Attachment #2537 for bug #1213

Lines 47-55 dispatch_protocol_error(int type, u_int32_t seq, void *ctx) Link Here

(-)a/dispatch.c (-3 / +3 lines)
47	fatal("protocol error");	47	fatal("protocol error");
48	if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 \|\|	48	if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 \|\|
49	(r = sshpkt_put_u32(ssh, seq)) != 0 \|\|	49	(r = sshpkt_put_u32(ssh, seq)) != 0 \|\|
50	(r = sshpkt_send(ssh)) != 0)	50	(r = sshpkt_send(ssh)) != 0 \|\|
51	fatal("%s: %s", __func__, ssh_err(r));	51	(r = ssh_packet_write_wait(ssh)) != 0)
52	ssh_packet_write_wait(ssh);	52	sshpkt_fatal(active_state, __func__, r);
53	return 0;	53	return 0;
54	}	54	}
55		55




packet_set_connection(int fd_in, int fd_out)
{
	active_state = ssh_packet_set_connection(active_state, fd_in, fd_out);
	if (active_state == NULL)
		fatal("%s: ssh_packet_set_connection failed", __func__);
}

void

	u_char type;
	int r;

	if ((r = ssh_packet_read_seqnr(active_state, &type, seqnr)) != 0)
		sshpkt_fatal(active_state, __func__, r);
		case SSH_ERR_CONN_CLOSED:
			logit("Connection closed by %.200s",
			    ssh_remote_ipaddr(active_state));
			cleanup_exit(255);
		case SSH_ERR_CONN_TIMEOUT:
			logit("Connection to %.200s timed out while "
			    "waiting to read", ssh_remote_ipaddr(active_state));
			cleanup_exit(255);
		default:
			fatal("%s: %s", __func__, ssh_err(r));
		}
	}
	return type;
}


	int r;

	if ((r = ssh_packet_read_poll_seqnr(active_state, &type, seqnr)))
		sshpkt_fatal(active_state, __func__, r);
	return type;
}


	int r;

	if ((r = ssh_packet_process_incoming(active_state, buf, len)) != 0)
		sshpkt_fatal(active_state, __func__, r);
}

void
packet_write_wait(void)
{
	int r;

	if ((r = ssh_packet_write_wait(active_state)) != 0)
		sshpkt_fatal(active_state, __func__, r);
}

void
packet_write_poll(void)
{
	int r;

	if ((r = ssh_packet_write_poll(active_state)) != 0)
		sshpkt_fatal(active_state, __func__, r);
}

void
packet_read_expect(int expected_type)
{
	int r;

	if ((r = ssh_packet_read_expect(active_state, expected_type)) != 0)
		sshpkt_fatal(active_state, __func__, r);
}

Lines 45-50 void packet_set_connection(int, int); Link Here

(-)a/opacket.h (-6 / +3 lines)
45	int packet_read_seqnr(u_int32_t *);	45	int packet_read_seqnr(u_int32_t *);
46	int packet_read_poll_seqnr(u_int32_t *);	46	int packet_read_poll_seqnr(u_int32_t *);
47	void packet_process_incoming(const char *buf, u_int len);	47	void packet_process_incoming(const char *buf, u_int len);
		48	void packet_write_wait(void);
		49	void packet_write_poll(void);
		50	void packet_read_expect(int expected_type);
48	#define packet_set_timeout(timeout, count) \	51	#define packet_set_timeout(timeout, count) \
49	ssh_packet_set_timeout(active_state, (timeout), (count))	52	ssh_packet_set_timeout(active_state, (timeout), (count))
50	#define packet_connection_is_on_socket() \	53	#define packet_connection_is_on_socket() \
Lines 85-92 void packet_process_incoming(const char *buf, u_int len); Link Here
85	ssh_packet_send(active_state)	88	ssh_packet_send(active_state)
86	#define packet_read() \	89	#define packet_read() \
87	ssh_packet_read(active_state)	90	ssh_packet_read(active_state)
88	#define packet_read_expect(expected_type) \
89	ssh_packet_read_expect(active_state, (expected_type))
90	#define packet_get_int64() \	91	#define packet_get_int64() \
91	ssh_packet_get_int64(active_state)	92	ssh_packet_get_int64(active_state)
92	#define packet_get_bignum(value) \	93	#define packet_get_bignum(value) \
Lines 105-114 void packet_process_incoming(const char *buf, u_int len); Link Here
105	ssh_packet_send_debug(active_state, (fmt), ##args)	106	ssh_packet_send_debug(active_state, (fmt), ##args)
106	#define packet_disconnect(fmt, args...) \	107	#define packet_disconnect(fmt, args...) \
107	ssh_packet_disconnect(active_state, (fmt), ##args)	108	ssh_packet_disconnect(active_state, (fmt), ##args)
108	#define packet_write_poll() \
109	ssh_packet_write_poll(active_state)
110	#define packet_write_wait() \
111	ssh_packet_write_wait(active_state)
112	#define packet_have_data_to_write() \	109	#define packet_have_data_to_write() \
113	ssh_packet_have_data_to_write(active_state)	110	ssh_packet_have_data_to_write(active_state)
114	#define packet_not_very_much_data_to_write() \	111	#define packet_not_very_much_data_to_write() \

