Remove last vestiges of `buggymac' in the Config structure. Might

[u/mdw/putty] / ssh.c

diff --git a/ssh.c b/ssh.c
index a23ead9..3e8396f 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -183,6 +183,7 @@ static const char *const ssh2_disconnect_reasons[] = {
 #define BUG_CHOKES_ON_RSA                        8
 #define BUG_SSH2_RSA_PADDING                    16
 #define BUG_SSH2_DERIVEKEY                       32
+#define BUG_SSH2_DH_GEX                          64
 
 static int ssh_pkt_ctx = 0;
 
@@ -1742,6 +1743,14 @@ static void ssh_detect_bugs(char *vstring)
        ssh_remote_bugs |= BUG_SSH2_RSA_PADDING;
        logevent("We believe remote version has SSH2 RSA padding bug");
     }
+
+    if (cfg.sshbug_dhgex2 == BUG_ON) {
+       /*
+        * These versions have the SSH2 DH GEX bug.
+        */
+       ssh_remote_bugs |= BUG_SSH2_DH_GEX;
+       logevent("We believe remote version has SSH2 DH group exchange bug");
+    }
 }
 
 static int do_ssh_init(unsigned char c)
@@ -3354,7 +3363,7 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt)
                unsigned i = GET_32BIT(pktin.body);
                struct ssh_channel *c;
                c = find234(ssh_channels, &i, ssh_channelfind);
-               if (c) {
+               if (c && ((int)c->remoteid) != -1) {
                    int closetype;
                    closetype =
                        (pktin.type == SSH1_MSG_CHANNEL_CLOSE ? 1 : 2);
@@ -3383,6 +3392,11 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt)
                        del234(ssh_channels, c);
                        sfree(c);
                    }
+               } else {
+                   bombout(("Received CHANNEL_CLOSE%s for %s channel %d\n",
+                            pktin.type == SSH1_MSG_CHANNEL_CLOSE ? "" :
+                            "_CONFIRMATION", c ? "half-open" : "nonexistent",
+                            i));
                }
            } else if (pktin.type == SSH1_MSG_CHANNEL_DATA) {
                /* Data sent down one of our channels. */
@@ -3628,7 +3642,7 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
     /*
      * Be prepared to work around the buggy MAC problem.
      */
-    if (cfg.buggymac || (ssh_remote_bugs & BUG_SSH2_HMAC))
+    if (ssh_remote_bugs & BUG_SSH2_HMAC)
        maclist = buggymacs, nmacs = lenof(buggymacs);
     else
        maclist = macs, nmacs = lenof(macs);
@@ -3643,6 +3657,9 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
     /* List key exchange algorithms. */
     ssh2_pkt_addstring_start();
     for (i = 0; i < lenof(kex_algs); i++) {
+       if (kex_algs[i] == &ssh_diffiehellman_gex &&
+           (ssh_remote_bugs & BUG_SSH2_DH_GEX))
+           continue;
        ssh2_pkt_addstring_str(kex_algs[i]->name);
        if (i < lenof(kex_algs) - 1)
            ssh2_pkt_addstring_str(",");
@@ -3749,6 +3766,9 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
     pktin.savedpos += 16;             /* skip garbage cookie */
     ssh2_pkt_getstring(&str, &len);    /* key exchange algorithms */
     for (i = 0; i < lenof(kex_algs); i++) {
+       if (kex_algs[i] == &ssh_diffiehellman_gex &&
+           (ssh_remote_bugs & BUG_SSH2_DH_GEX))
+           continue;
        if (in_commasep_string(kex_algs[i]->name, str, len)) {
            kex = kex_algs[i];
            break;
@@ -5359,8 +5379,10 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
                struct ssh_channel *c;
 
                c = find234(ssh_channels, &i, ssh_channelfind);
-               if (!c)
-                   continue;          /* nonexistent channel */
+               if (!c || ((int)c->remoteid) == -1) {
+                   bombout(("Received CHANNEL_CLOSE for %s channel %d\n",
+                            c ? "half-open" : "nonexistent", i));
+               }
                /* Do pre-close processing on the channel. */
                switch (c->type) {
                  case CHAN_MAINSESSION: