1 | /* |
---|
2 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. |
---|
3 | * |
---|
4 | * Redistribution and use in source and binary forms, with or without |
---|
5 | * modification, are permitted provided that the following conditions |
---|
6 | * are met: |
---|
7 | * 1. Redistributions of source code must retain the above copyright |
---|
8 | * notice, this list of conditions and the following disclaimer. |
---|
9 | * 2. Redistributions in binary form must reproduce the above copyright |
---|
10 | * notice, this list of conditions and the following disclaimer in the |
---|
11 | * documentation and/or other materials provided with the distribution. |
---|
12 | * |
---|
13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
---|
14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
---|
15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
---|
16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
---|
17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
---|
18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
---|
19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
---|
20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
---|
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
---|
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
---|
23 | */ |
---|
24 | |
---|
25 | #include "includes.h" |
---|
26 | RCSID("$OpenBSD: compat.c,v 1.65 2002/09/27 10:42:09 mickey Exp $"); |
---|
27 | |
---|
28 | #include "buffer.h" |
---|
29 | #include "packet.h" |
---|
30 | #include "xmalloc.h" |
---|
31 | #include "compat.h" |
---|
32 | #include "log.h" |
---|
33 | #include "match.h" |
---|
34 | |
---|
35 | int compat13 = 0; |
---|
36 | int compat20 = 0; |
---|
37 | int datafellows = 0; |
---|
38 | |
---|
39 | void |
---|
40 | enable_compat20(void) |
---|
41 | { |
---|
42 | debug("Enabling compatibility mode for protocol 2.0"); |
---|
43 | compat20 = 1; |
---|
44 | } |
---|
45 | void |
---|
46 | enable_compat13(void) |
---|
47 | { |
---|
48 | debug("Enabling compatibility mode for protocol 1.3"); |
---|
49 | compat13 = 1; |
---|
50 | } |
---|
51 | /* datafellows bug compatibility */ |
---|
52 | void |
---|
53 | compat_datafellows(const char *version) |
---|
54 | { |
---|
55 | int i; |
---|
56 | static struct { |
---|
57 | char *pat; |
---|
58 | int bugs; |
---|
59 | } check[] = { |
---|
60 | { "OpenSSH-2.0*," |
---|
61 | "OpenSSH-2.1*," |
---|
62 | "OpenSSH_2.1*," |
---|
63 | "OpenSSH_2.2*", SSH_OLD_SESSIONID|SSH_BUG_BANNER| |
---|
64 | SSH_OLD_DHGEX|SSH_BUG_NOREKEY| |
---|
65 | SSH_BUG_EXTEOF}, |
---|
66 | { "OpenSSH_2.3.0*", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES| |
---|
67 | SSH_OLD_DHGEX|SSH_BUG_NOREKEY| |
---|
68 | SSH_BUG_EXTEOF}, |
---|
69 | { "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| |
---|
70 | SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, |
---|
71 | { "OpenSSH_2.5.0p1*," |
---|
72 | "OpenSSH_2.5.1p1*", |
---|
73 | SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| |
---|
74 | SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| |
---|
75 | SSH_OLD_GSSAPI}, |
---|
76 | { "OpenSSH_2.5.0*," |
---|
77 | "OpenSSH_2.5.1*," |
---|
78 | "OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY| |
---|
79 | SSH_BUG_EXTEOF}, |
---|
80 | { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, |
---|
81 | { "OpenSSH_2.9p*", SSH_BUG_EXTEOF|SSH_OLD_GSSAPI}, |
---|
82 | { "OpenSSH_2.*," |
---|
83 | "OpenSSH_3.0*," |
---|
84 | "OpenSSH_3.1*", SSH_BUG_EXTEOF}, |
---|
85 | { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, |
---|
86 | { "OpenSSH*", 0 }, |
---|
87 | { "*MindTerm*", 0 }, |
---|
88 | { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
---|
89 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
---|
90 | SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, |
---|
91 | { "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
---|
92 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
---|
93 | SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, |
---|
94 | { "2.0.13*," |
---|
95 | "2.0.14*," |
---|
96 | "2.0.15*," |
---|
97 | "2.0.16*," |
---|
98 | "2.0.17*," |
---|
99 | "2.0.18*," |
---|
100 | "2.0.19*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
---|
101 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
---|
102 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
---|
103 | SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| |
---|
104 | SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE| |