Lines 266-285 ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out) Link Here

(-)a/packet.c (-76 / +142 lines)
266	const struct sshcipher *none = cipher_by_name("none");	266	const struct sshcipher *none = cipher_by_name("none");
267	int r;	267	int r;
268		268
269	if (none == NULL)	269	if (none == NULL) {
270	fatal("%s: cannot load cipher 'none'", __func__);	270	error("%s: cannot load cipher 'none'", __func__);
		271	return NULL;
		272	}
271	if (ssh == NULL)	273	if (ssh == NULL)
272	ssh = ssh_alloc_session_state();	274	ssh = ssh_alloc_session_state();
273	if (ssh == NULL)	275	if (ssh == NULL) {
274	fatal("%s: cound not allocate state", __func__);	276	error("%s: cound not allocate state", __func__);
		277	return NULL;
		278	}
275	state = ssh->state;	279	state = ssh->state;
276	state->connection_in = fd_in;	280	state->connection_in = fd_in;
277	state->connection_out = fd_out;	281	state->connection_out = fd_out;
278	if ((r = cipher_init(&state->send_context, none,	282	if ((r = cipher_init(&state->send_context, none,
279	(const u_char *)"", 0, NULL, 0, CIPHER_ENCRYPT)) != 0 \|\|	283	(const u_char *)"", 0, NULL, 0, CIPHER_ENCRYPT)) != 0 \|\|
280	(r = cipher_init(&state->receive_context, none,	284	(r = cipher_init(&state->receive_context, none,
281	(const u_char *)"", 0, NULL, 0, CIPHER_DECRYPT)) != 0)	285	(const u_char *)"", 0, NULL, 0, CIPHER_DECRYPT)) != 0) {
282	fatal("%s: cipher_init failed: %s", __func__, ssh_err(r));	286	error("%s: cipher_init failed: %s", __func__, ssh_err(r));
		287	return NULL;
		288	}
283	state->newkeys[MODE_IN] = state->newkeys[MODE_OUT] = NULL;	289	state->newkeys[MODE_IN] = state->newkeys[MODE_OUT] = NULL;
284	deattack_init(&state->deattack);	290	deattack_init(&state->deattack);
285	return ssh;	291	return ssh;
Lines 882-889 ssh_packet_send1(struct ssh *ssh) Link Here
882		888
883	/*	889	/*
884	* Note that the packet is now only buffered in output. It won't be	890	* Note that the packet is now only buffered in output. It won't be
885	* actually sent until packet_write_wait or packet_write_poll is	891	* actually sent until ssh_packet_write_wait or ssh_packet_write_poll
886	* called.	892	* is called.
887	*/	893	*/
888	r = 0;	894	r = 0;
889	out:	895	out:
Lines 1252-1259 ssh_packet_read_seqnr(struct ssh ssh, u_char typep, u_int32_t *seqnr_p) Link Here
1252	if (setp == NULL)	1258	if (setp == NULL)
1253	return SSH_ERR_ALLOC_FAIL;	1259	return SSH_ERR_ALLOC_FAIL;
1254		1260
1255	/* Since we are blocking, ensure that all written packets have been sent. */	1261	/*
1256	ssh_packet_write_wait(ssh);	1262	* Since we are blocking, ensure that all written packets have
		1263	* been sent.
		1264	*/
		1265	if ((r = ssh_packet_write_wait(ssh)) != 0)
		1266	return r;
1257		1267
1258	/* Stay in the loop until we have received a complete packet. */	1268	/* Stay in the loop until we have received a complete packet. */
1259	for (;;) {	1269	for (;;) {
Lines 1339-1354 ssh_packet_read(struct ssh *ssh) Link Here
1339	* that given, and gives a fatal error and exits if there is a mismatch.	1349	* that given, and gives a fatal error and exits if there is a mismatch.
1340	*/	1350	*/
1341		1351
1342	void	1352	int
1343	ssh_packet_read_expect(struct ssh *ssh, int expected_type)	1353	ssh_packet_read_expect(struct ssh *ssh, u_int expected_type)
1344	{	1354	{
1345	int type;	1355	int r;
		1356	u_char type;
1346		1357
1347	type = ssh_packet_read(ssh);	1358	if ((r = ssh_packet_read_seqnr(ssh, &type, NULL)) != 0)
1348	if (type != expected_type)	1359	return r;
1349	ssh_packet_disconnect(ssh,	1360	if (type != expected_type) {
		1361	if ((r = sshpkt_disconnect(ssh,
