Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:th_osbug:openssh-4.3p2-lpk
openssh-4.3p2-41-lpk
openssh-4.3p2-cbc.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssh-4.3p2-cbc.patch of Package openssh-4.3p2-41-lpk
--- packet.c 2009-05-26 12:31:22.000000000 +0200 +++ packet.c 2009-05-26 12:30:36.000000000 +0200 @@ -70,6 +70,8 @@ #define DBG(x) #endif +#define PACKET_MAX_SIZE (256 * 1024) + /* * This variable contains the file descriptors used for communicating with * the other side. connection_in is used for reading; connection_out for @@ -122,6 +124,8 @@ /* Set to true if we are authenticated. */ static int after_authentication = 0; +int client_alive_timeouts = 0; + /* Session key information for Encryption and MAC */ Newkeys *newkeys[MODE_MAX]; static struct packet_state { @@ -140,6 +144,10 @@ /* roundup current message to extra_pad bytes */ static u_char extra_pad = 0; +/* XXX discard incoming data after MAC error */ +static u_int packet_discard = 0; +static Mac *packet_discard_mac = NULL; + struct packet { TAILQ_ENTRY(packet) next; u_char type; @@ -175,6 +183,36 @@ } } +static void +packet_stop_discard(void) +{ + if (packet_discard_mac) { + char buf[1024]; + + memset(buf, 'a', sizeof(buf)); + while (buffer_len(&incoming_packet) < PACKET_MAX_SIZE) + buffer_append(&incoming_packet, buf, sizeof(buf)); + (void) mac_compute(packet_discard_mac, + p_read.seqnr, + buffer_ptr(&incoming_packet), + PACKET_MAX_SIZE); + } + logit("Finished discarding for %.200s", get_remote_ipaddr()); + cleanup_exit(255); +} + +static void +packet_start_discard(Enc *enc, Mac *mac, u_int packet_length, u_int discard) +{ + if (enc == NULL || !cipher_is_cbc(enc->cipher)) + packet_disconnect("Packet corrupt"); + if (packet_length != PACKET_MAX_SIZE && mac && mac->enabled) + packet_discard_mac = mac; + if (buffer_len(&input) >= discard) + packet_stop_discard(); + packet_discard = discard - buffer_len(&input); +} + /* Returns 1 if remote host is connected via socket, 0 if not. */ int @@ -1046,6 +1084,9 @@ Mac *mac = NULL; Comp *comp = NULL; + if (packet_discard) + return SSH_MSG_NONE; + if (newkeys[MODE_IN] != NULL) { enc = &newkeys[MODE_IN]->enc; mac = &newkeys[MODE_IN]->mac; @@ -1067,11 +1108,14 @@ block_size); cp = buffer_ptr(&incoming_packet); packet_length = GET_32BIT(cp); - if (packet_length < 1 + 4 || packet_length > 256 * 1024) { + if (packet_length < 1 + 4 || packet_length > PACKET_MAX_SIZE) { #ifdef PACKET_DEBUG buffer_dump(&incoming_packet); #endif - packet_disconnect("Bad packet length %u.", packet_length); + logit("Bad packet length %u.", packet_length); + packet_start_discard(enc, mac, packet_length, + PACKET_MAX_SIZE); + return SSH_MSG_NONE; } DBG(debug("input: packet len %u", packet_length+4)); buffer_consume(&input, block_size); @@ -1080,9 +1124,13 @@ need = 4 + packet_length - block_size; DBG(debug("partial packet %d, need %d, maclen %d", block_size, need, maclen)); - if (need % block_size != 0) - fatal("padding error: need %d block %d mod %d", + if (need % block_size != 0) { + logit("padding error: need %d block %d mod %d", need, block_size, need % block_size); + packet_start_discard(enc, mac, packet_length, + PACKET_MAX_SIZE - block_size); + return SSH_MSG_NONE; + } /* * check if the entire packet has been received and * decrypt into incoming_packet @@ -1104,11 +1152,19 @@ macbuf = mac_compute(mac, p_read.seqnr, buffer_ptr(&incoming_packet), buffer_len(&incoming_packet)); - if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0) - packet_disconnect("Corrupted MAC on input."); + if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0) { + logit("Corrupted MAC on input."); + if (need > PACKET_MAX_SIZE) + fatal("internal error need %d", need); + packet_start_discard(enc, mac, packet_length, + PACKET_MAX_SIZE - need); + return SSH_MSG_NONE; + } + DBG(debug("MAC #%d ok", p_read.seqnr)); buffer_consume(&input, mac->mac_len); } + /* XXX now it's safe to use fatal/packet_disconnect */ if (seqnr_p != NULL) *seqnr_p = p_read.seqnr; if (++p_read.seqnr == 0) @@ -1240,6 +1296,13 @@ void packet_process_incoming(const char *buf, u_int len) { + if (packet_discard) { + client_alive_timeouts = 0; /* ?? */ + if (len >= packet_discard) + packet_stop_discard(); + packet_discard -= len; + return; + } buffer_append(&input, buf, len); } --- cipher.c 2009-05-26 12:38:28.000000000 +0200 +++ cipher.c 2009-05-26 12:38:13.000000000 +0200 @@ -61,47 +61,48 @@ u_int block_size; u_int key_len; u_int discard_len; + u_int cbc_mode; const EVP_CIPHER *(*evptype)(void); } ciphers[] = { - { "none", SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null }, - { "des", SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc }, - { "3des", SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des }, - { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf }, - - { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc }, - { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_bf_cbc }, - { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_cast5_cbc }, - { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 }, - { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 }, - { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 }, - { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc }, - { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc }, - { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, + { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null }, + { "des", SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc }, + { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des }, + { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 1, evp_ssh1_bf }, + + { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc }, + { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_bf_cbc }, + { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_cast5_cbc }, + { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, EVP_rc4 }, + { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, 0, EVP_rc4 }, + { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, 0, EVP_rc4 }, + { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 1, EVP_aes_128_cbc }, + { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 1, EVP_aes_192_cbc }, + { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, { "rijndael-cbc@lysator.liu.se", - SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, - { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr }, - { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr }, - { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr }, + SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr }, + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr }, + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr }, #ifdef USE_CIPHER_ACSS - { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss }, + { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss }, #endif - { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL } + { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL } }; struct Cipher fips_ciphers[] = { - { "none", SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null }, - { "3des", SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des }, + { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null }, + { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des }, - { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc }, - { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc }, - { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc }, - { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, + { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc }, + { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 1, EVP_aes_128_cbc }, + { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 1, EVP_aes_192_cbc }, + { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, { "rijndael-cbc@lysator.liu.se", - SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, - { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr }, - { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr }, - { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr }, - { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL } + SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr }, + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr }, + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr }, + { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL } }; /*--*/ @@ -125,6 +126,12 @@ } u_int +cipher_is_cbc(const Cipher *c) +{ + return (c->cbc_mode); +} + +u_int cipher_mask_ssh1(int client) { u_int mask = 0; --- cipher.h 2009-05-26 12:51:43.000000000 +0200 +++ cipher.h 2009-05-26 12:51:06.000000000 +0200 @@ -81,6 +81,7 @@ int cipher_set_key_string(CipherContext *, Cipher *, const char *, int); u_int cipher_blocksize(const Cipher *); u_int cipher_keylen(const Cipher *); +u_int cipher_is_cbc(const Cipher *); u_int cipher_get_number(const Cipher *); void cipher_get_keyiv(CipherContext *, u_char *, u_int); --- serverloop.c 2009-05-26 06:26:09.000000000 -0700 +++ serverloop.c 2009-05-26 06:34:44.000000000 -0700 @@ -82,7 +82,6 @@ static int connection_out; /* Connection to client (output). */ static int connection_closed = 0; /* Connection to client closed. */ static u_int buffer_high; /* "Soft" max buffer size. */ -static int client_alive_timeouts = 0; /* * This SIGCHLD kludge is used to detect when the child exits. The server --- packet.h 2009-05-26 06:43:57.000000000 -0700 +++ packet.h 2009-05-26 06:46:06.000000000 -0700 @@ -84,6 +84,7 @@ void tty_parse_modes(int, int *); extern u_int max_packet_size; +extern int client_alive_timeouts; int packet_set_maxsize(u_int); #define packet_get_maxsize() max_packet_size
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