---|
105 | SSH_BUG_DUMMYCHAN }, |
---|
106 | { "2.0.11*," |
---|
107 | "2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
---|
108 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
---|
109 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
---|
110 | SSH_BUG_PKAUTH|SSH_BUG_PKOK| |
---|
111 | SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| |
---|
112 | SSH_BUG_DUMMYCHAN }, |
---|
113 | { "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
---|
114 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
---|
115 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
---|
116 | SSH_BUG_PKAUTH|SSH_BUG_PKOK| |
---|
117 | SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| |
---|
118 | SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN }, |
---|
119 | { "2.2.0*," |
---|
120 | "2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG| |
---|
121 | SSH_BUG_RSASIGMD5 }, |
---|
122 | { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5 }, |
---|
123 | { "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */ |
---|
124 | { "2.*", SSH_BUG_DEBUG }, |
---|
125 | { "3.0.*", SSH_BUG_DEBUG }, |
---|
126 | { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, |
---|
127 | { "1.7 SecureFX*", SSH_OLD_SESSIONID }, |
---|
128 | { "1.2.18*," |
---|
129 | "1.2.19*," |
---|
130 | "1.2.20*," |
---|
131 | "1.2.21*," |
---|
132 | "1.2.22*", SSH_BUG_IGNOREMSG|SSH_BUG_K5USER }, |
---|
133 | { "1.3.2*", /* F-Secure */ |
---|
134 | SSH_BUG_IGNOREMSG|SSH_BUG_K5USER }, |
---|
135 | { "1.2.1*," |
---|
136 | "1.2.2*," |
---|
137 | "1.2.3*", SSH_BUG_K5USER }, |
---|
138 | { "*SSH Compatible Server*", /* Netscreen */ |
---|
139 | SSH_BUG_PASSWORDPAD }, |
---|
140 | { "*OSU_0*," |
---|
141 | "OSU_1.0*," |
---|
142 | "OSU_1.1*," |
---|
143 | "OSU_1.2*," |
---|
144 | "OSU_1.3*," |
---|
145 | "OSU_1.4*," |
---|
146 | "OSU_1.5alpha1*," |
---|
147 | "OSU_1.5alpha2*," |
---|
148 | "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD }, |
---|
149 | { "*SSH_Version_Mapper*", |
---|
150 | SSH_BUG_SCANNER }, |
---|
151 | { "Probe-*", |
---|
152 | SSH_BUG_PROBE }, |
---|
153 | { NULL, 0 } |
---|
154 | }; |
---|
155 | |
---|
156 | /* process table, return first match */ |
---|
157 | for (i = 0; check[i].pat; i++) { |
---|
158 | if (match_pattern_list(version, check[i].pat, |
---|
159 | strlen(check[i].pat), 0) == 1) { |
---|
160 | debug("match: %s pat %s", version, check[i].pat); |
---|
161 | datafellows = check[i].bugs; |
---|
162 | return; |
---|
163 | } |
---|
164 | } |
---|
165 | debug("no match: %s", version); |
---|
166 | } |
---|
167 | |
---|
168 | #define SEP "," |
---|
169 | int |
---|
170 | proto_spec(const char *spec) |
---|
171 | { |
---|
172 | char *s, *p, *q; |
---|
173 | int ret = SSH_PROTO_UNKNOWN; |
---|
174 | |
---|
175 | if (spec == NULL) |
---|
176 | return ret; |
---|
177 | q = s = xstrdup(spec); |
---|
178 | for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) { |
---|
179 | switch (atoi(p)) { |
---|
180 | case 1: |
---|
181 | if (ret == SSH_PROTO_UNKNOWN) |
---|
182 | ret |= SSH_PROTO_1_PREFERRED; |
---|
183 | ret |= SSH_PROTO_1; |
---|
184 | break; |
---|
185 | case 2: |
---|
186 | ret |= SSH_PROTO_2; |
---|
187 | break; |
---|
188 | default: |
---|
189 | log("ignoring bad proto spec: '%s'.", p); |
---|
190 | break; |
---|
191 | } |
---|
192 | } |
---|
193 | xfree(s); |
---|
194 | return ret; |
---|
195 | } |
---|
196 | |
---|
197 | char * |
---|
198 | compat_cipher_proposal(char *cipher_prop) |
---|
199 | { |
---|
200 | Buffer b; |
---|
201 | char *orig_prop, *fix_ciphers; |
---|
202 | char *cp, *tmp; |
---|
203 | |
---|
204 | if (!(datafellows & SSH_BUG_BIGENDIANAES)) |
---|
205 | return(cipher_prop); |
---|
206 | |
---|
207 | buffer_init(&b); |
---|
208 | tmp = orig_prop = xstrdup(cipher_prop); |
---|
209 | while ((cp = strsep(&tmp, ",")) != NULL) { |
---|
210 | if (strncmp(cp, "aes", 3) != 0) { |
---|
211 | if (buffer_len(&b) > 0) |
---|
212 | buffer_append(&b, ",", 1); |
---|
213 | buffer_append(&b, cp, strlen(cp)); |
---|
214 | } |
---|
215 | } |
---|
216 | buffer_append(&b, "\0", 1); |
---|
217 | fix_ciphers = xstrdup(buffer_ptr(&b)); |
---|
218 | buffer_free(&b); |
---|
219 | xfree(orig_prop); |
---|
220 | debug2("Original cipher proposal: %s", cipher_prop); |
---|
221 | debug2("Compat cipher proposal: %s", fix_ciphers); |
---|
222 | if (!*fix_ciphers) |
---|
223 | fatal("No available ciphers found."); |
---|
224 | |
---|
225 | return(fix_ciphers); |
---|
226 | } |
---|