From c998bf0afa1a01257a53793eba57941182e9e0b7 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 3 Feb 2017 02:56:00 +0000 Subject: upstream commit Make ssh_packet_set_rekey_limits take u32 for the number of seconds until rekeying (negative values are rejected at config parse time). This allows the removal of some casts and a signed vs unsigned comparison warning. rekey_time is cast to int64 for the comparison which is a no-op on OpenBSD, but should also do the right thing in -portable on anything still using 32bit time_t (until the system time actually wraps, anyway). some early guidance deraadt@, ok djm@ Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c --- packet.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'packet.c') diff --git a/packet.c b/packet.c index ad1f6b497..6b9d3525b 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.243 2016/10/11 21:47:45 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.244 2017/02/03 02:56:00 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1049,7 +1049,7 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) /* Time-based rekeying */ if (state->rekey_interval != 0 && - state->rekey_time + state->rekey_interval <= monotime()) + (int64_t)state->rekey_time + state->rekey_interval <= monotime()) return 1; /* Always rekey when MAX_PACKETS sent in either direction */ @@ -2396,10 +2396,10 @@ ssh_packet_send_ignore(struct ssh *ssh, int nbytes) } void -ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds) +ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, u_int32_t seconds) { - debug3("rekey after %llu bytes, %d seconds", (unsigned long long)bytes, - (int)seconds); + debug3("rekey after %llu bytes, %u seconds", (unsigned long long)bytes, + (unsigned int)seconds); ssh->state->rekey_limit = bytes; ssh->state->rekey_interval = seconds; } -- cgit v1.2.3 From 07edd7e9537ab32aa52abb5fb2a915c350fcf441 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 3 Feb 2017 23:03:33 +0000 Subject: upstream commit add ssh_packet_set_log_preamble() to allow inclusion of a preamble string in disconnect messages; ok markus@ Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead --- packet.c | 62 +++++++++++++++++++++++++++++++++++++++++++++----------------- packet.h | 7 ++++++- 2 files changed, 51 insertions(+), 18 deletions(-) (limited to 'packet.c') diff --git a/packet.c b/packet.c index 6b9d3525b..94e8460ca 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.244 2017/02/03 02:56:00 dtucker Exp $ */ +/* $OpenBSD: packet.c,v 1.245 2017/02/03 23:03:33 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -352,6 +352,25 @@ ssh_packet_get_mux(struct ssh *ssh) return ssh->state->mux; } +int +ssh_packet_set_log_preamble(struct ssh *ssh, const char *fmt, ...) +{ + va_list args; + int r; + + free(ssh->log_preamble); + if (fmt == NULL) + ssh->log_preamble = NULL; + else { + va_start(args, fmt); + r = vasprintf(&ssh->log_preamble, fmt, args); + va_end(args); + if (r < 0 || ssh->log_preamble == NULL) + return SSH_ERR_ALLOC_FAIL; + } + return 0; +} + int ssh_packet_stop_discard(struct ssh *ssh) { @@ -2074,27 +2093,36 @@ ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...) fatal("%s: %s", __func__, ssh_err(r)); } +static void +fmt_connection_id(struct ssh *ssh, char *s, size_t l) +{ + snprintf(s, l, "%.200s%s%s port %d", + ssh->log_preamble ? ssh->log_preamble : "", + ssh->log_preamble ? " " : "", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); +} + /* * Pretty-print connection-terminating errors and exit. */ void sshpkt_fatal(struct ssh *ssh, const char *tag, int r) { + char remote_id[512]; + + fmt_connection_id(ssh, remote_id, sizeof(remote_id)); + switch (r) { case SSH_ERR_CONN_CLOSED: - logdie("Connection closed by %.200s port %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + logdie("Connection closed by %s", remote_id); case SSH_ERR_CONN_TIMEOUT: - logdie("Connection %s %.200s port %d timed out", - ssh->state->server_side ? "from" : "to", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + logdie("Connection %s %s timed out", + ssh->state->server_side ? "from" : "to", remote_id); case SSH_ERR_DISCONNECTED: - logdie("Disconnected from %.200s port %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + logdie("Disconnected from %s", remote_id); case SSH_ERR_SYSTEM_ERROR: if (errno == ECONNRESET) - logdie("Connection reset by %.200s port %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + logdie("Connection reset by %s", remote_id); /* FALLTHROUGH */ case