Bugzilla – Attachment 524 Details for
Bug 764
fully remove product and version information
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Allow software version and version comments to be configurable
sshd-version-config-reduced.diff (text/plain), 5.52 KB, created by
Kees Cook
on 2004-01-07 14:15:10 AEDT
(
hide
)
Description:
Allow software version and version comments to be configurable
Filename:
MIME Type:
Creator:
Kees Cook
Created:
2004-01-07 14:15:10 AEDT
Size:
5.52 KB
patch
obsolete
>diff -uNr openssh-3.7.1p2-orig/misc.c openssh-3.7.1p2/misc.c >--- openssh-3.7.1p2-orig/misc.c 2003-09-23 01:59:08.000000000 -0700 >+++ openssh-3.7.1p2/misc.c 2004-01-07 13:05:18.000000000 -0800 >@@ -111,7 +111,8 @@ > } > > /* Characters considered whitespace in strsep calls. */ >-#define WHITESPACE " \t\r\n" >+#define LINEEND "\r\n" >+#define WHITESPACE " \t" LINEEND > > /* return next token in configuration line */ > char * >@@ -141,6 +142,30 @@ > return (old); > } > >+char * >+strlineend(char **s) >+{ >+ char *old; >+ int wspace = 0; >+ >+ if (*s == NULL) >+ return NULL; >+ >+ old = *s; >+ >+ *s = strpbrk(*s, LINEEND); >+ if (*s == NULL) >+ return (old); >+ >+ *s[0] = '\0'; >+ >+ *s += strspn(*s + 1, LINEEND) + 1; >+ if (*s[0] == '=' && !wspace) >+ *s += strspn(*s + 1, LINEEND) + 1; >+ >+ return (old); >+} >+ > struct passwd * > pwcopy(struct passwd *pw) > { >diff -uNr openssh-3.7.1p2-orig/misc.h openssh-3.7.1p2/misc.h >--- openssh-3.7.1p2-orig/misc.h 2003-08-24 18:16:21.000000000 -0700 >+++ openssh-3.7.1p2/misc.h 2004-01-07 13:05:18.000000000 -0800 >@@ -14,6 +14,7 @@ > > char *chop(char *); > char *strdelim(char **); >+char *strlineend(char **); > void set_nonblock(int); > void unset_nonblock(int); > void set_nodelay(int); >diff -uNr openssh-3.7.1p2-orig/servconf.c openssh-3.7.1p2/servconf.c >--- openssh-3.7.1p2-orig/servconf.c 2003-09-23 02:24:21.000000000 -0700 >+++ openssh-3.7.1p2/servconf.c 2004-01-07 13:10:35.000000000 -0800 >@@ -95,6 +95,8 @@ > options->max_startups_rate = -1; > options->max_startups = -1; > options->banner = NULL; >+ options->software_version = NULL; >+ options->version_comments = NULL; > options->use_dns = -1; > options->client_alive_interval = -1; > options->client_alive_count_max = -1; >@@ -262,6 +264,7 @@ > sBanner, sUseDNS, sHostbasedAuthentication, > sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, > sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, >+ sSoftwareVersion, sVersionComments, > sGssAuthentication, sGssCleanupCreds, > sUsePrivilegeSeparation, > sDeprecated, sUnsupported >@@ -347,6 +350,8 @@ > { "subsystem", sSubsystem }, > { "maxstartups", sMaxStartups }, > { "banner", sBanner }, >+ { "softwareversion", sSoftwareVersion}, >+ { "versioncomments", sVersionComments}, > { "usedns", sUseDNS }, > { "verifyreversemapping", sDeprecated }, > { "reversemappingcheck", sDeprecated }, >@@ -665,6 +670,16 @@ > intptr = &options->x11_display_offset; > goto parse_int; > >+ case sSoftwareVersion: >+ arg = strdelim(&cp); >+ options->software_version = xstrdup(arg); >+ break; >+ >+ case sVersionComments: >+ arg = strlineend(&cp); >+ options->version_comments = xstrdup(arg); >+ break; >+ > case