Attachment #3166 for bug #2883

View | Details | Raw Unified | Return to bug 2883
Collapse All | Expand All




static int
addr_pton(const char *p, struct xaddr *n)
{
	struct addrinfo hints, *ai = NULL;
	int ret = -1;

	memset(&hints, '\0', sizeof(hints));
	hints.ai_flags = AI_NUMERICHOST;

	if (p == NULL || getaddrinfo(p, NULL, &hints, &ai) != 0)
		goto out;

	if (ai == NULL || ai->ai_addr == NULL)
		goto out;
	if (n != NULL && addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen, n) == -1)
		goto out;
	/* success */
	ret = 0;
 out:
	}

	freeaddrinfo(ai);
	return ret;
}

/*

Lines 182-194 proto_spec(const char *spec) Link Here

(-)a/compat.c (-17 / +32 lines)
182	}	182	}
183		183
184	char *	184	char *
185	compat_cipher_proposal(char *cipher_prop)	185	compat_cipher_proposal(char *cipher_prop, u_int compat)
186	{	186	{
187	if (!(datafellows & SSH_BUG_BIGENDIANAES))	187	char *cp;
		188
		189	if (!(compat & SSH_BUG_BIGENDIANAES))
188	return cipher_prop;	190	return cipher_prop;
189	debug2("%s: original cipher proposal: %s", __func__, cipher_prop);	191	debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
190	if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL)	192	if ((cp = match_filter_blacklist(cipher_prop, "aes*")) == NULL)
191	fatal("match_filter_blacklist failed");	193	fatal("match_filter_blacklist failed");
		194	free(cipher_prop);
		195	cipher_prop = cp;
192	debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);	196	debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
193	if (*cipher_prop == '\0')	197	if (*cipher_prop == '\0')
194	fatal("No supported ciphers found");	198	fatal("No supported ciphers found");
Lines 196-208 compat_cipher_proposal(char *cipher_prop) Link Here
196	}	200	}
197		201
198	char *	202	char *
199	compat_pkalg_proposal(char *pkalg_prop)	203	compat_pkalg_proposal(char *pkalg_prop, u_int compat)
200	{	204	{
201	if (!(datafellows & SSH_BUG_RSASIGMD5))	205	char *cp;
		206
		207	if (!(compat & SSH_BUG_RSASIGMD5))
202	return pkalg_prop;	208	return pkalg_prop;
203	debug2("%s: original public key proposal: %s", __func__, pkalg_prop);	209	debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
204	if ((pkalg_prop = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL)	210	if ((cp = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL)
205	fatal("match_filter_blacklist failed");	211	fatal("match_filter_blacklist failed");
		212	free(pkalg_prop);
		213	pkalg_prop = cp;
206	debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);	214	debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
207	if (*pkalg_prop == '\0')	215	if (*pkalg_prop == '\0')
208	fatal("No supported PK algorithms found");	216	fatal("No supported PK algorithms found");
Lines 210-233 compat_pkalg_proposal(char *pkalg_prop) Link Here
210	}	218	}
211		219
212	char *	220	char *
213	compat_kex_proposal(char *p)	221	compat_kex_proposal(char *kex_prop, u_int compat)
214	{	222	{
215	if ((datafellows & (SSH_BUG_CURVE25519PAD\|SSH_OLD_DHGEX)) == 0)	223	char *cp;
216	return p;	224
217	debug2("%s: original KEX proposal: %s", __func__, p);	225	if ((compat & (SSH_BUG_CURVE25519PAD\|SSH_OLD_DHGEX)) == 0)
218	if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)	226	return kex_prop;
219	if ((p = match_filter_blacklist(p,	227	debug2("%s: original KEX proposal: %s", __func__, kex_prop);
		228	if ((compat & SSH_BUG_CURVE25519PAD) != 0) {
		229	if ((cp = match_filter_blacklist(kex_prop,
220	"curve25519-sha256@libssh.org")) == NULL)	230	"curve25519-sha256@libssh.org")) == NULL)
221	fatal("match_filter_blacklist failed");	231	fatal("match_filter_blacklist failed");
222	if ((datafellows & SSH_OLD_DHGEX) != 0) {	232	free(kex_prop);
223	if ((p = match_filter_blacklist(p,	233	kex_prop = cp;
		234	}
		235	if ((compat & SSH_OLD_DHGEX) != 0) {
		236	if ((cp = match_filter_blacklist(kex_prop,
224	"diffie-hellman-group-exchange-sha256,"	237	"diffie-hellman-group-exchange-sha256,"
225	"diffie-hellman-group-exchange-sha1")) == NULL)	238	"diffie-hellman-group-exchange-sha1")) == NULL)
226	fatal("match_filter_blacklist failed");	239	fatal("match_filter_blacklist failed");
		240	free(kex_prop);
		241	kex_prop = cp;
227	}	242	}
228	debug2("%s: compat KEX proposal: %s", __func__, p);	243	debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
229	if (*p == '\0')	244	if (*kex_prop == '\0')
230	fatal("No supported key exchange algorithms found");	245	fatal("No supported key exchange algorithms found");
231	return p;	246	return kex_prop;
232	}	247	}
233		248

Lines 65-73 Link Here

(-)a/compat.h (-3 / +9 lines)
65		65
66	u_int compat_datafellows(const char *);	66	u_int compat_datafellows(const char *);
67	int proto_spec(const char *);	67	int proto_spec(const char *);
68	char compat_cipher_proposal(char );	68
69	char compat_pkalg_proposal(char );	69	/*
70	char compat_kex_proposal(char );	70	* compat_*_proposal will update their respective proposals based on the
		71	* active compat flags. The replacement is performed in-place - i.e. they
		72	* will free their argument and return a new heap-allocated string.
		73	*/
		74	char compat_cipher_proposal(char , u_int compat);
		75	char compat_pkalg_proposal(char , u_int compat);
		76	char compat_kex_proposal(char , u_int compat);
71		77
72	extern int datafellows;	78	extern int datafellows;
73	#endif	79	#endif

Lines 1029-1034 process_mux_stdio_fwd(struct ssh *ssh, u_int rid, Link Here

(-)a/mux.c (+1 lines)
1029	set_nonblock(new_fd[1]);	1029	set_nonblock(new_fd[1]);
1030		1030
1031	nc = channel_connect_stdio_fwd(ssh, chost, cport, new_fd[0], new_fd[1]);	1031	nc = channel_connect_stdio_fwd(ssh, chost, cport, new_fd[0], new_fd[1]);
		1032	free(chost);
1032		1033
1033	nc->ctl_chan = c->self; /* link session -> control channel */	1034	nc->ctl_chan = c->self; /* link session -> control channel */
1034	c->remote_id = nc->self; /* link control -> session channel */	1035	c->remote_id = nc->self; /* link control -> session channel */

Lines 1443-1449 download_dir_internal(struct sftp_conn conn, const char src, const char *dst, Link Here

(-)a/sftp-client.c (-7 / +11 lines)
1443	{	1443	{
1444	int i, ret = 0;	1444	int i, ret = 0;
1445	SFTP_DIRENT **dir_entries;	1445	SFTP_DIRENT **dir_entries;
1446	char filename, new_src, *new_dst;	1446	char filename, new_src = NULL, *new_dst = NULL;
1447	mode_t mode = 0777;	1447	mode_t mode = 0777;
1448		1448
1449	if (depth >= MAX_DIR_DEPTH) {	1449	if (depth >= MAX_DIR_DEPTH) {
Lines 1481-1488 download_dir_internal(struct sftp_conn conn, const char src, const char *dst, Link Here
1481	}	1481	}
1482		1482
1483	for (i = 0; dir_entries[i] != NULL && !interrupted; i++) {	1483	for (i = 0; dir_entries[i] != NULL && !interrupted; i++) {
		1484	free(new_dst);
		1485	free(new_src);
		1486
1484	filename = dir_entries[i]->filename;	1487	filename = dir_entries[i]->filename;
1485
1486	new_dst = path_append(dst, filename);	1488	new_dst = path_append(dst, filename);
1487	new_src = path_append(src, filename);	1489	new_src = path_append(src, filename);
1488		1490
Lines 1505-1513 download_dir_internal(struct sftp_conn conn, const char src, const char *dst, Link Here
1505	} else	1507	} else
1506	logit("%s: not a regular file\n", new_src);	1508	logit("%s: not a regular file\n", new_src);
1507		1509
1508	free(new_dst);
1509	free(new_src);
1510	}	1510	}
		1511	free(new_dst);
		1512	free(new_src);
1511		1513
1512	if (preserve_flag) {	1514	if (preserve_flag) {
1513	if (dirattrib->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {	1515	if (dirattrib->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
Lines 1774-1780 upload_dir_internal(struct sftp_conn conn, const char src, const char *dst, Link Here
1774	int ret = 0;	1776	int ret = 0;
1775	DIR *dirp;	1777	DIR *dirp;
1776	struct dirent *dp;	1778	struct dirent *dp;
1777	char filename, new_src, *new_dst;	1779	char filename, new_src = NULL, *new_dst = NULL;
1778	struct stat sb;	1780	struct stat sb;
1779	Attrib a, *dirattrib;	1781	Attrib a, *dirattrib;
1780		1782
Lines 1825-1830 upload_dir_internal(struct sftp_conn conn, const char src, const char *dst, Link Here
1825	while (((dp = readdir(dirp)) != NULL) && !interrupted) {	1827	while (((dp = readdir(dirp)) != NULL) && !interrupted) {
1826	if (dp->d_ino == 0)	1828	if (dp->d_ino == 0)
1827	continue;	1829	continue;
		1830	free(new_dst);
		1831	free(new_src);
1828	filename = dp->d_name;	1832	filename = dp->d_name;
1829	new_dst = path_append(dst, filename);	1833	new_dst = path_append(dst, filename);
1830	new_src = path_append(src, filename);	1834	new_src = path_append(src, filename);
Lines 1851-1859 upload_dir_internal(struct sftp_conn conn, const char src, const char *dst, Link Here
1851	}	1855	}
1852	} else	1856	} else
1853	logit("%s: not a regular file\n", filename);	1857	logit("%s: not a regular file\n", filename);
1854	free(new_dst);
1855	free(new_src);
1856	}	1858	}
		1859	free(new_dst);
		1860	free(new_src);
1857		1861
1858	do_setstat(conn, dst, &a);	1862	do_setstat(conn, dst, &a);
1859		1863





	if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
		fatal("%s: kex_names_cat", __func__);
	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s, datafellows);
	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
	    compat_cipher_proposal(options.ciphers, datafellows);
	myproposal[PROPOSAL_ENC_ALGS_STOC] =
	    compat_cipher_proposal(options.ciphers, datafellows);
	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
	    myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ?
	    "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib";

			fatal("%s: kex_assemble_namelist", __func__);
		free(all_key);
		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
		    compat_pkalg_proposal(options.hostkeyalgorithms,
		    datafellows);
	} else {
		/* Enforce default */
		options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
		/* Prefer algorithms that we already have keys for */
		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
		    compat_pkalg_proposal(
		    order_hostkeyalgs(host, hostaddr, port), datafellows);
	}

	if (options.rekey_limit || options.rekey_interval)


	/* remove ext-info from the KEX proposals for rekeying */
	myproposal[PROPOSAL_KEX_ALGS] =
	    compat_kex_proposal(options.kex_algorithms, datafellows);
	if ((r = kex_prop2buf(kex->my, myproposal)) != 0)
		fatal("kex_prop2buf: %s", ssh_err(r));





	int r;

	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
	    options.kex_algorithms, datafellows);
	myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(
	    options.ciphers, datafellows);
	myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(
	    options.ciphers, datafellows);
	myproposal[PROPOSAL_MAC_ALGS_CTOS] =
	    myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;


		    options.rekey_interval);

	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
	    list_hostkey_types(), datafellows);

	/* start key exchange */
	if ((r = kex_setup(active_state, myproposal)) != 0)

Return to bug 2883

Lines 2082-2092 do_ssh2_kex(void) Link Here

(-)a/sshd.c (-4 / +4 lines)
2082	int r;	2082	int r;
2083		2083
2084	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(	2084	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
2085	options.kex_algorithms);	2085	options.kex_algorithms, datafellows);
2086	myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(	2086	myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(
2087	options.ciphers);	2087	options.ciphers, datafellows);
2088	myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(	2088	myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(
2089	options.ciphers);	2089	options.ciphers, datafellows);
2090	myproposal[PROPOSAL_MAC_ALGS_CTOS] =	2090	myproposal[PROPOSAL_MAC_ALGS_CTOS] =
2091	myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;	2091	myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
2092		2092
Lines 2100-2106 do_ssh2_kex(void) Link Here
2100	options.rekey_interval);	2100	options.rekey_interval);
2101		2101
2102	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(	2102	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
2103	list_hostkey_types());	2103	list_hostkey_types(), datafellows);
2104		2104
2105	/* start key exchange */	2105	/* start key exchange */
2106	if ((r = kex_setup(active_state, myproposal)) != 0)	2106	if ((r = kex_setup(active_state, myproposal)) != 0)