1350	"Protocol error: expected packet type %d, got %d",	1362	"Protocol error: expected packet type %d, got %d",
1351	expected_type, type);	1363	expected_type, type)) != 0)
		1364	return r;
		1365	return SSH_ERR_PROTOCOL_ERROR;
		1366	}
		1367	return 0;
1352	}	1368	}
1353		1369
1354	/* Checks if a full packet is available in the data received so far via	1370	/* Checks if a full packet is available in the data received so far via
Lines 1365-1370 ssh_packet_read_poll1(struct ssh ssh, u_char typep) Link Here
1365	{	1381	{
1366	struct session_state *state = ssh->state;	1382	struct session_state *state = ssh->state;
1367	u_int len, padded_len;	1383	u_int len, padded_len;
		1384	const char *emsg;
1368	const u_char *cp;	1385	const u_char *cp;
1369	u_char *p;	1386	u_char *p;
1370	u_int checksum, stored_checksum;	1387	u_int checksum, stored_checksum;
Lines 1377-1385 ssh_packet_read_poll1(struct ssh ssh, u_char typep) Link Here
1377	return 0;	1394	return 0;
1378	/* Get length of incoming packet. */	1395	/* Get length of incoming packet. */
1379	len = PEEK_U32(sshbuf_ptr(state->input));	1396	len = PEEK_U32(sshbuf_ptr(state->input));
1380	if (len < 1 + 2 + 2 \|\| len > 256 * 1024)	1397	if (len < 1 + 2 + 2 \|\| len > 256 * 1024) {
1381	ssh_packet_disconnect(ssh, "Bad packet length %u.",	1398	if ((r = sshpkt_disconnect(ssh, "Bad packet length %u",
1382	len);	1399	len)) != 0)
		1400	return r;
		1401	return SSH_ERR_CONN_CORRUPT;
		1402	}
1383	padded_len = (len + 8) & ~7;	1403	padded_len = (len + 8) & ~7;
1384		1404
1385	/* Check if the packet has been entirely received. */	1405	/* Check if the packet has been entirely received. */
Lines 1398-1416 ssh_packet_read_poll1(struct ssh ssh, u_char typep) Link Here
1398	* Ariel Futoransky(futo@core-sdi.com)	1418	* Ariel Futoransky(futo@core-sdi.com)
1399	*/	1419	*/
1400	if (!state->receive_context.plaintext) {	1420	if (!state->receive_context.plaintext) {
		1421	emsg = NULL;
1401	switch (detect_attack(&state->deattack,	1422	switch (detect_attack(&state->deattack,
1402	sshbuf_ptr(state->input), padded_len)) {	1423	sshbuf_ptr(state->input), padded_len)) {
1403	case DEATTACK_OK:	1424	case DEATTACK_OK:
1404	break;	1425	break;
1405	case DEATTACK_DETECTED:	1426	case DEATTACK_DETECTED:
1406	ssh_packet_disconnect(ssh,	1427	emsg = "crc32 compensation attack detected";
1407	"crc32 compensation attack: network attack detected"	1428	break;
1408	);
1409	case DEATTACK_DOS_DETECTED:	1429	case DEATTACK_DOS_DETECTED:
1410	ssh_packet_disconnect(ssh,	1430	emsg = "deattack denial of service detected";
1411	"deattack denial of service detected");	1431	break;
1412	default:	1432	default:
1413	ssh_packet_disconnect(ssh, "deattack error");	1433	emsg = "deattack error";
		1434	break;
		1435	}
		1436	if (emsg != NULL) {
		1437	error("%s", emsg);
		1438	if ((r = sshpkt_disconnect(ssh, "%s", emsg)) != 0 \|\|
		1439	(r = ssh_packet_write_wait(ssh)) != 0)
		1440	return r;
		1441	return SSH_ERR_CONN_CORRUPT;
1414	}	1442	}
1415	}	1443	}
1416		1444
Lines 1439-1454 ssh_packet_read_poll1(struct ssh ssh, u_char typep) Link Here
1439	goto out;	1467	goto out;
1440		1468
1441	/* Test check bytes. */	1469	/* Test check bytes. */
1442	if (len != sshbuf_len(state->incoming_packet))	1470	if (len != sshbuf_len(state->incoming_packet)) {
1443	ssh_packet_disconnect(ssh,	1471	error("%s: len %d != sshbuf_len %zd", __func__,
1444	"packet_read_poll1: len %d != sshbuf_len %zd.",
1445	len, sshbuf_len(state->incoming_packet));	1472	len, sshbuf_len(state->incoming_packet));
		1473	if ((r = sshpkt_disconnect(ssh, "invalid packet length")) != 0 \|\|
		1474	(r = ssh_packet_write_wait(ssh)) != 0)
		1475	return r;
		1476	return SSH_ERR_CONN_CORRUPT;
		1477	}
1446		1478
