diff options
| author |   markus <markus@openbsd.org> | 2000-05-08 17:42:24 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2000-05-08 17:42:24 +0000 |
| commit | 08a66c2e0dd4295c8a02698c6314acb13a4ae4ad (patch) | |
| tree | 465aa7efd7e6a0e7ea2f9f717bc990d13e410644 | |
| parent | One last nit fix. (markus approved) (diff) | |
| download | wireguard-openbsd-08a66c2e0dd4295c8a02698c6314acb13a4ae4ad.tar.xz wireguard-openbsd-08a66c2e0dd4295c8a02698c6314acb13a4ae4ad.zip | |
bug compat w/ ssh-2.0.13 x11, split out bugs
| -rw-r--r-- | usr.bin/ssh/auth2.c | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/channels.c | 13 | ||||
| -rw-r--r-- | usr.bin/ssh/clientloop.c | 8 | ||||
| -rw-r--r-- | usr.bin/ssh/compat.c | 21 | ||||
| -rw-r--r-- | usr.bin/ssh/compat.h | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/dsa.c | 20 | ||||
| -rw-r--r-- | usr.bin/ssh/kex.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect2.c | 21 |
8 files changed, 70 insertions, 30 deletions
diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c index ad55bb769d5..3f8c254080d 100644 --- a/usr.bin/ssh/auth2.c +++ b/usr.bin/ssh/auth2.c @@ -27,7 +27,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.7 2000/05/06 17:45:36 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.8 2000/05/08 17:42:24 markus Exp $"); #include <openssl/dsa.h> #include <openssl/rsa.h> @@ -265,6 +265,10 @@ ssh2_auth_pubkey(struct passwd *pw, unsigned char *raw, unsigned int rlen) debug("pubkey auth disabled"); return 0; } + if (datafellows & SSH_BUG_PUBKEYAUTH) { + log("bug compatibility with ssh-2.0.13 pubkey not implemented"); + return 0; + } have_sig = packet_get_char(); pkalg = packet_get_string(&alen); if (strcmp(pkalg, KEX_DSS) != 0) { diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index 38e5d8d703e..5bf1e5b7aea 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -17,7 +17,7 @@ */ #include "includes.h" -RCSID("$Id: channels.c,v 1.56 2000/05/03 18:03:06 markus Exp $"); +RCSID("$Id: channels.c,v 1.57 2000/05/08 17:42:24 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -505,7 +505,10 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset) int ret = x11_open_helper(c); if (ret == 1) { c->type = SSH_CHANNEL_OPEN; - channel_pre_open_15(c, readset, writeset); + if (compat20) + channel_pre_open_20(c, readset, writeset); + else + channel_pre_open_15(c, readset, writeset); } else if (ret == -1) { debug("X11 rejected %d i%d/o%d", c->self, c->istate, c->ostate); chan_read_failed(c); /** force close? */ @@ -549,7 +552,11 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset) packet_put_int(c->local_maxpacket); /* originator host and port */ packet_put_cstring(remote_hostname); - packet_put_int(remote_port); + if (datafellows & SSH_BUG_X11FWD) { + debug("ssh2 x11 bug compat mode"); + } else { + packet_put_int(remote_port); + } packet_send(); } else { packet_start(SSH_SMSG_X11_OPEN); diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index 84b7aae23c8..b4c7b287dfa 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$Id: clientloop.c,v 1.25 2000/05/07 18:23:32 markus Exp $"); +RCSID("$Id: clientloop.c,v 1.26 2000/05/08 17:42:24 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -979,11 +979,11 @@ client_input_channel_open(int type, int plen) char *originator; int originator_port; originator = packet_get_string(NULL); - if (packet_remaining() > 0) { - originator_port = packet_get_int(); - } else { + if (datafellows & SSH_BUG_X11FWD) { debug("buggy server: x11 request w/o originator_port"); originator_port = 0; + } else { + originator_port = packet_get_int(); } packet_done(); /* XXX check permission */ diff --git a/usr.bin/ssh/compat.c b/usr.bin/ssh/compat.c index d7bb1186695..33e509cb89b 100644 --- a/usr.bin/ssh/compat.c +++ b/usr.bin/ssh/compat.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: compat.c,v 1.12 2000/04/26 20:56:29 markus Exp $"); +RCSID("$Id: compat.c,v 1.13 2000/05/08 17:42:24 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -57,17 +57,20 @@ compat_datafellows(const char *version) { int i; size_t len; - static const char *check[] = { - "2.0.1", - "2.1.0", - NULL + struct { + char *version; + int bugs; + } check[] = { + {"2.1.