAVE_PATHS_H
		33	#include <paths.h>
		34	#endif
		35	#include <pwd.h>
		36	#include <stdarg.h>
		37	#include <stdio.h>
		38	#include <stdlib.h>
		39	#include <string.h>
		40	#include <unistd.h>
19		41
20	#include "ssh.h"
21	#include "xmalloc.h"	42	#include "xmalloc.h"
		43	#include "key.h"
		44	#include "hostfile.h"
		45	#include "ssh.h"
22	#include "rsa.h"	46	#include "rsa.h"
23	#include "buffer.h"	47	#include "buffer.h"
24	#include "packet.h"	48	#include "packet.h"
@@ -32,6 +56,7 @@ RCSID("$OpenBSD: sshconnect.c,v 1.171 2005/12/06 22:38:27 reyk Exp $");
32	#include "atomicio.h"	56	#include "atomicio.h"
33	#include "misc.h"	57	#include "misc.h"
34	#include "dns.h"	58	#include "dns.h"
		59	#include "version.h"
35		60
36	char *client_version_string = NULL;	61	char *client_version_string = NULL;
37	char *server_version_string = NULL;	62	char *server_version_string = NULL;
@@ -69,7 +94,6 @@ ssh_proxy_connect(const char host, u_short port, const char proxy_command)
69	int pin[2], pout[2];	94	int pin[2], pout[2];
70	pid_t pid;	95	pid_t pid;
71	char strport[NI_MAXSERV];	96	char strport[NI_MAXSERV];
72	size_t len;
73		97
74	/* Convert the port number into a string. */	98	/* Convert the port number into a string. */
75	snprintf(strport, sizeof strport, "%hu", port);	99	snprintf(strport, sizeof strport, "%hu", port);
@@ -81,10 +105,7 @@ ssh_proxy_connect(const char host, u_short port, const char proxy_command)
81	* Use "exec" to avoid "sh -c" processes on some platforms	105	* Use "exec" to avoid "sh -c" processes on some platforms
82	* (e.g. Solaris)	106	* (e.g. Solaris)
83	*/	107	*/
84	len = strlen(proxy_command) + 6;	108	xasprintf(&tmp, "exec %s", proxy_command);
85	tmp = xmalloc(len);
86	strlcpy(tmp, "exec ", len);
87	strlcat(tmp, proxy_command, len);
88	command_string = percent_expand(tmp, "h", host,	109	command_string = percent_expand(tmp, "h", host,
89	"p", strport, (char *)NULL);	110	"p", strport, (char *)NULL);
90	xfree(tmp);	111	xfree(tmp);
@@ -101,8 +122,7 @@ ssh_proxy_connect(const char host, u_short port, const char proxy_command)
101	char *argv[10];	122	char *argv[10];
102		123
103	/* Child. Permanently give up superuser privileges. */	124	/* Child. Permanently give up superuser privileges. */
104	seteuid(original_real_uid);	125	permanently_drop_suid(original_real_uid);
105	setuid(original_real_uid);
106		126
107	/* Redirect stdin and stdout. */	127	/* Redirect stdin and stdout. */
108	close(pin[1]);	128	close(pin[1]);
@@ -212,7 +232,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
212	fd_set *fdset;	232	fd_set *fdset;
213	struct timeval tv;	233	struct timeval tv;
214	socklen_t optlen;	234	socklen_t optlen;
215	int fdsetsz, optval, rc, result = -1;	235	int optval, rc, result = -1;
216		236
217	if (timeout <= 0)	237	if (timeout <= 0)
218	return (connect(sockfd, serv_addr, addrlen));	238	return (connect(sockfd, serv_addr, addrlen));
@@ -226,10 +246,8 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
226	if (errno != EINPROGRESS)	246	if (errno != EINPROGRESS)
227	return (-1);	247	return (-1);
228		248
229	fdsetsz = howmany(sockfd + 1, NFDBITS) * sizeof(fd_mask);	249	fdset = (fd_set *)xcalloc(howmany(sockfd + 1, NFDBITS),
230	fdset = (fd_set *)xmalloc(fdsetsz);	250	sizeof(fd_mask));
231
232	memset(fdset, 0, fdsetsz);
233	FD_SET(sockfd, fdset);	251	FD_SET(sockfd, fdset);
234	tv.tv_sec = timeout;	252	tv.tv_sec = timeout;
235	tv.tv_usec = 0;	253	tv.tv_usec = 0;
@@ -312,17 +330,16 @@ ssh_connect(const char host, struct sockaddr_storage hostaddr,
312	fatal("%s: %.100s: %s", __progname, host,	330	fatal("%s: %.100s: %s", __progname, host,
313	gai_strerror(gaierr));	331	gai_strerror(gaierr));
314		332
315	/*	333	for (attempt = 0; attempt < connection_attempts; attempt++) {
316	* Try to connect several times. On some machines, the first time	334	if (attempt > 0) {
317	* will sometimes fail. In general socket code appears to behave	335	/* Sleep a moment before retrying. */
318	* quite magically on many machines.	336	sleep(1);
319	*/
320	for (attempt = 0; ;) {
321	if (attempt > 0)
322	debug("Trying again...");	337	debug("Trying again...");
323		338	}
324	/* Loop through addresses for this host, and try each one in	339	/*
325	sequence until the connection succeeds. */	340	* Loop through addresses for this host, and try each one in
		341	* sequence until the connection succeeds.