1447	cp = sshbuf_ptr(state->incoming_packet) + len - 4;	1479	cp = sshbuf_ptr(state->incoming_packet) + len - 4;
1448	stored_checksum = PEEK_U32(cp);	1480	stored_checksum = PEEK_U32(cp);
1449	if (checksum != stored_checksum)	1481	if (checksum != stored_checksum) {
1450	ssh_packet_disconnect(ssh,	1482	error("Corrupted check bytes on input");
1451	"Corrupted check bytes on input.");	1483	if ((r = sshpkt_disconnect(ssh, "connection corrupted")) != 0 \|\|
		1484	(r = ssh_packet_write_wait(ssh)) != 0)
		1485	return r;
		1486	return SSH_ERR_CONN_CORRUPT;
		1487	}
1452	if ((r = sshbuf_consume_end(state->incoming_packet, 4)) < 0)	1488	if ((r = sshbuf_consume_end(state->incoming_packet, 4)) < 0)
1453	goto out;	1489	goto out;
1454		1490
Lines 1466-1474 ssh_packet_read_poll1(struct ssh ssh, u_char typep) Link Here
1466	state->p_read.bytes += padded_len + 4;	1502	state->p_read.bytes += padded_len + 4;
1467	if ((r = sshbuf_get_u8(state->incoming_packet, typep)) != 0)	1503	if ((r = sshbuf_get_u8(state->incoming_packet, typep)) != 0)
1468	goto out;	1504	goto out;
1469	if (typep < SSH_MSG_MIN \|\| typep > SSH_MSG_MAX)	1505	if (typep < SSH_MSG_MIN \|\| typep > SSH_MSG_MAX) {
1470	ssh_packet_disconnect(ssh,	1506	error("Invalid ssh1 packet type: %d", *typep);
1471	"Invalid ssh1 packet type: %d", *typep);	1507	if ((r = sshpkt_disconnect(ssh, "invalid packet type")) != 0 \|\|
		1508	(r = ssh_packet_write_wait(ssh)) != 0)
		1509	return r;
		1510	return SSH_ERR_PROTOCOL_ERROR;
		1511	}
1472	r = 0;	1512	r = 0;
1473	out:	1513	out:
1474	return r;	1514	return r;
Lines 1622-1628 ssh_packet_read_poll2(struct ssh ssh, u_char typep, u_int32_t *seqnr_p) Link Here
1622	if ((r = sshbuf_consume(state->input, mac->mac_len)) != 0)	1662	if ((r = sshbuf_consume(state->input, mac->mac_len)) != 0)
1623	goto out;	1663	goto out;
1624	}	1664	}
1625	/* XXX now it's safe to use fatal/packet_disconnect */
1626	if (seqnr_p != NULL)	1665	if (seqnr_p != NULL)
1627	*seqnr_p = state->p_read.seqnr;	1666	*seqnr_p = state->p_read.seqnr;
1628	if (++state->p_read.seqnr == 0)	1667	if (++state->p_read.seqnr == 0)
Lines 1636-1644 ssh_packet_read_poll2(struct ssh ssh, u_char typep, u_int32_t *seqnr_p) Link Here
1636	/* get padlen */	1675	/* get padlen */
1637	padlen = sshbuf_ptr(state->incoming_packet)[4];	1676	padlen = sshbuf_ptr(state->incoming_packet)[4];
1638	DBG(debug("input: padlen %d", padlen));	1677	DBG(debug("input: padlen %d", padlen));
1639	if (padlen < 4)	1678	if (padlen < 4) {
1640	ssh_packet_disconnect(ssh,	1679	if ((r = sshpkt_disconnect(ssh,
1641	"Corrupted padlen %d on input.", padlen);	1680	"Corrupted padlen %d on input.", padlen)) != 0 \|\|
		1681	(r = ssh_packet_write_wait(ssh)) != 0)
		1682	return r;
		1683	return SSH_ERR_CONN_CORRUPT;
		1684	}
1642		1685
1643	/* skip packet size + padlen, discard padding */	1686	/* skip packet size + padlen, discard padding */
1644	if ((r = sshbuf_consume(state->incoming_packet, 4 + 1)) != 0 \|\|	1687	if ((r = sshbuf_consume(state->incoming_packet, 4 + 1)) != 0 \|\|
Lines 1665-1673 ssh_packet_read_poll2(struct ssh ssh, u_char typep, u_int32_t *seqnr_p) Link Here
1665	*/	1708	*/
1666	if ((r = sshbuf_get_u8(state->incoming_packet, typep)) != 0)	1709	if ((r = sshbuf_get_u8(state->incoming_packet, typep)) != 0)
1667	goto out;	1710	goto out;
1668	if (typep < SSH2_MSG_MIN \|\| typep >= SSH2_MSG_LOCAL_MIN)	1711	if (typep < SSH2_MSG_MIN \|\| typep >= SSH2_MSG_LOCAL_MIN) {
1669	ssh_packet_disconnect(ssh,	1712	if ((r = sshpkt_disconnect(ssh,
1670	"Invalid ssh2 packet type: %d", *typep);	1713	"Invalid ssh2 packet type: %d", *typep)) != 0 \|\|
		1714	(r = ssh_packet_write_wait(ssh)) != 0)
		1715	return r;
		1716	return SSH_ERR_PROTOCOL_ERROR;
		1717	}
1671	if (*typep == SSH2_MSG_NEWKEYS)	1718	if (*typep == SSH2_MSG_NEWKEYS)
1672	r = ssh_set_newkeys(ssh, MODE_IN);	1719	r = ssh_set_newkeys(ssh, MODE_IN);
1673	else if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side)	1720	else if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side)
Lines 1804-1812 ssh_packet_remaining(struct ssh *ssh) Link Here
1804	* message is printed immediately, but only if the client is being executed	1851	* message is printed immediately, but only if the client is being executed
1805	* in verbose mode. These messages are primarily intended to ease debugging	1852	* in verbose mode. These messages are primarily intended to ease debugging
1806	* authentication problems. The length of the formatted message must not	1853	* authentication problems. The length of the formatted message must not
1807	* exceed 1024 bytes. This will automatically call packet_write_wait.	1854	* exceed 1024 bytes. This will automatically call ssh_packet_write_wait.
1808	*/	1855	*/
1809
1810	void	1856	void
1811	ssh_packet_send_debug(struct ssh ssh, const char fmt,...)	1857	ssh_packet_send_debug(struct ssh ssh, const char fmt,...)
1812	{	1858	{
Lines 1834-1840 ssh_packet_send_debug(struct ssh ssh, const char fmt,...) Link Here
1834	(r = sshpkt_send(ssh)) != 0)	1880	(r = sshpkt_send(ssh)) != 0)
1835	fatal("%s: %s", __func__, ssh_err(r));	1881	fatal("%s: %s", __func__, ssh_err(r));
1836	}	1882	}
1837	ssh_packet_write_wait(ssh);	1883	if ((r = ssh_packet_write_wait(ssh)) != 0)
		1884	fatal("%s: %s", __func__, ssh_err(r));
		1885	}
		1886
		1887	/*
		1888	* Pretty-print connection-terminating errors and exit.
		1889	*/
		1890	void
		1891	sshpkt_fatal(struct ssh ssh, const char tag, int r)
		1892	{
		1893	switch (r) {
		1894	case SSH_ERR_CONN_CLOSED:
		1895	logit("Connection closed by %.200s", ssh_remote_ipaddr(ssh));
		1896	cleanup_exit(255);
		1897	case SSH_ERR_CONN_TIMEOUT:
		1898	logit("Connection to %.200s timed out while "
		1899	"waiting to write", ssh_remote_ipaddr(ssh));
		1900	cleanup_exit(255);
		1901	default:
		1902	fatal("%s: Connection to %.200s: %s",
		1903	tag != NULL ? tag : "", tag != NULL ? ": " : "",
		1904	ssh_err(r));
		1905	}
1838	}	1906	}
1839		1907
1840	/*	1908	/*
Lines 1843-1849 ssh_packet_send_debug(struct ssh ssh, const char fmt,...) Link Here
1843	* should not contain a newline. The length of the formatted message must	1911	* should not contain a newline. The length of the formatted message must
1844	* not exceed 1024 bytes.	1912	* not exceed 1024 bytes.
1845	*/	1913	*/
1846
1847	void	1914	void
1848	ssh_packet_disconnect(struct ssh ssh, const char fmt,...)	1915	ssh_packet_disconnect(struct ssh ssh, const char fmt,...)
1849	{	1916	{
Lines 1867-1896 ssh_packet_disconnect(struct ssh ssh, const char fmt,...) Link Here
1867	/* Display the error locally */	1934	/* Display the error locally */
1868	logit("Disconnecting: %.100s", buf);	1935	logit("Disconnecting: %.100s", buf);
1869		1936
1870	/* Send the disconnect message to the other side, and wait for it to get sent. */	1937	/*
1871	if (compat20) {	1938	* Send the disconnect message to the other side, and wait
1872	if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 \|\|	1939	* for it to get sent.
1873	(r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_PROTOCOL_ERROR)) != 0 \|\|	1940	*/
1874	(r = sshpkt_put_cstring(ssh, buf)) != 0 \|\|	1941	if ((r = sshpkt_disconnect(ssh, "%s", buf)) != 0)
1875	(r = sshpkt_put_cstring(ssh, "")) != 0 \|\|	1942	sshpkt_fatal(ssh, __func__, r);
1876	(r = sshpkt_send(ssh)) != 0)	1943
1877	fatal("%s: %s", __func__, ssh_err(r));	1944	if ((r = ssh_packet_write_wait(ssh)) != 0)
1878	} else {	1945	sshpkt_fatal(ssh, __func__, r);
1879	if ((r = sshpkt_start(ssh, SSH_MSG_DISCONNECT)) != 0 \|\|
1880	(r = sshpkt_put_cstring(ssh, buf)) != 0 \|\|
1881	(r = sshpkt_send(ssh)) != 0)
1882	fatal("%s: %s", __func__, ssh_err(r));
1883	}
1884	ssh_packet_write_wait(ssh);
1885		1946
1886	/* Close the connection. */	1947	/* Close the connection. */
1887	ssh_packet_close(ssh);	1948	ssh_packet_close(ssh);
1888	cleanup_exit(255);	1949	cleanup_exit(255);
1889	}	1950	}
1890		1951
1891	/* Checks if there is any buffered output, and tries to write some of the output. */	1952	/*
1892		1953	* Checks if there is any buffered output, and tries to write some of
1893	void	1954	* the output.
		1955	*/
		1956	int
1894	ssh_packet_write_poll(struct ssh *ssh)	1957	ssh_packet_write_poll(struct ssh *ssh)
1895	{	1958	{
1896	struct session_state *state = ssh->state;	1959	struct session_state *state = ssh->state;
Lines 1903-1935 ssh_packet_write_poll(struct ssh *ssh) Link Here
1903	sshbuf_ptr(state->output), len, &cont);	1966	sshbuf_ptr(state->output), len, &cont);
1904	if (len == -1) {	1967	if (len == -1) {
1905	if (errno == EINTR \|\| errno == EAGAIN)	1968	if (errno == EINTR \|\| errno == EAGAIN)
1906	return;	1969	return 0;
1907	fatal("Write failed: %.100s", strerror(errno));	1970	return SSH_ERR_SYSTEM_ERROR;
1908	}	1971	}
1909	if (len == 0 && !cont)	1972	if (len == 0 && !cont)
1910	fatal("Write connection closed");	1973	return SSH_ERR_CONN_CLOSED;
1911	if ((r = sshbuf_consume(state->output, len)) != 0)	1974	if ((r = sshbuf_consume(state->output, len)) != 0)
1912	fatal("%s: %s", __func__, ssh_err(r));	1975	return r;
1913	}	1976	}
		1977	return 0;
1914	}	1978	}
1915		1979
1916	/*	1980	/*
1917	* Calls packet_write_poll repeatedly until all pending output data has been	1981	* Calls packet_write_poll repeatedly until all pending output data has been
1918	* written.	1982	* written.
1919	*/	1983	*/
1920		1984	int
1921	void
1922	ssh_packet_write_wait(struct ssh *ssh)	1985	ssh_packet_write_wait(struct ssh *ssh)
1923	{	1986	{
1924	fd_set *setp;	1987	fd_set *setp;
1925	int ret, ms_remain = 0;	1988	int ret, r, ms_remain = 0;
1926	struct timeval start, timeout, *timeoutp = NULL;	1989	struct timeval start, timeout, *timeoutp = NULL;
1927	struct session_state *state = ssh->state;	1990	struct session_state *state = ssh->state;
1928		1991
1929	setp = (fd_set *)calloc(howmany(state->connection_out + 1,	1992	setp = (fd_set *)calloc(howmany(state->connection_out + 1,
1930	NFDBITS), sizeof(fd_mask));	1993	NFDBITS), sizeof(fd_mask));
1931	if (setp == NULL)	1994	if (setp == NULL)
1932	fatal("%s: calloc failed", __func__);	1995	return SSH_ERR_ALLOC_FAIL;
1933	ssh_packet_write_poll(ssh);	1996	ssh_packet_write_poll(ssh);
1934	while (ssh_packet_have_data_to_write(ssh)) {	1997	while (ssh_packet_have_data_to_write(ssh)) {
1935	memset(setp, 0, howmany(state->connection_out + 1,	1998	memset(setp, 0, howmany(state->connection_out + 1,
Lines 1959-1971 ssh_packet_write_wait(struct ssh *ssh) Link Here
1959	}	2022	}
1960	}	2023	}
1961	if (ret == 0) {	2024	if (ret == 0) {
1962	logit("Connection to %.200s timed out while "	2025	free(setp);
1963	"waiting to write", ssh_remote_ipaddr(ssh));	2026	return SSH_ERR_CONN_TIMEOUT;
1964	cleanup_exit(255);	2027	}
		2028	if ((r = ssh_packet_write_poll(ssh)) != 0) {
		2029	free(setp);
		2030	return r;
1965	}	2031	}
1966	ssh_packet_write_poll(ssh);
1967	}	2032	}
1968	free(setp);	2033	free(setp);
		2034	return 0;
1969	}	2035	}
1970		2036
1971	/* Returns true if there is buffered data to write to the connection. */	2037	/* Returns true if there is buffered data to write to the connection. */




