st->biglen = st->len + st->pad;
ssh->pktin.length = st->len - 5;
+ if (st->biglen < 0) {
+ bombout(("Extremely large packet length from server suggests"
+ " data stream corruption"));
+ crStop(0);
+ }
+
if (ssh->pktin.maxlen < st->biglen) {
ssh->pktin.maxlen = st->biglen;
ssh->pktin.data = sresize(ssh->pktin.data, st->biglen + APIEXTRA,
(!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") ||
!strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") ||
!strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25") ||
- !strcmp(imp, "OSU_1.4alpha3")))) {
+ !strcmp(imp, "OSU_1.4alpha3") || !strcmp(imp, "OSU_1.5alpha4")))) {
/*
* These versions don't support SSH1_MSG_IGNORE, so we have
* to use a different defence against password length
if (!ssh1_pkt_getrsakey(ssh, &servkey, &s->keystr1) ||
!ssh1_pkt_getrsakey(ssh, &hostkey, &s->keystr2)) {
- bombout(("SSH1 public key packet stopped before public keys"));
+ bombout(("Failed to read SSH1 public keys from public key packet"));
crStop(0);
}
}
}
if (sport && dport) {
+ /* Set up a description of the source port. */
+ char *sportdesc = dupprintf("%.*s%.*s%.*s%.*s%d%.*s",
+ (int)(*saddr?strlen(saddr):0), *saddr?saddr:NULL,
+ (int)(*saddr?1:0), ":",
+ (int)(sserv ? strlen(sports) : 0), sports,
+ sserv, "(", sport, sserv, ")");
if (type == 'L') {
- pfd_addforward(host, dport, *saddr ? saddr : NULL,
- sport, ssh, &ssh->cfg);
- logeventf(ssh, "Local port %.*s%.*s%.*s%.*s%d%.*s"
- " forwarding to %s:%.*s%.*s%d%.*s",
- (int)(*saddr?strlen(saddr):0), *saddr?saddr:NULL,
- (int)(*saddr?1:0), ":",
- (int)(sserv ? strlen(sports) : 0), sports,
- sserv, "(", sport, sserv, ")",
- host,
- (int)(dserv ? strlen(dports) : 0), dports,
- dserv, "(", dport, dserv, ")");
+ /* Verbose description of the destination port */
+ char *dportdesc = dupprintf("%s:%.*s%.*s%d%.*s",
+ host,
+ (int)(dserv ? strlen(dports) : 0), dports,
+ dserv, "(", dport, dserv, ")");
+ const char *err = pfd_addforward(host, dport,
+ *saddr ? saddr : NULL,
+ sport, ssh, &ssh->cfg);
+ if (err) {
+ logeventf(ssh, "Local port %s forward to %s"
+ " failed: %s", sportdesc, dportdesc, err);
+ } else {
+ logeventf(ssh, "Local port %s forwarding to %s",
+ sportdesc, dportdesc);
+ }
+ sfree(dportdesc);
} else if (type == 'D') {
- pfd_addforward(NULL, -1, *saddr ? saddr : NULL,
- sport, ssh, &ssh->cfg);
- logeventf(ssh, "Local port %.*s%.*s%.*s%.*s%d%.*s"
- " doing SOCKS dynamic forwarding",
- (int)(*saddr?strlen(saddr):0), *saddr?saddr:NULL,
- (int)(*saddr?1:0), ":",
- (int)(sserv ? strlen(sports) : 0), sports,
- sserv, "(", sport, sserv, ")");
+ const char *err = pfd_addforward(NULL, -1,
+ *saddr ? saddr : NULL,
+ sport, ssh, &ssh->cfg);
+ if (err) {
+ logeventf(ssh, "Local port %s SOCKS dynamic forward"
+ " setup failed: %s", sportdesc, err);
+ } else {
+ logeventf(ssh, "Local port %s doing SOCKS"
+ " dynamic forwarding", sportdesc);
+ }
} else {
struct ssh_rportfwd *pf;
pf = snew(struct ssh_rportfwd);
logevent("Remote port forwarding enabled");
}
}
+ sfree(sportdesc);
}
}
}
}
/* List client->server compression algorithms. */
ssh2_pkt_addstring_start(ssh);
- for (i = 0; i < lenof(compressions) + 1; i++) {
- const struct ssh_compress *c =
- i == 0 ? s->preferred_comp : compressions[i - 1];
- ssh2_pkt_addstring_str(ssh, c->name);
- if (i < lenof(compressions))
+ assert(lenof(compressions) > 1);
+ ssh2_pkt_addstring_str(ssh, s->preferred_comp->name);
+ for (i = 0; i < lenof(compressions); i++) {
+ const struct ssh_compress *c = compressions[i];
+ if (c != s->preferred_comp) {
ssh2_pkt_addstring_str(ssh, ",");
+ ssh2_pkt_addstring_str(ssh, c->name);
+ }
}
/* List server->client compression algorithms. */
ssh2_pkt_addstring_start(ssh);
- for (i = 0; i < lenof(compressions) + 1; i++) {
- const struct ssh_compress *c =
- i == 0 ? s->preferred_comp : compressions[i - 1];
- ssh2_pkt_addstring_str(ssh, c->name);
- if (i < lenof(compressions))
+ assert(lenof(compressions) > 1);
+ ssh2_pkt_addstring_str(ssh, s->preferred_comp->name);
+ for (i = 0; i < lenof(compressions); i++) {
+ const struct ssh_compress *c = compressions[i];
+ if (c != s->preferred_comp) {
ssh2_pkt_addstring_str(ssh, ",");
+ ssh2_pkt_addstring_str(ssh, c->name);
+ }
}
/* List client->server languages. Empty list. */
ssh2_pkt_addstring_start(ssh);
int num_prompts, curr_prompt, echo;
char username[100];
int got_username;
- char pwprompt[200];
+ char pwprompt[512];
char password[100];
void *publickey_blob;
int publickey_bloblen;
ssh_pkt_getstring(ssh, &prompt, &prompt_len);
if (prompt_len > 0) {
- strncpy(s->pwprompt, prompt, sizeof(s->pwprompt));
- s->pwprompt[prompt_len < sizeof(s->pwprompt) ?
- prompt_len : sizeof(s->pwprompt)-1] = '\0';
+ static const char trunc[] = "<prompt truncated>: ";
+ static const int prlen = sizeof(s->pwprompt) -
+ lenof(trunc);
+ if (prompt_len > prlen) {
+ memcpy(s->pwprompt, prompt, prlen);
+ strcpy(s->pwprompt + prlen, trunc);
+ } else {
+ memcpy(s->pwprompt, prompt, prompt_len);
+ s->pwprompt[prompt_len] = '\0';
+ }
} else {
strcpy(s->pwprompt,
"<server failed to send prompt>: ");
}
}
if (sport && dport) {
+ /* Set up a description of the source port. */
+ char *sportdesc = dupprintf("%.*s%.*s%.*s%.*s%d%.*s",
+ (int)(*saddr?strlen(saddr):0), *saddr?saddr:NULL,
+ (int)(*saddr?1:0), ":",
+ (int)(sserv ? strlen(sports) : 0), sports,
+ sserv, "(", sport, sserv, ")");
if (type == 'L') {
- pfd_addforward(host, dport, *saddr ? saddr : NULL,
- sport, ssh, &ssh->cfg);
- logeventf(ssh, "Local port %.*s%.*s%.*s%.*s%d%.*s"
- " forwarding to %s:%.*s%.*s%d%.*s",
- (int)(*saddr?strlen(saddr):0), *saddr?saddr:NULL,
- (int)(*saddr?1:0), ":",
- (int)(sserv ? strlen(sports) : 0), sports,
- sserv, "(", sport, sserv, ")",
- host,
- (int)(dserv ? strlen(dports) : 0), dports,
- dserv, "(", dport, dserv, ")");
+ /* Verbose description of the destination port */
+ char *dportdesc = dupprintf("%s:%.*s%.*s%d%.*s",
+ host,
+ (int)(dserv ? strlen(dports) : 0), dports,
+ dserv, "(", dport, dserv, ")");
+ const char *err = pfd_addforward(host, dport,
+ *saddr ? saddr : NULL,
+ sport, ssh, &ssh->cfg);
