Context Navigation

source: trunk/third/openssh/compat.c @ 18763

Visit:

Revision 18763, 6.3 KB checked in by zacheiss, 22 years ago (diff)
Merge openssh 3.5p1.

Rev	Line
[16800]	1	/*
[18763]	2	* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
[16800]	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	*
	13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	23	*/
	24
	25	#include "includes.h"
[18763]	26	RCSID("$OpenBSD: compat.c,v 1.65 2002/09/27 10:42:09 mickey Exp $");
[16800]	27
[18763]	28	#include "buffer.h"
[16800]	29	#include "packet.h"
	30	#include "xmalloc.h"
	31	#include "compat.h"
	32	#include "log.h"
[18763]	33	#include "match.h"
[16800]	34
	35	int compat13 = 0;
	36	int compat20 = 0;
	37	int datafellows = 0;
	38
	39	void
	40	enable_compat20(void)
	41	{
[18763]	42	debug("Enabling compatibility mode for protocol 2.0");
[16800]	43	compat20 = 1;
	44	}
	45	void
	46	enable_compat13(void)
	47	{
[18763]	48	debug("Enabling compatibility mode for protocol 1.3");
[16800]	49	compat13 = 1;
	50	}
	51	/* datafellows bug compatibility */
	52	void
	53	compat_datafellows(const char *version)
	54	{
[18763]	55	int i;
[16800]	56	static struct {
	57	char *pat;
	58	int bugs;
	59	} check[] = {
[18763]	60	{ "OpenSSH-2.0*,"
	61	"OpenSSH-2.1*,"
	62	"OpenSSH_2.1*,"
	63	"OpenSSH_2.2*", SSH_OLD_SESSIONID\|SSH_BUG_BANNER\|
	64	SSH_OLD_DHGEX\|SSH_BUG_NOREKEY\|
	65	SSH_BUG_EXTEOF},
	66	{ "OpenSSH_2.3.0*", SSH_BUG_BANNER\|SSH_BUG_BIGENDIANAES\|
	67	SSH_OLD_DHGEX\|SSH_BUG_NOREKEY\|
	68	SSH_BUG_EXTEOF},
	69	{ "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES\|SSH_OLD_DHGEX\|
	70	SSH_BUG_NOREKEY\|SSH_BUG_EXTEOF},
	71	{ "OpenSSH_2.5.0p1*,"
	72	"OpenSSH_2.5.1p1*",
[16800]	73	SSH_BUG_BIGENDIANAES\|SSH_OLD_DHGEX\|
[18763]	74	SSH_BUG_NOREKEY\|SSH_BUG_EXTEOF\|
	75	SSH_OLD_GSSAPI},
	76	{ "OpenSSH_2.5.0*,"
	77	"OpenSSH_2.5.1*,"
	78	"OpenSSH_2.5.2*", SSH_OLD_DHGEX\|SSH_BUG_NOREKEY\|
	79	SSH_BUG_EXTEOF},
	80	{ "OpenSSH_2.5.3*", SSH_BUG_NOREKEY\|SSH_BUG_EXTEOF},
	81	{ "OpenSSH_2.9p*", SSH_BUG_EXTEOF\|SSH_OLD_GSSAPI},
	82	{ "OpenSSH_2.*,"
	83	"OpenSSH_3.0*,"
	84	"OpenSSH_3.1*", SSH_BUG_EXTEOF},
	85	{ "Sun_SSH_1.0*", SSH_BUG_NOREKEY\|SSH_BUG_EXTEOF},
	86	{ "OpenSSH*", 0 },
	87	{ "MindTerm", 0 },
	88	{ "2.1.0*", SSH_BUG_SIGBLOB\|SSH_BUG_HMAC\|
[16800]	89	SSH_OLD_SESSIONID\|SSH_BUG_DEBUG\|
	90	SSH_BUG_RSASIGMD5\|SSH_BUG_HBSERVICE },
[18763]	91	{ "2.1 *", SSH_BUG_SIGBLOB\|SSH_BUG_HMAC\|
[16800]	92	SSH_OLD_SESSIONID\|SSH_BUG_DEBUG\|
	93	SSH_BUG_RSASIGMD5\|SSH_BUG_HBSERVICE },
[18763]	94	{ "2.0.13*,"
	95	"2.0.14*,"
	96	"2.0.15*,"
	97	"2.0.16*,"
	98	"2.0.17*,"
	99	"2.0.18*,"
	100	"2.0.19*", SSH_BUG_SIGBLOB\|SSH_BUG_HMAC\|
[16800]	101	SSH_OLD_SESSIONID\|SSH_BUG_DEBUG\|
	102	SSH_BUG_PKSERVICE\|SSH_BUG_X11FWD\|
	103	SSH_BUG_PKOK\|SSH_BUG_RSASIGMD5\|
	104	SSH_BUG_HBSERVICE\|SSH_BUG_OPENFAILURE\|
	105	SSH_BUG_DUMMYCHAN },
[18763]	106	{ "2.0.11*,"
	107	"2.0.12*", SSH_BUG_SIGBLOB\|SSH_BUG_HMAC\|
[16800]	108	SSH_OLD_SESSIONID\|SSH_BUG_DEBUG\|
	109	SSH_BUG_PKSERVICE\|SSH_BUG_X11FWD\|
	110	SSH_BUG_PKAUTH\|SSH_BUG_PKOK\|
	111	SSH_BUG_RSASIGMD5\|SSH_BUG_OPENFAILURE\|
	112	SSH_BUG_DUMMYCHAN },
[18763]	113	{ "2.0.*", SSH_BUG_SIGBLOB\|SSH_BUG_HMAC\|