int	 ssh_packet_send2(struct ssh *);

int      ssh_packet_read(struct ssh *);
int	 ssh_packet_read_expect(struct ssh *, u_int type);
int      ssh_packet_read_poll(struct ssh *);
int ssh_packet_read_poll1(struct ssh *, u_char *);
int ssh_packet_read_poll2(struct ssh *, u_char *, u_int32_t *seqnr_p);

void	 ssh_packet_set_compress_hooks(struct ssh *, void *,
    ssh_packet_comp_alloc_func *, ssh_packet_comp_free_func *);

int	 ssh_packet_write_poll(struct ssh *);
int	 ssh_packet_write_wait(struct ssh *);
int      ssh_packet_have_data_to_write(struct ssh *);
int      ssh_packet_not_very_much_data_to_write(struct ssh *);


/* new API */
int	sshpkt_start(struct ssh *ssh, u_char type);
int	sshpkt_send(struct ssh *ssh);
int     sshpkt_disconnect(struct ssh *, const char *fmt, ...)
	    __attribute__((format(printf, 2, 3)));
int	sshpkt_add_padding(struct ssh *, u_char);
void	sshpkt_fatal(struct ssh *ssh, const char *tag, int r);

int	sshpkt_put(struct ssh *ssh, const void *v, size_t len);
int	sshpkt_putb(struct ssh *ssh, const struct sshbuf *b);

Lines 448-454 congreet(int s) Link Here

(-)a/ssh-keyscan.c (-1 / +2 lines)
448	return;	448	return;
449	}	449	}
450	*cp = '\0';	450	*cp = '\0';
451	c->c_ssh = ssh_packet_set_connection(NULL, s, s);	451	if ((c->c_ssh = ssh_packet_set_connection(NULL, s, s)) == NULL)
		452	fatal("ssh_packet_set_connection failed");
452	ssh_set_app_data(c->c_ssh, c); /* back link */	453	ssh_set_app_data(c->c_ssh, c); /* back link */
453	if (sscanf(buf, "SSH-%d.%d-%[^\n]\n",	454	if (sscanf(buf, "SSH-%d.%d-%[^\n]\n",
454	&remote_major, &remote_minor, remote_version) == 3)	455	&remote_major, &remote_minor, remote_version) == 3)

Lines 83-89 ssh_init(struct ssh *sshp, int is_server, struct kex_params kex_params) Link Here

(-)a/ssh_api.c (-1 / +2 lines)
83	called = 1;	83	called = 1;
84	}	84	}
85		85
86	ssh = ssh_packet_set_connection(NULL, -1, -1);	86	if ((ssh = ssh_packet_set_connection(NULL, -1, -1)) == NULL)
		87	return SSH_ERR_ALLOC_FAIL;
87	if (is_server)	88	if (is_server)
88	ssh_packet_set_server(ssh);	89	ssh_packet_set_server(ssh);
89		90

Lines 129-134 ssh_err(int n) Link Here

(-)a/ssherr.c (+4 lines)
129	return "Connection closed";	129	return "Connection closed";
130	case SSH_ERR_CONN_TIMEOUT:	130	case SSH_ERR_CONN_TIMEOUT:
131	return "Connection timed out";	131	return "Connection timed out";
		132	case SSH_ERR_CONN_CORRUPT:
		133	return "Connection corrupted";
		134	case SSH_ERR_PROTOCOL_ERROR:
		135	return "Protocol error";
132	default:	136	default:
133	return "unknown error";	137	return "unknown error";
134	}	138	}

Lines 75-80 Link Here

(-)a/ssherr.h (+2 lines)
75	#define SSH_ERR_KEY_REVOKED -51	75	#define SSH_ERR_KEY_REVOKED -51
76	#define SSH_ERR_CONN_CLOSED -52	76	#define SSH_ERR_CONN_CLOSED -52
77	#define SSH_ERR_CONN_TIMEOUT -53	77	#define SSH_ERR_CONN_TIMEOUT -53
		78	#define SSH_ERR_CONN_CORRUPT -54
		79	#define SSH_ERR_PROTOCOL_ERROR -55
78		80
79	/* Translate a numeric error code to a human-readable error string */	81	/* Translate a numeric error code to a human-readable error string */
80	const char *ssh_err(int n);	82	const char *ssh_err(int n);

Return to bug 1213

Lines 221-226 void Link Here

(-)a/opacket.c (-16 / +33 lines)
221	packet_set_connection(int fd_in, int fd_out)	221	packet_set_connection(int fd_in, int fd_out)
222	{	222	{
223	active_state = ssh_packet_set_connection(active_state, fd_in, fd_out);	223	active_state = ssh_packet_set_connection(active_state, fd_in, fd_out);
		224	if (active_state == NULL)
		225	fatal("%s: ssh_packet_set_connection failed", __func__);
224	}	226	}
225		227
226	void	228	void
Lines 253-272 packet_read_seqnr(u_int32_t *seqnr) Link Here
253	u_char type;	255	u_char type;
254	int r;	256	int r;
255		257
256	if ((r = ssh_packet_read_seqnr(active_state, &type, seqnr)) != 0) {	258	if ((r = ssh_packet_read_seqnr(active_state, &type, seqnr)) != 0)
257	switch (r) {	259	sshpkt_fatal(active_state, __func__, r);
258	case SSH_ERR_CONN_CLOSED:
259	logit("Connection closed by %.200s",
260	ssh_remote_ipaddr(active_state));
261	cleanup_exit(255);
262	case SSH_ERR_CONN_TIMEOUT:
263	logit("Connection to %.200s timed out while "
264	"waiting to read", ssh_remote_ipaddr(active_state));
265	cleanup_exit(255);
266	default:
267	fatal("%s: %s", __func__, ssh_err(r));
268	}
269	}
270	return type;	260	return type;
271	}	261	}
272		262
Lines 277-283 packet_read_poll_seqnr(u_int32_t *seqnr) Link Here
277	int r;	267	int r;
278		268
279	if ((r = ssh_packet_read_poll_seqnr(active_state, &type, seqnr)))	269	if ((r = ssh_packet_read_poll_seqnr(active_state, &type, seqnr)))
280	fatal("%s: %s", __func__, ssh_err(r));	270	sshpkt_fatal(active_state, __func__, r);
281	return type;	271	return type;
282	}	272	}
283		273
Lines 294-298 packet_process_incoming(const char *buf, u_int len) Link Here
294	int r;	284	int r;
295		285
296	if ((r = ssh_packet_process_incoming(active_state, buf, len)) != 0)	286	if ((r = ssh_packet_process_incoming(active_state, buf, len)) != 0)
297	fatal("%s: %s", __func__, ssh_err(r));	287	sshpkt_fatal(active_state, __func__, r);
		288	}
		289
		290	void
		291	packet_write_wait(void)
		292	{
		293	int r;
		294
		295	if ((r = ssh_packet_write_wait(active_state)) != 0)
		296	sshpkt_fatal(active_state, __func__, r);
		297	}
		298
		299	void
		300	packet_write_poll(void)
		301	{
		302	int r;
		303
		304	if ((r = ssh_packet_write_poll(active_state)) != 0)
		305	sshpkt_fatal(active_state, __func__, r);
		306	}
		307
		308	void
		309	packet_read_expect(int expected_type)
		310	{
		311	int r;
		312
		313	if ((r = ssh_packet_read_expect(active_state, expected_type)) != 0)
		314	sshpkt_fatal(active_state, __func__, r);
298	}	315	}

Lines 86-92 int ssh_packet_send2_wrapped(struct ssh *); Link Here

(-)a/packet.h (-4 / +6 lines)
86	int ssh_packet_send2(struct ssh *);	86	int ssh_packet_send2(struct ssh *);
87		87
88	int ssh_packet_read(struct ssh *);	88	int ssh_packet_read(struct ssh *);
89	void ssh_packet_read_expect(struct ssh *, int type);	89	int ssh_packet_read_expect(struct ssh *, u_int type);
90	int ssh_packet_read_poll(struct ssh *);	90	int ssh_packet_read_poll(struct ssh *);
91	int ssh_packet_read_poll1(struct ssh , u_char );	91	int ssh_packet_read_poll1(struct ssh , u_char );
92	int ssh_packet_read_poll2(struct ssh , u_char , u_int32_t *seqnr_p);	92	int ssh_packet_read_poll2(struct ssh , u_char , u_int32_t *seqnr_p);
Lines 108-115 typedef void (ssh_packet_comp_free_func)(void , void ); Link Here
108	void ssh_packet_set_compress_hooks(struct ssh , void ,	108	void ssh_packet_set_compress_hooks(struct ssh , void ,
109	ssh_packet_comp_alloc_func , ssh_packet_comp_free_func );	109	ssh_packet_comp_alloc_func , ssh_packet_comp_free_func );
110		110
111	void ssh_packet_write_poll(struct ssh *);	111	int ssh_packet_write_poll(struct ssh *);
112	void ssh_packet_write_wait(struct ssh *);	112	int ssh_packet_write_wait(struct ssh *);
113	int ssh_packet_have_data_to_write(struct ssh *);	113	int ssh_packet_have_data_to_write(struct ssh *);
114	int ssh_packet_not_very_much_data_to_write(struct ssh *);	114	int ssh_packet_not_very_much_data_to_write(struct ssh *);
115		115
Lines 144-151 void ssh_packet_get_output(struct ssh ); Link Here
144	/* new API */	144	/* new API */
145	int sshpkt_start(struct ssh *ssh, u_char type);	145	int sshpkt_start(struct ssh *ssh, u_char type);
146	int sshpkt_send(struct ssh *ssh);	146	int sshpkt_send(struct ssh *ssh);
147	int sshpkt_disconnect(struct ssh , const char fmt, ...) __attribute__((format(printf, 2, 3)));	147	int sshpkt_disconnect(struct ssh , const char fmt, ...)
		148	__attribute__((format(printf, 2, 3)));
148	int sshpkt_add_padding(struct ssh *, u_char);	149	int sshpkt_add_padding(struct ssh *, u_char);
		150	void sshpkt_fatal(struct ssh ssh, const char tag, int r);
149		151
150	int sshpkt_put(struct ssh ssh, const void v, size_t len);	152	int sshpkt_put(struct ssh ssh, const void v, size_t len);
151	int sshpkt_putb(struct ssh ssh, const struct sshbuf b);	153	int sshpkt_putb(struct ssh ssh, const struct sshbuf b);