Lines 201-225 addr_cmp(const struct xaddr a, const struct xaddr b) Link Here

(-)a/addrmatch.c (-12 / +10 lines)
201	static int	201	static int
202	addr_pton(const char p, struct xaddr n)	202	addr_pton(const char p, struct xaddr n)
203	{	203	{
204	struct addrinfo hints, *ai;	204	struct addrinfo hints, *ai = NULL;
		205	int ret = -1;
205		206
206	memset(&hints, '\0', sizeof(hints));	207	memset(&hints, '\0', sizeof(hints));
207	hints.ai_flags = AI_NUMERICHOST;	208	hints.ai_flags = AI_NUMERICHOST;
208		209
209	if (p == NULL \|\| getaddrinfo(p, NULL, &hints, &ai) != 0)	210	if (p == NULL \|\| getaddrinfo(p, NULL, &hints, &ai) != 0)
210	return -1;	211	goto out;
211
212	if (ai == NULL \|\| ai->ai_addr == NULL)	212	if (ai == NULL \|\| ai->ai_addr == NULL)
213	return -1;	213	goto out;
214		214	if (n != NULL && addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen, n) == -1)
215	if (n != NULL &&	215	goto out;
216	addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen, n) == -1) {	216	/* success */
217	freeaddrinfo(ai);	217	ret = 0;
218	return -1;	218	out:
219	}
220
221	freeaddrinfo(ai);	219	freeaddrinfo(ai);
222	return 0;	220	return ret;
223	}	221	}
224		222
225	/*	223	/*

Lines 161-171 ssh_kex2(char host, struct sockaddr hostaddr, u_short port) Link Here

(-)a/sshconnect2.c (-6 / +7 lines)
161		161
162	if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)	162	if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
163	fatal("%s: kex_names_cat", __func__);	163	fatal("%s: kex_names_cat", __func__);
164	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);	164	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s, datafellows);
165	myproposal[PROPOSAL_ENC_ALGS_CTOS] =	165	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
166	compat_cipher_proposal(options.ciphers);	166	compat_cipher_proposal(options.ciphers, datafellows);
167	myproposal[PROPOSAL_ENC_ALGS_STOC] =	167	myproposal[PROPOSAL_ENC_ALGS_STOC] =
168	compat_cipher_proposal(options.ciphers);	168	compat_cipher_proposal(options.ciphers, datafellows);
169	myproposal[PROPOSAL_COMP_ALGS_CTOS] =	169	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
170	myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ?	170	myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ?
171	"zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib";	171	"zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib";
Lines 178-191 ssh_kex2(char host, struct sockaddr hostaddr, u_short port) Link Here
178	fatal("%s: kex_assemble_namelist", __func__);	178	fatal("%s: kex_assemble_namelist", __func__);
179	free(all_key);	179	free(all_key);
180	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =	180	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
181	compat_pkalg_proposal(options.hostkeyalgorithms);	181	compat_pkalg_proposal(options.hostkeyalgorithms,
		182	datafellows);
182	} else {	183	} else {
183	/* Enforce default */	184	/* Enforce default */
184	options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);	185	options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
185	/* Prefer algorithms that we already have keys for */	186	/* Prefer algorithms that we already have keys for */
186	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =	187	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
187	compat_pkalg_proposal(	188	compat_pkalg_proposal(
188	order_hostkeyalgs(host, hostaddr, port));	189	order_hostkeyalgs(host, hostaddr, port), datafellows);
189	}	190	}
190		191
191	if (options.rekey_limit \|\| options.rekey_interval)	192	if (options.rekey_limit \|\| options.rekey_interval)
Lines 215-221 ssh_kex2(char host, struct sockaddr hostaddr, u_short port) Link Here
215		216
216	/* remove ext-info from the KEX proposals for rekeying */	217	/* remove ext-info from the KEX proposals for rekeying */
217	myproposal[PROPOSAL_KEX_ALGS] =	218	myproposal[PROPOSAL_KEX_ALGS] =
218	compat_kex_proposal(options.kex_algorithms);	219	compat_kex_proposal(options.kex_algorithms, datafellows);
219	if ((r = kex_prop2buf(kex->my, myproposal)) != 0)	220	if ((r = kex_prop2buf(kex->my, myproposal)) != 0)
220	fatal("kex_prop2buf: %s", ssh_err(r));	221	fatal("kex_prop2buf: %s", ssh_err(r));
221		222