sX11UseLocalhost: > intptr = &options->x11_use_localhost; > goto parse_flag; >diff -uNr openssh-3.7.1p2-orig/servconf.h openssh-3.7.1p2/servconf.h >--- openssh-3.7.1p2-orig/servconf.h 2003-09-02 05:58:22.000000000 -0700 >+++ openssh-3.7.1p2/servconf.h 2004-01-07 13:06:49.000000000 -0800 >@@ -105,6 +105,10 @@ > char *subsystem_name[MAX_SUBSYSTEMS]; > char *subsystem_command[MAX_SUBSYSTEMS]; > >+ /* allow configurable version information overrides */ >+ char *software_version; >+ char *version_comments; >+ > int max_startups_begin; > int max_startups_rate; > int max_startups; >diff -uNr openssh-3.7.1p2-orig/sshd.c openssh-3.7.1p2/sshd.c >--- openssh-3.7.1p2-orig/sshd.c 2003-09-02 05:51:17.000000000 -0700 >+++ openssh-3.7.1p2/sshd.c 2004-01-07 13:07:17.000000000 -0800 >@@ -352,6 +352,8 @@ > int i, mismatch; > int remote_major, remote_minor; > int major, minor; >+ char *software_version=SSH_VERSION; >+ char *version_comments=NULL; > char *s; > char buf[256]; /* Must not be larger than remote_version. */ > char remote_version[256]; /* Must be at least as big as buf. */ >@@ -367,7 +369,16 @@ > major = PROTOCOL_MAJOR_1; > minor = PROTOCOL_MINOR_1; > } >- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION); >+ if (options.software_version) { >+ software_version = options.software_version; >+ } >+ if (options.version_comments) { >+ version_comments = options.version_comments; >+ } >+ snprintf(buf, sizeof buf, "SSH-%d.%d-%s%s%s\n", major, minor, >+ software_version, >+ version_comments ? " " : "", >+ version_comments ? version_comments : ""); > server_version_string = xstrdup(buf); > > /* Send our protocol version identification. */ >diff -uNr openssh-3.7.1p2-orig/sshd_config openssh-3.7.1p2/sshd_config >--- openssh-3.7.1p2-orig/sshd_config 2003-09-02 05:51:18.000000000 -0700 >+++ openssh-3.7.1p2/sshd_config 2004-01-07 13:06:37.000000000 -0800 >@@ -94,3 +94,7 @@ > > # override default of no subsystems > Subsystem sftp /usr/libexec/sftp-server >+ >+# override reported version information >+#SoftwareVersion OpenSSH_3.6.1p2 >+#VersionComments Your friendly neighborhood SSH server >diff -uNr openssh-3.7.1p2-orig/sshd_config.5 openssh-3.7.1p2/sshd_config.5 >--- openssh-3.7.1p2-orig/sshd_config.5 2003-09-02 05:57:05.000000000 -0700 >+++ openssh-3.7.1p2/sshd_config.5 2004-01-07 13:09:58.000000000 -0800 >@@ -554,6 +554,9 @@ > .It Cm ServerKeyBits > Defines the number of bits in the ephemeral protocol version 1 server key. > The minimum value is 512, and the default is 768. >+.It Cm SoftwareVersion >+Specifies the software version claimed in the handshake banner. >+The default is the true software version. > .It Cm StrictModes > Specifies whether > .Nm sshd >@@ -625,6 +628,9 @@ > escalation by containing any corruption within the unprivileged processes. > The default is > .Dq yes . >+.It Cm VersionComments >+Specifies the text following the software version in the handshake banner. >+The default is empty. > .It Cm X11DisplayOffset > Specifies the first display number available for > .Nm sshd Ns 's
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=524">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 764
:
523
| 524 |
866