		342	*/
326	for (ai = aitop; ai; ai = ai->ai_next) {	343	for (ai = aitop; ai; ai = ai->ai_next) {
327	if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)	344	if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
328	continue;	345	continue;
@@ -349,29 +366,18 @@ ssh_connect(const char host, struct sockaddr_storage hostaddr,
349	} else {	366	} else {
350	debug("connect to address %s port %s: %s",	367	debug("connect to address %s port %s: %s",
351	ntop, strport, strerror(errno));	368	ntop, strport, strerror(errno));
352	/*
353	* Close the failed socket; there appear to
354	* be some problems when reusing a socket for
355	* which connect() has already returned an
356	* error.
357	*/
358	close(sock);	369	close(sock);
		370	sock = -1;
359	}	371	}
360	}	372	}
361	if (ai)	373	if (sock != -1)
362	break; /* Successful connection. */	374	break; /* Successful connection. */
363
364	attempt++;
365	if (attempt >= connection_attempts)
366	break;
367	/* Sleep a moment before retrying. */
368	sleep(1);
369	}	375	}
370		376
371	freeaddrinfo(aitop);	377	freeaddrinfo(aitop);
372		378
373	/* Return failure if we didn't get a successful connection. */	379	/* Return failure if we didn't get a successful connection. */
374	if (attempt >= connection_attempts) {	380	if (sock == -1) {
375	error("ssh: connect to host %s port %s: %s",	381	error("ssh: connect to host %s port %s: %s",
376	host, strport, strerror(errno));	382	host, strport, strerror(errno));
377	return (-1);	383	return (-1);
@@ -403,22 +409,23 @@ ssh_exchange_identification(void)
403	int connection_in = packet_get_connection_in();	409	int connection_in = packet_get_connection_in();
404	int connection_out = packet_get_connection_out();	410	int connection_out = packet_get_connection_out();
405	int minor1 = PROTOCOL_MINOR_1;	411	int minor1 = PROTOCOL_MINOR_1;
406	u_int i;	412	u_int i, n;
407	struct sigaction sa, osa;	413	struct sigaction sa, osa;
408		414
409	/* Read other side's version identification.	415	/* Read other side's version identification.
410	* If SetupTimeOut has been set, give up after	416	* If SetupTimeOut has been set, give up after the specified amount
411	* the specified amount of time	417	* of time.
412	*/	418	*/
413	if(options.setuptimeout > 0){	419	if (options.setuptimeout > 0) {
414	memset(&sa, 0, sizeof(sa));	420	memset(&sa, 0, sizeof(sa));
415	sa.sa_handler = banner_alarm_catch;	421	sa.sa_handler = banner_alarm_catch;
416	/throw away any pending alarms, since we'd block otherwise/	422	/* throw away any pending alarms, since we'd block otherwise */
417	alarm(0);	423	alarm(0);
418	sigaction(SIGALRM, &sa, &osa);	424	sigaction(SIGALRM, &sa, &osa);
419	alarm(options.setuptimeout);	425	alarm(options.setuptimeout);
420	}	426	}
421	for (;;) {	427	/* Read other side's version identification. */
		428	for (n = 0;;) {
422	for (i = 0; i < sizeof(buf) - 1; ) {	429	for (i = 0; i < sizeof(buf) - 1; ) {
423	ssize_t len = read(connection_in, &buf[i], 1);	430	ssize_t len = read(connection_in, &buf[i], 1);
424	if (banner_timedout)	431	if (banner_timedout)
@@ -450,6 +457,8 @@ ssh_exchange_identification(void)
450	buf[i] = '\n';	457	buf[i] = '\n';
451	buf[i + 1] = 0; /*XXX wait for \n /	458	buf[i + 1] = 0; /*XXX wait for \n /
452	}	459	}
		460	if (++n > 65536)
		461	fatal("ssh_exchange_identification: No banner received");
453	i++;	462	i++;
454	}	463	}
455	buf[sizeof(buf) - 1] = 0;	464	buf[sizeof(buf) - 1] = 0;
@@ -464,7 +473,7 @@ ssh_exchange_identification(void)
464	*/	473	*/
465	if (options.setuptimeout > 0) {	474	if (options.setuptimeout > 0) {
466	alarm(0);	475	alarm(0);
467	sigaction(SIGALRM,&osa,NULL);	476	sigaction(SIGALRM, &osa, NULL);
468	}	477	}
469		478
470	/*	479	/*
@@ -560,13 +569,17 @@ confirm(const char *prompt)
560	* check whether the supplied host key is valid, return -1 if the key	569	* check whether the supplied host key is valid, return -1 if the key
561	* is not valid. the user_hostfile will not be updated if 'readonly' is true.	570	* is not valid. the user_hostfile will not be updated if 'readonly' is true.
562	*/	571	*/
		572	#define RDRW 0
		573	#define RDONLY 1
		574	#define ROQUIET 2
563	static int	575	static int
564	check_host_key(char host, struct sockaddr hostaddr, Key *host_key,	576	check_host_key(char hostname, struct sockaddr hostaddr, u_short port,
565	int readonly, const char user_hostfile, const char system_hostfile)	577	Key host_key, int readonly, const char user_hostfile,
		578	const char *system_hostfile)
566	{	579	{
567	Key *file_key;	580	Key *file_key;
568	const char *type = key_type(host_key);	581	const char *type = key_type(host_key);
569	char *ip = NULL;	582	char ip = NULL, host = NULL;
570	char hostline[1000], hostp, fp;	583	char hostline[1000], hostp, fp;
571	HostStatus host_status;	584	HostStatus host_status;
572	HostStatus ip_status;	585	HostStatus ip_status;
@@ -617,7 +630,7 @@ check_host_key(char host, struct sockaddr hostaddr, Key *host_key,
617	if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),	630	if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
618	NULL, 0, NI_NUMERICHOST) != 0)	631	NULL, 0, NI_NUMERICHOST) != 0)
619	fatal("check_host_key: getnameinfo failed");	632	fatal("check_host_key: getnameinfo failed");
620	ip = xstrdup(ntop);	633	ip = put_host_port(ntop, port);
621	} else {	634	} else {
622	ip = xstrdup("<no hostip for proxy command>");	635	ip = xstrdup("<no hostip for proxy command>");
623	}	636	}
@@ -625,18 +638,21 @@ check_host_key(char host, struct sockaddr hostaddr, Key *host_key,
625	* Turn off check_host_ip if the connection is to localhost, via proxy	638	* Turn off check_host_ip if the connection is to localhost, via proxy
626	* command or if we don't have a hostname to compare with	639	* command or if we don't have a hostname to compare with
627	*/	640	*/
628	if (options.check_host_ip &&	641	if (options.check_host_ip && (local \|\|
629	(local \|\| strcmp(host, ip) == 0 \|\| options.proxy_command != NULL))	642	strcmp(hostname, ip) == 0 \|\| options.proxy_command != NULL))
630	options.check_host_ip = 0;	643	options.check_host_ip = 0;
631		644
632	/*	645	/*
633	* Allow the user to record the key under a different name. This is	646	* Allow the user to record the key under a different name or
634	* useful for ssh tunneling over forwarded connections or if you run	647	* differentiate a non-standard port. This is useful for ssh
635	* multiple sshd's on different ports on the same machine.	648	* tunneling over forwarded connections or if you run multiple
		649	* sshd's on different ports on the same machine.
636	*/	650	*/
637	if (options.host_key_alias != NULL) {	651	if (options.host_key_alias != NULL) {
638	host = options.host_key_alias;	652	host = xstrdup(options.host_key_alias);
639	debug("using hostkeyalias: %s", host);	653	debug("using hostkeyalias: %s", host);
		654	} else {
		655	host = put_host_port(hostname, port);
640	}	656	}
641		657
642	/*	658	/*
@@ -705,6 +721,15 @@ check_host_key(char host, struct sockaddr hostaddr, Key *host_key,
705	}	721	}
706	break;	722	break;
707	case HOST_NEW:	723	case HOST_NEW:
		724	if (options.host_key_alias == NULL && port != 0 &&
		725	port != SSH_DEFAULT_PORT) {
		726	debug("checking without port identifier");
		727	if (check_host_key(hostname, hostaddr, 0, host_key, 2,
		728	user_hostfile, system_hostfile) == 0) {
		729	debug("found matching key w/out port");
		730	break;
		731	}
		732	}
708	if (readonly)	733	if (readonly)
709	goto fail;	734	goto fail;
710	/* The host is new. */	735	/* The host is new. */
@@ -784,6 +809,8 @@ check_host_key(char host, struct sockaddr hostaddr, Key *host_key,
784	"list of known hosts.", hostp, type);	809	"list of known hosts.", hostp, type);
785	break;	810	break;
786	case HOST_CHANGED:	811	case HOST_CHANGED:
		812	if (readonly == ROQUIET)
		813	goto fail;
787	if (options.check_host_ip && host_ip_differ) {	814	if (options.check_host_ip && host_ip_differ) {
788	char *key_msg;	815	char *key_msg;
789	if (ip_status == HOST_NEW)	816	if (ip_status == HOST_NEW)
@@ -822,7 +849,7 @@ check_host_key(char host, struct sockaddr hostaddr, Key *host_key,
822	/*	849	/*
823	* If strict host key checking has not been requested, allow	850	* If strict host key checking has not been requested, allow
824	* the connection but without MITM-able authentication or	851	* the connection but without MITM-able authentication or
825	* agent forwarding.	852	* forwarding.
826	*/	853	*/
827	if (options.password_authentication) {	854	if (options.password_authentication) {
828	error("Password authentication is disabled to avoid "	855	error("Password authentication is disabled to avoid "
@@ -857,6 +884,11 @@ check_host_key(char host, struct sockaddr hostaddr, Key *host_key,
857	options.num_local_forwards =	884	options.num_local_forwards =
858	options.num_remote_forwards = 0;	885	options.num_remote_forwards = 0;
859	}	886	}
		887	if (options.tun_open != SSH_TUNMODE_NO) {
		888	error("Tunnel forwarding is disabled to avoid "
		889	"man-in-the-middle attacks.");
		890	options.tun_open = SSH_TUNMODE_NO;
		891	}
860	/*	892	/*
861	* XXX Should permit the user to change to use the new id.	893	* XXX Should permit the user to change to use the new id.
862	* This could be done by converting the host key to an	894	* This could be done by converting the host key to an
@@ -898,10 +930,12 @@ check_host_key(char host, struct sockaddr hostaddr, Key *host_key,
898	}	930	}
899		931
900	xfree(ip);	932	xfree(ip);
		933	xfree(host);
901	return 0;	934	return 0;
902		935
903	fail:	936	fail:
904	xfree(ip);	937	xfree(ip);
		938	xfree(host);
905	return -1;	939	return -1;
906	}	940	}
907		941
@@ -935,12 +969,13 @@ verify_host_key(char host, struct sockaddr hostaddr, Key *host_key)
935	/* return ok if the key can be found in an old keyfile */	969	/* return ok if the key can be found in an old keyfile */
936	if (stat(options.system_hostfile2, &st) == 0 \|\|	970	if (stat(options.system_hostfile2, &st) == 0 \|\|
937	stat(options.user_hostfile2, &st) == 0) {	971	stat(options.user_hostfile2, &st) == 0) {
938	if (check_host_key(host, hostaddr, host_key, /readonly/ 1,	972	if (check_host_key(host, hostaddr, options.port, host_key,
939	options.user_hostfile2, options.system_hostfile2) == 0)	973	RDONLY, options.user_hostfile2,
		974	options.system_hostfile2) == 0)
940	return 0;	975	return 0;
941	}	976	}
942	return check_host_key(host, hostaddr, host_key, /readonly/ 0,	977	return check_host_key(host, hostaddr, options.port, host_key,
943	options.user_hostfile, options.system_hostfile);	978	RDRW, options.user_hostfile, options.system_hostfile);
944	}	979	}
945		980
946	/*	981	/*
@@ -964,7 +999,7 @@ ssh_login(Sensitive sensitive, const char orighost,
964	host = xstrdup(orighost);	999	host = xstrdup(orighost);
965	for (cp = host; *cp; cp++)	1000	for (cp = host; *cp; cp++)
966	if (isupper(*cp))	1001	if (isupper(*cp))
967	cp = tolower(cp);	1002	cp = (char)tolower(cp);
968		1003
969	/* Exchange protocol version identification strings with the server. */	1004	/* Exchange protocol version identification strings with the server. */
970	ssh_exchange_identification();	1005	ssh_exchange_identification();
@@ -981,6 +1016,7 @@ ssh_login(Sensitive sensitive, const char orighost,
981	ssh_kex(host, hostaddr);	1016	ssh_kex(host, hostaddr);
982	ssh_userauth1(local_user, server_user, host, sensitive);	1017	ssh_userauth1(local_user, server_user, host, sensitive);
983	}	1018	}
		1019	xfree(local_user);
984	}	1020	}
985		1021
986	void	1022	void
@@ -994,8 +1030,7 @@ ssh_put_password(char *password)
994	return;	1030	return;
995	}	1031	}
996	size = roundup(strlen(password) + 1, 32);	1032	size = roundup(strlen(password) + 1, 32);
997	padded = xmalloc(size);	1033	padded = xcalloc(1, size);
998	memset(padded, 0, size);
999	strlcpy(padded, password, size);	1034	strlcpy(padded, password, size);
1000	packet_put_string(padded, size);	1035	packet_put_string(padded, size);
1001	memset(padded, 0, size);	1036	memset(padded, 0, size);