[16800]	114	SSH_OLD_SESSIONID\|SSH_BUG_DEBUG\|
	115	SSH_BUG_PKSERVICE\|SSH_BUG_X11FWD\|
	116	SSH_BUG_PKAUTH\|SSH_BUG_PKOK\|
	117	SSH_BUG_RSASIGMD5\|SSH_BUG_OPENFAILURE\|
	118	SSH_BUG_DERIVEKEY\|SSH_BUG_DUMMYCHAN },
[18763]	119	{ "2.2.0*,"
	120	"2.3.0*", SSH_BUG_HMAC\|SSH_BUG_DEBUG\|
[16800]	121	SSH_BUG_RSASIGMD5 },
[18763]	122	{ "2.3.*", SSH_BUG_DEBUG\|SSH_BUG_RSASIGMD5 },
	123	{ "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */
	124	{ "2.*", SSH_BUG_DEBUG },
	125	{ "3.0.*", SSH_BUG_DEBUG },
	126	{ "3.0 SecureCRT*", SSH_OLD_SESSIONID },
	127	{ "1.7 SecureFX*", SSH_OLD_SESSIONID },
	128	{ "1.2.18*,"
	129	"1.2.19*,"
	130	"1.2.20*,"
	131	"1.2.21*,"
	132	"1.2.22*", SSH_BUG_IGNOREMSG\|SSH_BUG_K5USER },
	133	{ "1.3.2", / F-Secure */
	134	SSH_BUG_IGNOREMSG\|SSH_BUG_K5USER },
	135	{ "1.2.1*,"
	136	"1.2.2*,"
	137	"1.2.3*", SSH_BUG_K5USER },
	138	{ "SSH Compatible Server", /* Netscreen */
[16800]	139	SSH_BUG_PASSWORDPAD },
[18763]	140	{ "OSU_0,"
	141	"OSU_1.0*,"
	142	"OSU_1.1*,"
	143	"OSU_1.2*,"
	144	"OSU_1.3*,"
	145	"OSU_1.4*,"
	146	"OSU_1.5alpha1*,"
	147	"OSU_1.5alpha2*,"
	148	"OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD },
	149	{ "SSH_Version_Mapper",
[16800]	150	SSH_BUG_SCANNER },
[18763]	151	{ "Probe-*",
	152	SSH_BUG_PROBE },
[16800]	153	{ NULL, 0 }
	154	};
[18763]	155
[16800]	156	/* process table, return first match */
	157	for (i = 0; check[i].pat; i++) {
[18763]	158	if (match_pattern_list(version, check[i].pat,
	159	strlen(check[i].pat), 0) == 1) {
[16800]	160	debug("match: %s pat %s", version, check[i].pat);
	161	datafellows = check[i].bugs;
	162	return;
	163	}
	164	}
	165	debug("no match: %s", version);
	166	}
	167
	168	#define SEP ","
	169	int
	170	proto_spec(const char *spec)
	171	{
	172	char s, p, *q;
	173	int ret = SSH_PROTO_UNKNOWN;
	174
	175	if (spec == NULL)
	176	return ret;
	177	q = s = xstrdup(spec);
	178	for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) {
[18763]	179	switch (atoi(p)) {
[16800]	180	case 1:
	181	if (ret == SSH_PROTO_UNKNOWN)
	182	ret \|= SSH_PROTO_1_PREFERRED;
	183	ret \|= SSH_PROTO_1;
	184	break;
	185	case 2:
	186	ret \|= SSH_PROTO_2;
	187	break;
	188	default:
	189	log("ignoring bad proto spec: '%s'.", p);
	190	break;
	191	}
	192	}
	193	xfree(s);
	194	return ret;
	195	}
	196
	197	char *
	198	compat_cipher_proposal(char *cipher_prop)
	199	{
[18763]	200	Buffer b;
[16800]	201	char orig_prop, fix_ciphers;
	202	char cp, tmp;
	203
	204	if (!(datafellows & SSH_BUG_BIGENDIANAES))
	205	return(cipher_prop);
	206
[18763]	207	buffer_init(&b);
[16800]	208	tmp = orig_prop = xstrdup(cipher_prop);
[18763]	209	while ((cp = strsep(&tmp, ",")) != NULL) {
	210	if (strncmp(cp, "aes", 3) != 0) {
	211	if (buffer_len(&b) > 0)
	212	buffer_append(&b, ",", 1);
	213	buffer_append(&b, cp, strlen(cp));
[16800]	214	}
	215	}
[18763]	216	buffer_append(&b, "\0", 1);
	217	fix_ciphers = xstrdup(buffer_ptr(&b));
	218	buffer_free(&b);
[16800]	219	xfree(orig_prop);
	220	debug2("Original cipher proposal: %s", cipher_prop);
	221	debug2("Compat cipher proposal: %s", fix_ciphers);
	222	if (!*fix_ciphers)
	223	fatal("No available ciphers found.");
	224
	225	return(fix_ciphers);
	226	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: