struct Packet *pktin);
static void ssh2_channel_check_close(struct ssh_channel *c);
static void ssh_channel_destroy(struct ssh_channel *c);
+static void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin);
/*
* Buffer management constants. There are several of these for
}
}
+ /*
+ * RFC 4253 doesn't explicitly say that completely empty packets
+ * with no type byte are forbidden, so treat them as deserving
+ * an SSH_MSG_UNIMPLEMENTED.
+ */
+ if (st->pktin->length <= 5) { /* == 5 we hope, but robustness */
+ ssh2_msg_something_unimplemented(ssh, st->pktin);
+ crStop(NULL);
+ }
/*
* pktin->body and pktin->length should identify the semantic
* content of the packet, excluding the initial type byte.
}
ssh_fix_verstring(verstring + strlen(protoname));
+#ifdef FUZZING
+ /* FUZZING make PuTTY insecure, so make live use difficult. */
+ verstring[0] = 'I';
+#endif
if (ssh->version == 2) {
size_t len;
ssh_throttle_all(ssh, 0, bufsize);
}
-/*
- * Connect to specified host and port.
- * Returns an error message, or NULL on success.
- * Also places the canonical host name into `realhost'. It must be
- * freed by the caller.
- */
-static const char *connect_to_host(Ssh ssh, const char *host, int port,
- char **realhost, int nodelay, int keepalive)
+static void ssh_hostport_setup(const char *host, int port, Conf *conf,
+ char **savedhost, int *savedport,
+ char **loghost_ret)
{
- static const struct plug_function_table fn_table = {
- ssh_socket_log,
- ssh_closing,
- ssh_receive,
- ssh_sent,
- NULL
- };
+ char *loghost = conf_get_str(conf, CONF_loghost);
+ if (loghost_ret)
+ *loghost_ret = loghost;
- SockAddr addr;
- const char *err;
- char *loghost;
- int addressfamily, sshprot;
-
- loghost = conf_get_str(ssh->conf, CONF_loghost);
if (*loghost) {
char *tmphost;
char *colon;
tmphost = dupstr(loghost);
- ssh->savedport = 22; /* default ssh port */
+ *savedport = 22; /* default ssh port */
/*
* A colon suffix on the hostname string also lets us affect
if (colon && colon == host_strchr(tmphost, ':')) {
*colon++ = '\0';
if (*colon)
- ssh->savedport = atoi(colon);
+ *savedport = atoi(colon);
}
- ssh->savedhost = host_strduptrim(tmphost);
+ *savedhost = host_strduptrim(tmphost);
sfree(tmphost);
} else {
- ssh->savedhost = host_strduptrim(host);
+ *savedhost = host_strduptrim(host);
if (port < 0)
port = 22; /* default ssh port */
- ssh->savedport = port;
+ *savedport = port;
}
+}
+
+static int ssh_test_for_upstream(const char *host, int port, Conf *conf)
+{
+ char *savedhost;
+ int savedport;
+ int ret;
+
+ random_ref(); /* platform may need this to determine share socket name */
+ ssh_hostport_setup(host, port, conf, &savedhost, &savedport, NULL);
+ ret = ssh_share_test_for_upstream(savedhost, savedport, conf);
+ sfree(savedhost);
+ random_unref();
+
+ return ret;
+}
+
+/*
+ * Connect to specified host and port.
+ * Returns an error message, or NULL on success.
+ * Also places the canonical host name into `realhost'. It must be
+ * freed by the caller.
+ */
+static const char *connect_to_host(Ssh ssh, const char *host, int port,
+ char **realhost, int nodelay, int keepalive)
+{
+ static const struct plug_function_table fn_table = {
+ ssh_socket_log,
+ ssh_closing,
+ ssh_receive,
+ ssh_sent,
+ NULL
+ };
+
+ SockAddr addr;
+ const char *err;
+ char *loghost;
+ int addressfamily, sshprot;
+
+ ssh_hostport_setup(host, port, ssh->conf,
+ &ssh->savedhost, &ssh->savedport, &loghost);
ssh->fn = &fn_table; /* make 'ssh' usable as a Plug */
"rsa", keystr, fingerprint,
ssh_dialog_callback, ssh);
sfree(keystr);
+#ifdef FUZZING
+ s->dlgret = 1;
+#endif
if (s->dlgret < 0) {
do {
crReturn(0);
/* List encryption algorithms (client->server then server->client). */
for (k = KEXLIST_CSCIPHER; k <= KEXLIST_SCCIPHER; k++) {
warn = FALSE;
+#ifdef FUZZING
+ alg = ssh2_kexinit_addalg(s->kexlists[k], "none");
+ alg->u.cipher.cipher = NULL;
+ alg->u.cipher.warn = warn;
+#endif /* FUZZING */
for (i = 0; i < s->n_preferred_ciphers; i++) {
const struct ssh2_ciphers *c = s->preferred_ciphers[i];
if (!c) warn = TRUE;
}
/* List MAC algorithms (client->server then server->client). */
for (j = KEXLIST_CSMAC; j <= KEXLIST_SCMAC; j++) {
+#ifdef FUZZING
+ alg = ssh2_kexinit_addalg(s->kexlists[j], "none");
+ alg->u.mac.mac = NULL;
+ alg->u.mac.etm = FALSE;
+#endif /* FUZZING */
for (i = 0; i < s->nmacs; i++) {
alg = ssh2_kexinit_addalg(s->kexlists[j], s->maclist[i]->name);
alg->u.mac.mac = s->maclist[i];
bombout(("KEXINIT packet was incomplete"));
crStopV;
}
+
+ /* If we've already selected a cipher which requires a
+ * particular MAC, then just select that, and don't even
+ * bother looking through the server's KEXINIT string for
+ * MACs. */
+ if (i == KEXLIST_CSMAC && s->cscipher_tobe &&
+ s->cscipher_tobe->required_mac) {
+ s->csmac_tobe = s->cscipher_tobe->required_mac;
+ s->csmac_etm_tobe = !!(s->csmac_tobe->etm_name);
+ goto matched;
+ }
+ if (i == KEXLIST_SCMAC && s->sccipher_tobe &&
+ s->sccipher_tobe->required_mac) {
+ s->scmac_tobe = s->sccipher_tobe->required_mac;
+ s->scmac_etm_tobe = !!(s->scmac_tobe->etm_name);
+ goto matched;
+ }
+
for (j = 0; j < MAXKEXLIST; j++) {
struct kexinit_algorithm *alg = &s->kexlists[i][j];
if (alg->name == NULL) break;
matched:;
}
- /* If the cipher over-rides the mac, then pick it */
- if (s->cscipher_tobe && s->cscipher_tobe->required_mac) {
- s->csmac_tobe = s->cscipher_tobe->required_mac;
- s->csmac_etm_tobe = !!(s->csmac_tobe->etm_name);
- }
- if (s->sccipher_tobe && s->sccipher_tobe->required_mac) {
- s->scmac_tobe = s->sccipher_tobe->required_mac;
- s->scmac_etm_tobe = !!(s->scmac_tobe->etm_name);
- }
-
if (s->pending_compression) {
logevent("Server supports delayed compression; "
"will try this later");
{
int csbits, scbits;
- csbits = s->cscipher_tobe->keylen;
- scbits = s->sccipher_tobe->keylen;
+ csbits = s->cscipher_tobe ? s->cscipher_tobe->real_keybits : 0;
+ scbits = s->sccipher_tobe ? s->sccipher_tobe->real_keybits : 0;
s->nbits = (csbits > scbits ? csbits : scbits);
}
/* The keys only have hlen-bit entropy, since they're based on
!ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen,
(char *)s->exchange_hash,
ssh->kex->hash->hlen)) {
+#ifndef FUZZING
bombout(("Server's host key did not match the signature supplied"));
crStopV;
+#endif
}
s->keystr = ssh->hostkey->fmtkey(s->hkey);
ssh->hostkey->keytype, s->keystr,
s->fingerprint,
ssh_dialog_callback, ssh);
+#ifdef FUZZING
+ s->dlgret = 1;
+#endif
if (s->dlgret < 0) {
do {
crReturnV;
* the one we saw before.
*/
if (strcmp(ssh->hostkey_str, s->keystr)) {
+#ifndef FUZZING
bombout(("Host key was different in repeat key exchange"));
crStopV;
+#endif
}
sfree(s->keystr);
}
if (ssh->cs_cipher_ctx)
ssh->cscipher->free_context(ssh->cs_cipher_ctx);
ssh->cscipher = s->cscipher_tobe;
- ssh->cs_cipher_ctx = ssh->cscipher->make_context();
+ if (ssh->cscipher) ssh->cs_cipher_ctx = ssh->cscipher->make_context();
if (ssh->cs_mac_ctx)
ssh->csmac->free_context(ssh->cs_mac_ctx);
ssh->csmac = s->csmac_tobe;
ssh->csmac_etm = s->csmac_etm_tobe;
- ssh->cs_mac_ctx = ssh->csmac->make_context(ssh->cs_cipher_ctx);
+ if (ssh->csmac)
+ ssh->cs_mac_ctx = ssh->csmac->make_context(ssh->cs_cipher_ctx);
if (ssh->cs_comp_ctx)
ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
* Set IVs on client-to-server keys. Here we use the exchange
* hash from the _first_ key exchange.
*/
- {
+ if (ssh->cscipher) {
unsigned char *key;
key = ssh2_mkkey(ssh, s->K, s->exchange_hash, 'C',
- (ssh->cscipher->keylen+7) / 8);
+ ssh->cscipher->padded_keybytes);
ssh->cscipher->setkey(ssh->cs_cipher_ctx, key);
- smemclr(key, (ssh->cscipher->keylen+7) / 8);
+ smemclr(key, ssh->cscipher->padded_keybytes);
sfree(key);
key = ssh2_mkkey(ssh, s->K, s->exchange_hash, 'A',
ssh->cscipher->setiv(ssh->cs_cipher_ctx, key);
smemclr(key, ssh->cscipher->blksize);
sfree(key);
+ }
+ if (ssh->csmac) {
+ unsigned char *key;
key = ssh2_mkkey(ssh, s->K, s->exchange_hash, 'E',
ssh->csmac->keylen);
sfree(key);
}
- logeventf(ssh, "Initialised %.200s client->server encryption",
- ssh->cscipher->text_name);
- logeventf(ssh, "Initialised %.200s client->server MAC algorithm%s%s",
- ssh->csmac->text_name,
- ssh->csmac_etm ? " (in ETM mode)" : "",
- ssh->cscipher->required_mac ? " (required by cipher)" : "");
+ if (ssh->cscipher)
+ logeventf(ssh, "Initialised %.200s client->server encryption",
+ ssh->cscipher->text_name);
+ if (ssh->csmac)
+ logeventf(ssh, "Initialised %.200s client->server MAC algorithm%s%s",
+ ssh->csmac->text_name,
+ ssh->csmac_etm ? " (in ETM mode)" : "",
+ ssh->cscipher->required_mac ? " (required by cipher)" : "");
if (ssh->cscomp->text_name)
logeventf(ssh, "Initialised %s compression",
ssh->cscomp->text_name);
*/
if (ssh->sc_cipher_ctx)
ssh->sccipher->free_context(ssh->sc_cipher_ctx);
- ssh->sccipher = s->sccipher_tobe;
- ssh->sc_cipher_ctx = ssh->sccipher->make_context();
+ if (ssh->sccipher) {
+ ssh->sccipher = s->sccipher_tobe;
+ ssh->sc_cipher_ctx = ssh->sccipher->make_context();
+ }
if (ssh->sc_mac_ctx)
ssh->scmac->free_context(ssh->sc_mac_ctx);
- ssh->scmac = s->scmac_tobe;
- ssh->scmac_etm = s->scmac_etm_tobe;
- ssh->sc_mac_ctx = ssh->scmac->make_context(ssh->sc_cipher_ctx);
+ if (ssh->scmac) {
+ ssh->scmac = s->scmac_tobe;
+ ssh->scmac_etm = s->scmac_etm_tobe;
+ ssh->sc_mac_ctx = ssh->scmac->make_context(ssh->sc_cipher_ctx);
+ }
if (ssh->sc_comp_ctx)
ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
* Set IVs on server-to-client keys. Here we use the exchange
* hash from the _first_ key exchange.
*/
- {
+ if (ssh->sccipher) {
unsigned char *key;
key = ssh2_mkkey(ssh, s->K, s->exchange_hash, 'D',
- (ssh->sccipher->keylen + 7) / 8);
+ ssh->sccipher->padded_keybytes);
ssh->sccipher->setkey(ssh->sc_cipher_ctx, key);
- smemclr(key, (ssh->sccipher->keylen + 7) / 8);
+ smemclr(key, ssh->sccipher->padded_keybytes);
sfree(key);
key = ssh2_mkkey(ssh, s->K, s->exchange_hash, 'B',
ssh->sccipher->setiv(ssh->sc_cipher_ctx, key);
smemclr(key, ssh->sccipher->blksize);
sfree(key);
+ }
+ if (ssh->scmac) {
+ unsigned char *key;
key = ssh2_mkkey(ssh, s->K, s->exchange_hash, 'F',
ssh->scmac->keylen);
smemclr(key, ssh->scmac->keylen);
sfree(key);
}
- logeventf(ssh, "Initialised %.200s server->client encryption",
- ssh->sccipher->text_name);
- logeventf(ssh, "Initialised %.200s server->client MAC algorithm%s%s",
- ssh->scmac->text_name,
- ssh->scmac_etm ? " (in ETM mode)" : "",
- ssh->sccipher->required_mac ? " (required by cipher)" : "");
+ if (ssh->sccipher)
+ logeventf(ssh, "Initialised %.200s server->client encryption",
+ ssh->sccipher->text_name);
+ if (ssh->scmac)
+ logeventf(ssh, "Initialised %.200s server->client MAC algorithm%s%s",
+ ssh->scmac->text_name,
+ ssh->scmac_etm ? " (in ETM mode)" : "",
+ ssh->sccipher->required_mac ? " (required by cipher)" : "");
if (ssh->sccomp->text_name)
logeventf(ssh, "Initialised %s decompression",
ssh->sccomp->text_name);
ssh_provide_logctx,
ssh_unthrottle,
ssh_cfg_info,
+ ssh_test_for_upstream,
"ssh",
PROT_SSH,
22
projects / PuTTY.git / blobdiff