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC}, + {"2.0.1", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD}, + {NULL, 0} }; - for (i = 0; check[i]; i++) { - len = strlen(check[i]); + for (i = 0; check[i].version; i++) { + len = strlen(check[i].version); if (strlen(version) >= len && - (strncmp(version, check[i], len) == 0)) { + (strncmp(version, check[i].version, len) == 0)) { verbose("datafellows: %.200s", version); - datafellows = 1; + datafellows = check[i].bugs; return; } } diff --git a/usr.bin/ssh/compat.h b/usr.bin/ssh/compat.h index 524cfe0ea86..9308a6df301 100644 --- a/usr.bin/ssh/compat.h +++ b/usr.bin/ssh/compat.h @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$Id: compat.h,v 1.6 2000/04/12 07:45:44 markus Exp $"); */ +/* RCSID("$Id: compat.h,v 1.7 2000/05/08 17:42:24 markus Exp $"); */ #ifndef COMPAT_H #define COMPAT_H @@ -36,6 +36,11 @@ #define SSH_PROTO_1_PREFERRED 0x02 #define SSH_PROTO_2 0x04 +#define SSH_BUG_SIGBLOB 0x01 +#define SSH_BUG_PUBKEYAUTH 0x02 +#define SSH_BUG_HMAC 0x04 +#define SSH_BUG_X11FWD 0x08 + void enable_compat13(void); void enable_compat20(void); void compat_datafellows(const char *s); diff --git a/usr.bin/ssh/dsa.c b/usr.bin/ssh/dsa.c index 58059080939..51d7ff28524 100644 --- a/usr.bin/ssh/dsa.c +++ b/usr.bin/ssh/dsa.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: dsa.c,v 1.6 2000/05/04 22:37:59 markus Exp $"); +RCSID("$Id: dsa.c,v 1.7 2000/05/08 17:42:24 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -162,7 +162,7 @@ dsa_sign( BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); DSA_SIG_free(sig); - if (datafellows) { + if (datafellows & SSH_BUG_SIGBLOB) { debug("datafellows"); ret = xmalloc(SIGBLOB_LEN); memcpy(ret, sigblob, SIGBLOB_LEN); @@ -209,15 +209,20 @@ dsa_verify( return -1; } - if (datafellows && signaturelen != SIGBLOB_LEN) { - log("heh? datafellows ssh2 complies with ietf-drafts????"); - datafellows = 0; + if (!(datafellows & SSH_BUG_SIGBLOB) && + signaturelen == SIGBLOB_LEN) { + datafellows |= ~SSH_BUG_SIGBLOB; + log("autodetect SSH_BUG_SIGBLOB"); + } else if ((datafellows & SSH_BUG_SIGBLOB) && + signaturelen != SIGBLOB_LEN) { + log("autoremove SSH_BUG_SIGBLOB"); + datafellows &= ~SSH_BUG_SIGBLOB; } debug("len %d datafellows %d", signaturelen, datafellows); /* fetch signature */ - if (datafellows) { + if (datafellows & SSH_BUG_SIGBLOB) { sigblob = signature; len = signaturelen; } else { @@ -242,7 +247,8 @@ dsa_verify( sig->s = BN_new(); BN_bin2bn(sigblob, INTBLOB_LEN, sig->r); BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s); - if (!datafellows) { + + if (!(datafellows & SSH_BUG_SIGBLOB)) { memset(sigblob, 0, len); xfree(sigblob); } diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 4b55c074859..c10c77ead60 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: kex.c,v 1.5 2000/04/14 10:30:31 markus Exp $"); +RCSID("$Id: kex.c,v 1.6 2000/05/08 17:42:25 markus Exp $"); #include "ssh.h" #include "ssh2.h" @@ -314,7 +314,7 @@ choose_mac(Mac *mac, char *client, char *server) } mac->name = name; mac->mac_len = mac->md->md_size; - mac->key_len = datafellows ? 16 : mac->mac_len; + mac->key_len = (datafellows & SSH_BUG_HMAC) ? 16 : mac->mac_len; mac->key = NULL; mac->enabled = 0; } diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 6ea804d0c17..99ffb2c478d 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.9 2000/05/08 17:12:16 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.10 2000/05/08 17:42:25 markus Exp $"); #include <openssl/bn.h> #include <openssl/rsa.h> @@ -345,12 +345,14 @@ ssh2_try_pubkey(char *filename, buffer_append(&b, session_id2, session_id2_len); buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); buffer_put_cstring(&b, server_user); - buffer_put_cstring(&b, service); + buffer_put_cstring(&b, + datafellows & SSH_BUG_PUBKEYAUTH ? + "ssh-userauth" : + service); buffer_put_cstring(&b, "publickey"); buffer_put_char(&b, 1); buffer_put_cstring(&b, KEX_DSS); buffer_put_string(&b, blob, bloblen); - xfree(blob); /* generate signature */ dsa_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); @@ -358,6 +360,19 @@ ssh2_try_pubkey(char *filename, #ifdef DEBUG_DSS buffer_dump(&b); #endif + if (datafellows & SSH_BUG_PUBKEYAUTH) { + /* e.g. ssh-2.0.13: data-to-be-signed != data-on-the-wire */ + buffer_clear(&b); + buffer_append(&b, session_id2, session_id2_len); + buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); + buffer_put_cstring(&b, server_user); + buffer_put_cstring(&b, service); + buffer_put_cstring(&b, "publickey"); + buffer_put_char(&b, 1); + buffer_put_cstring(&b, KEX_DSS); + buffer_put_string(&b, blob, bloblen); + } + xfree(blob); /* append signature */ buffer_put_string(&b, signature, slen); xfree(signature); |