+ if (err) {
+ logeventf(ssh, "Local port %s forward to %s"
+ " failed: %s", sportdesc, dportdesc, err);
+ } else {
+ logeventf(ssh, "Local port %s forwarding to %s",
+ sportdesc, dportdesc);
+ }
+ sfree(dportdesc);
} else if (type == 'D') {
- pfd_addforward(NULL, -1, *saddr ? saddr : NULL,
- sport, ssh, &ssh->cfg);
- logeventf(ssh, "Local port %.*s%.*s%.*s%.*s%d%.*s"
- " doing SOCKS dynamic forwarding",
- (int)(*saddr?strlen(saddr):0), *saddr?saddr:NULL,
- (int)(*saddr?1:0), ":",
- (int)(sserv ? strlen(sports) : 0), sports,
- sserv, "(", sport, sserv, ")");
+ const char *err = pfd_addforward(NULL, -1,
+ *saddr ? saddr : NULL,
+ sport, ssh, &ssh->cfg);
+ if (err) {
+ logeventf(ssh, "Local port %s SOCKS dynamic forward"
+ " setup failed: %s", sportdesc, err);
+ } else {
+ logeventf(ssh, "Local port %s doing SOCKS"
+ " dynamic forwarding", sportdesc);
+ }
} else {
struct ssh_rportfwd *pf;
pf = snew(struct ssh_rportfwd);
" to %s:%d", host, dport);
sfree(pf);
} else {
- logeventf(ssh, "Requesting remote port "
- "%.*s%.*s%.*s%.*s%d%.*s"
+ logeventf(ssh, "Requesting remote port %s"
" forward to %s:%.*s%.*s%d%.*s",
- (int)(*saddr?strlen(saddr):0),
- *saddr?saddr:NULL,
- (int)(*saddr?1:0), ":",
- (int)(sserv ? strlen(sports) : 0), sports,
- sserv, "(", sport, sserv, ")",
+ sportdesc,
host,
(int)(dserv ? strlen(dports) : 0), dports,
dserv, "(", dport, dserv, ")");
}
}
}
+ sfree(sportdesc);
}
}
}
ssh_pkt_getstring(ssh, &peeraddr, &peeraddrlen);
addrstr = snewn(peeraddrlen+1, char);
memcpy(addrstr, peeraddr, peeraddrlen);
- peeraddr[peeraddrlen] = '\0';
+ addrstr[peeraddrlen] = '\0';
peerport = ssh_pkt_getuint32(ssh);
+ logeventf(ssh, "Received X11 connect request from %s:%d",
+ addrstr, peerport);
+
if (!ssh->X11_fwd_enabled)
error = "X11 forwarding is not enabled";
else if (x11_init(&c->u.x11.s, ssh->cfg.x11_display, c,
&ssh->cfg) != NULL) {
error = "Unable to open an X11 connection";
} else {
+ logevent("Opening X11 forward connection succeeded");
c->type = CHAN_X11;
}
ssh_pkt_getstring(ssh, &peeraddr, &peeraddrlen);
peerport = ssh_pkt_getuint32(ssh);
realpf = find234(ssh->rportfwds, &pf, NULL);
+ logeventf(ssh, "Received remote port %d open request "
+ "from %s:%d", pf.sport, peeraddr, peerport);
if (realpf == NULL) {
error = "Remote port is not recognised";
} else {
realpf->dhost,
realpf->dport, c,
&ssh->cfg);
- logeventf(ssh, "Received remote port open request"
- " for %s:%d", realpf->dhost, realpf->dport);
+ logeventf(ssh, "Attempting to forward remote port to "
+ "%s:%d", realpf->dhost, realpf->dport);
if (e != NULL) {
logeventf(ssh, "Port open failed: %s", e);
error = "Port open failed";
ssh2_pkt_addstring(ssh, error);
ssh2_pkt_addstring(ssh, "en"); /* language tag */
ssh2_pkt_send(ssh);
+ logeventf(ssh, "Rejected channel open: %s", error);
sfree(c);
} else {
c->localid = alloc_channel_id(ssh);
crcda_free_context(ssh->crcda_ctx);
ssh->crcda_ctx = NULL;
}
- if (ssh->logctx) {
- log_free(ssh->logctx);
- ssh->logctx = NULL;
- }
if (ssh->s)
ssh_do_close(ssh);
sfree(ssh);