SSH_ERR_NO_CIPHER_ALG_MATCH: case SSH_ERR_NO_MAC_ALG_MATCH: @@ -2102,17 +2130,16 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) case SSH_ERR_NO_KEX_ALG_MATCH: case SSH_ERR_NO_HOSTKEY_ALG_MATCH: if (ssh && ssh->kex && ssh->kex->failed_choice) { - logdie("Unable to negotiate with %.200s port %d: %s. " - "Their offer: %s", ssh_remote_ipaddr(ssh), - ssh_remote_port(ssh), ssh_err(r), + logdie("Unable to negotiate with %s: %s. " + "Their offer: %s", remote_id, ssh_err(r), ssh->kex->failed_choice); } /* FALLTHROUGH */ default: - logdie("%s%sConnection %s %.200s port %d: %s", + logdie("%s%sConnection %s %s: %s", tag != NULL ? tag : "", tag != NULL ? ": " : "", ssh->state->server_side ? "from" : "to", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), ssh_err(r)); + remote_id, ssh_err(r)); } } @@ -2125,7 +2152,7 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) void ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...) { - char buf[1024]; + char buf[1024], remote_id[512]; va_list args; static int disconnecting = 0; int r; @@ -2138,12 +2165,13 @@ ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...) * Format the message. Note that the caller must make sure the * message is of limited size. */ + fmt_connection_id(ssh, remote_id, sizeof(remote_id)); va_start(args, fmt); vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); /* Display the error locally */ - logit("Disconnecting: %.100s", buf); + logit("Disconnecting %s: %.100s", remote_id, buf); /* * Send the disconnect message to the other side, and wait diff --git a/packet.h b/packet.h index c33dd17df..0d25b352c 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.75 2017/02/03 02:56:00 dtucker Exp $ */ +/* $OpenBSD: packet.h,v 1.76 2017/02/03 23:03:33 djm Exp $ */ /* * Author: Tatu Ylonen @@ -62,6 +62,9 @@ struct ssh { char *local_ipaddr; int local_port; + /* Optional preamble for log messages (e.g. username) */ + char *log_preamble; + /* Dispatcher table */ dispatch_fn *dispatch[DISPATCH_MAX]; /* number of packets to ignore in the dispatcher */ @@ -104,6 +107,8 @@ void ssh_packet_set_server(struct ssh *); void ssh_packet_set_authenticated(struct ssh *); void ssh_packet_set_mux(struct ssh *); int ssh_packet_get_mux(struct ssh *); +int ssh_packet_set_log_preamble(struct ssh *, const char *, ...) + __attribute__((format(printf, 2, 3))); int ssh_packet_log_type(u_char); -- cgit v1.2.3 From d7abb771bd5a941b26144ba400a34563a1afa589 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 28 Feb 2017 06:10:08 +0000 Subject: upstream commit small memleak: free fd_set on connection timeout (though we are heading to exit anyway). From Tom Rix in bz#2683 Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4 --- packet.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'packet.c') diff --git a/packet.c b/packet.c index 94e8460ca..01e2d45bd 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.245 2017/02/03 23:03:33 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.246 2017/02/28 06:10:08 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1466,8 +1466,10 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) break; } } - if (r == 0) - return SSH_ERR_CONN_TIMEOUT; + if (r == 0) { + r = SSH_ERR_CONN_TIMEOUT; + goto out; + } /* Read data from the socket. */ len = read(state->connection_in, buf, sizeof(buf)); if (len == 0) { -- cgit v1.2.3 From 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Sat, 11 Mar 2017 13:07:35 +0000 Subject: upstream commit Don't count the initial block twice when computing how many bytes to discard for the work around for the attacks against CBC-mode. ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2 --- packet.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'packet.c') diff --git a/packet.c b/packet.c index 01e2d45bd..2f3a2ec70 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.246 2017/02/28 06:10:08 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.247 2017/03/11 13:07:35 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1850,11 +1850,11 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if (r != SSH_ERR_MAC_INVALID) goto out; logit("Corrupted MAC on input."); - if (need > PACKET_MAX_SIZE) + if (need + block_size > PACKET_MAX_SIZE) return SSH_ERR_INTERNAL_ERROR; return ssh_packet_start_discard(ssh, enc, mac, sshbuf_len(state->incoming_packet), - PACKET_MAX_SIZE - need); + PACKET_MAX_SIZE - need - block_size); } /* Remove MAC from input buffer */ DBG(debug("MAC #%d ok", state->p_read.seqnr)); -- cgit v1.2.3