#define SSH_CMSG_EOF 19
#define SSH_SMSG_EXIT_STATUS 20
#define SSH_CMSG_EXIT_CONFIRMATION 33
+#define SSH_MSG_IGNORE 32
#define SSH_MSG_DEBUG 36
#define GET_32BIT(cp) \
((unsigned long)(unsigned char)(cp)[3]))
#define PUT_32BIT(cp, value) { \
- (cp)[0] = (value) >> 24; \
- (cp)[1] = (value) >> 16; \
- (cp)[2] = (value) >> 8; \
- (cp)[3] = (value); }
+ (cp)[0] = (unsigned char)((value) >> 24); \
+ (cp)[1] = (unsigned char)((value) >> 16); \
+ (cp)[2] = (unsigned char)((value) >> 8); \
+ (cp)[3] = (unsigned char)(value); }
static SOCKET s = INVALID_SOCKET;
/*
* Read and decrypt one incoming SSH packet.
*/
-static void get_packet()
+static void get_packet(void)
{
unsigned char buf[4];
int ret;
int len, pad, biglen;
+ unsigned long realcrc, gotcrc;
next_packet:
pktin.length = len;
if (pktin.maxlen < biglen) {
pktin.maxlen = biglen;
+#ifdef MSCRYPTOAPI
+ /* allocate enough buffer space for extra block
+ * for MS CryptEncrypt() */
+ pktin.data = (pktin.data == NULL) ?
+ smalloc(biglen+8) : srealloc(pktin.data, biglen+8);
+#else
pktin.data = (pktin.data == NULL) ?
- smalloc(biglen) : srealloc(pktin.data, biglen);
+ smalloc(biglen) : srealloc(pktin.data, biglen);
+#endif
}
ret = s_read(pktin.data, biglen);
pktin.type = pktin.data[pad];
pktin.body = pktin.data + pad + 1;
+ realcrc = crc32(pktin.data, biglen-4);
+ gotcrc = (pktin.data[biglen-4] << 24);
+ gotcrc |= (pktin.data[biglen-3] << 16);
+ gotcrc |= (pktin.data[biglen-2] << 8);
+ gotcrc |= (pktin.data[biglen-1] << 0);
+ if (gotcrc != realcrc) {
+ fatalbox("Incorrect CRC received on packet");
+ }
+
if (pktin.type == SSH_MSG_DEBUG) {
if (verbose) {
int len = GET_32BIT(pktin.body);
}
goto next_packet;
}
+ if (pktin.type == SSH_MSG_IGNORE) {
+ goto next_packet;
+ }
}
static void s_wrpkt_start(int type, int len) {
pktout.length = len-5;
if (pktout.maxlen < biglen) {
pktout.maxlen = biglen;
+#ifdef MSCRYPTOAPI
+ /* Allocate enough buffer space for extra block
+ * for MS CryptEncrypt() */
+ pktout.data = (pktout.data == NULL ? malloc(biglen+8) :
+ realloc(pktout.data, biglen+8));
+#else
pktout.data = (pktout.data == NULL ? malloc(biglen+4) :
realloc(pktout.data, biglen+4));
+#endif
if (!pktout.data)
fatalbox("Out of memory");
}
if (!rsabuf)
fatalbox("Out of memory");
- verify_ssh_host_key(savedhost, &hostkey);
+ /*
+ * Verify the host key.
+ */
+ {
+ /*
+ * First format the key into a string.
+ */
+ int len = rsastr_len(&hostkey);
+ char *keystr = malloc(len);
+ if (!keystr)
+ fatalbox("Out of memory");
+ rsastr_fmt(keystr, &hostkey);
+ verify_ssh_host_key(savedhost, keystr);
+ free(keystr);
+ }
for (i=0; i<32; i++) {
rsabuf[i] = session_key[i];
return 0;
if (pktin.type == SSH_SMSG_STDOUT_DATA) {
int plen = GET_32BIT(pktin.body);
- if (plen <= to_read) {
+ if (plen+4 != pktin.length) {
+ fprintf(stderr, "Received data packet with bogus string length"
+ ", ignoring\n");
+ } else if (plen <= to_read) {
memcpy(buf, pktin.body + 4, plen);
buf += plen;
to_read -= plen;
}
} else if (pktin.type == SSH_SMSG_STDERR_DATA) {
int plen = GET_32BIT(pktin.body);
- fwrite(pktin.body + 4, plen, 1, stderr);
+ if (plen+4 != pktin.length) {
+ fprintf(stderr, "Received data packet with bogus string length"
+ ", ignoring\n");
+ } else
+ fwrite(pktin.body + 4, plen, 1, stderr);
} else if (pktin.type == SSH_MSG_DISCONNECT) {
} else if (pktin.type == SSH_SMSG_SUCCESS ||
pktin.type == SSH_SMSG_FAILURE) {
int FWport;
#endif
+#ifdef MSCRYPTOAPI
+ if(crypto_startup() == 0)
+ return "Microsoft high encryption pack not installed!";
+#endif
+
savedhost = malloc(1+strlen(host));
if (!savedhost)
fatalbox("Out of memory");