static void ssh2_pkt_addmp(Ssh, Bignum b);
static int ssh2_pkt_construct(Ssh);
static void ssh2_pkt_send(Ssh);
+static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt);
+static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt);
/*
* Buffer management constants. There are several of these for
* potentially reconfigure port forwardings etc in mid-session.
*/
Config cfg;
+
+ /*
+ * Used to transfer data back from async agent callbacks.
+ */
+ void *agent_response;
+ int agent_response_len;
};
#define logevent(s) logevent(ssh->frontend, s)
/* logevent, only printf-formatted. */
-static void logeventf(Ssh ssh, char *fmt, ...)
+static void logeventf(Ssh ssh, const char *fmt, ...)
{
va_list ap;
char *buf;
if (ssh->cipher)
ssh->cipher->decrypt(ssh->v1_cipher_ctx, ssh->pktin.data, st->biglen);
- st->realcrc = crc32(ssh->pktin.data, st->biglen - 4);
+ st->realcrc = crc32_compute(ssh->pktin.data, st->biglen - 4);
st->gotcrc = GET_32BIT(ssh->pktin.data + st->biglen - 4);
if (st->gotcrc != st->realcrc) {
bombout(("Incorrect CRC received on packet"));
if (ssh->v1_compressing) {
unsigned char *decompblk;
int decomplen;
- zlib_decompress_block(ssh->sc_comp_ctx,
- ssh->pktin.body - 1, ssh->pktin.length + 1,
- &decompblk, &decomplen);
+ if (!zlib_decompress_block(ssh->sc_comp_ctx,
+ ssh->pktin.body - 1, ssh->pktin.length + 1,
+ &decompblk, &decomplen)) {
+ bombout(("Zlib decompression encountered invalid data"));
+ crStop(0);
+ }
if (ssh->pktin.maxlen < st->pad + decomplen) {
ssh->pktin.maxlen = st->pad + decomplen;
for (i = 0; i < pad; i++)
ssh->pktout.data[i + 4] = random_byte();
- crc = crc32(ssh->pktout.data + 4, biglen - 4);
+ crc = crc32_compute(ssh->pktout.data + 4, biglen - 4);
PUT_32BIT(ssh->pktout.data + biglen, crc);
PUT_32BIT(ssh->pktout.data, len);
(ssh->cfg.sshbug_ignore1 == AUTO &&
(!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") ||
!strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") ||
- !strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25")))) {
+ !strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25") ||
+ !strcmp(imp, "OSU_1.4alpha3")))) {
/*
* These versions don't support SSH1_MSG_IGNORE, so we have
* to use a different defence against password length
if (ssh->cfg.sshbug_plainpw1 == FORCE_ON ||
(ssh->cfg.sshbug_plainpw1 == AUTO &&
- (!strcmp(imp, "Cisco-1.25")))) {
+ (!strcmp(imp, "Cisco-1.25") || !strcmp(imp, "OSU_1.4alpha3")))) {
/*
* These versions need a plain password sent; they can't
* handle having a null and a random length of data after
if (ssh->cfg.sshbug_hmac2 == FORCE_ON ||
(ssh->cfg.sshbug_hmac2 == AUTO &&
+ !wc_match("* VShell", imp) &&
(wc_match("2.1.0*", imp) || wc_match("2.0.*", imp) ||
wc_match("2.2.0*", imp) || wc_match("2.3.0*", imp) ||
wc_match("2.1 *", imp)))) {
if (ssh->cfg.sshbug_derivekey2 == FORCE_ON ||
(ssh->cfg.sshbug_derivekey2 == AUTO &&
+ !wc_match("* VShell", imp) &&
(wc_match("2.0.0*", imp) || wc_match("2.0.10*", imp) ))) {
/*
* These versions have the key-derivation bug (failing to
* Now we must shut down any port and X forwardings going
* through this connection.
*/
- for (i = 0; NULL != (c = index234(ssh->channels, i)); i++) {
- switch (c->type) {
- case CHAN_X11:
- x11_close(c->u.x11.s);
- break;
- case CHAN_SOCKDATA:
- pfd_close(c->u.pfd.s);
- break;
+ if (ssh->channels) {
+ for (i = 0; NULL != (c = index234(ssh->channels, i)); i++) {
+ switch (c->type) {
+ case CHAN_X11:
+ x11_close(c->u.x11.s);
+ break;
+ case CHAN_SOCKDATA:
+ pfd_close(c->u.pfd.s);
+ break;
+ }
+ del234(ssh->channels, c);
+ if (ssh->version == 2)
+ bufchain_clear(&c->v.v2.outbuffer);
+ sfree(c);
}
- del234(ssh->channels, c);
- if (ssh->version == 2)
- bufchain_clear(&c->v.v2.outbuffer);
- sfree(c);
}
}
-static int ssh_closing(Plug plug, char *error_msg, int error_code,
+static int ssh_closing(Plug plug, const char *error_msg, int error_code,
int calling_back)
{
Ssh ssh = (Ssh) plug;
if (error_msg) {
/* A socket error has occurred. */
logevent(error_msg);
- connection_fatal(ssh->frontend, error_msg);
+ connection_fatal(ssh->frontend, "%s", error_msg);
} else {
/* Otherwise, the remote side closed the connection normally. */
}
* Also places the canonical host name into `realhost'. It must be
* freed by the caller.
*/
-static char *connect_to_host(Ssh ssh, char *host, int port,
- char **realhost, int nodelay)
+static const char *connect_to_host(Ssh ssh, char *host, int port,
+ char **realhost, int nodelay)
{
static const struct plug_function_table fn_table = {
ssh_closing,
};
SockAddr addr;
- char *err;
+ const char *err;
ssh->savedhost = snewn(1 + strlen(host), char);
if (!ssh->savedhost)
*/
logeventf(ssh, "Looking up host \"%s\"", host);
addr = name_lookup(host, port, realhost, &ssh->cfg);
- if ((err = sk_addr_error(addr)) != NULL)
+ if ((err = sk_addr_error(addr)) != NULL) {
+ sk_addr_free(addr);
return err;
+ }
/*
* Open socket.
return 0;
}
+static void ssh_agent_callback(void *sshv, void *reply, int replylen)
+{
+ Ssh ssh = (Ssh) sshv;
+
+ ssh->agent_response = reply;
+ ssh->agent_response_len = replylen;
+
+ if (ssh->version == 1)
+ do_ssh1_login(ssh, NULL, -1, 0);
+ else
+ do_ssh2_authconn(ssh, NULL, -1, 0);
+}
+
+static void ssh_agentf_callback(void *cv, void *reply, int replylen)
+{
+ struct ssh_channel *c = (struct ssh_channel *)cv;
+ Ssh ssh = c->ssh;
+ void *sentreply = reply;
+
+ if (!sentreply) {
+ /* Fake SSH_AGENT_FAILURE. */
+ sentreply = "\0\0\0\1\5";
+ replylen = 5;
+ }
+ if (ssh->version == 2) {
+ ssh2_add_channel_data(c, sentreply, replylen);
+ ssh2_try_send(c);
+ } else {
+ send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
+ PKT_INT, c->remoteid,
+ PKT_INT, replylen,
+ PKT_DATA, sentreply, replylen,
+ PKT_END);
+ }
+ if (reply)
+ sfree(reply);
+}
+
/*
* Handle the key exchange and user authentication phases.
*/
/* Request the keys held by the agent. */
PUT_32BIT(s->request, 1);
s->request[4] = SSH1_AGENTC_REQUEST_RSA_IDENTITIES;
- agent_query(s->request, 5, &r, &s->responselen);
+ if (!agent_query(s->request, 5, &r, &s->responselen,
+ ssh_agent_callback, ssh)) {
+ do {
+ crReturn(0);
+ if (ispkt) {
+ bombout(("Unexpected data from server while waiting"
+ " for agent response"));
+ crStop(0);
+ }
+ } while (ispkt || inlen > 0);
+ r = ssh->agent_response;
+ s->responselen = ssh->agent_response_len;
+ }
s->response = (unsigned char *) r;
if (s->response && s->responselen >= 5 &&
s->response[4] == SSH1_AGENT_RSA_IDENTITIES_ANSWER) {
memcpy(q, s->session_id, 16);
q += 16;
PUT_32BIT(q, 1); /* response format */
- agent_query(agentreq, len + 4, &vret, &retlen);
+ if (!agent_query(agentreq, len + 4, &vret, &retlen,
+ ssh_agent_callback, ssh)) {
+ sfree(agentreq);
+ do {
+ crReturn(0);
+ if (ispkt) {
+ bombout(("Unexpected data from server"
+ " while waiting for agent"
+ " response"));
+ crStop(0);
+ }
+ } while (ispkt || inlen > 0);
+ vret = ssh->agent_response;
+ retlen = ssh->agent_response_len;
+ } else
+ sfree(agentreq);
ret = vret;
- sfree(agentreq);
if (ret) {
if (ret[4] == SSH1_AGENT_RSA_RESPONSE) {
logevent("Sending Pageant's response");
struct ssh_rportfwd pf;
int hostsize, port;
char host[256], buf[1024];
- char *p, *h, *e;
+ char *p, *h;
+ const char *e;
c = snew(struct ssh_channel);
c->ssh = ssh;
c->u.a.lensofar += l;
}
if (c->u.a.lensofar == c->u.a.totallen) {
- void *reply, *sentreply;
+ void *reply;
int replylen;
- agent_query(c->u.a.message,
- c->u.a.totallen, &reply,
- &replylen);
- if (reply)
- sentreply = reply;
- else {
- /* Fake SSH_AGENT_FAILURE. */
- sentreply = "\0\0\0\1\5";
- replylen = 5;
- }
- send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
- PKT_INT, c->remoteid,
- PKT_INT, replylen,
- PKT_DATA, sentreply, replylen,
- PKT_END);
- if (reply)
- sfree(reply);
+ if (agent_query(c->u.a.message,
+ c->u.a.totallen,
+ &reply, &replylen,
+ ssh_agentf_callback, c))
+ ssh_agentf_callback(c, reply, replylen);
sfree(c->u.a.message);
c->u.a.lensofar = 0;
}
/* Request the keys held by the agent. */
PUT_32BIT(s->request, 1);
s->request[4] = SSH2_AGENTC_REQUEST_IDENTITIES;
- agent_query(s->request, 5, &r, &s->responselen);
+ if (!agent_query(s->request, 5, &r, &s->responselen,
+ ssh_agent_callback, ssh)) {
+ do {
+ crReturnV;
+ if (ispkt) {
+ bombout(("Unexpected data from server while"
+ " waiting for agent response"));
+ crStopV;
+ }
+ } while (ispkt || inlen > 0);
+ r = ssh->agent_response;
+ s->responselen = ssh->agent_response_len;
+ }
s->response = (unsigned char *) r;
if (s->response && s->responselen >= 5 &&
s->response[4] == SSH2_AGENT_IDENTITIES_ANSWER) {
s->q += ssh->pktout.length - 5;
/* And finally the (zero) flags word. */
PUT_32BIT(s->q, 0);
- agent_query(s->agentreq, s->len + 4, &vret, &s->retlen);
+ if (!agent_query(s->agentreq, s->len + 4,
+ &vret, &s->retlen,
+ ssh_agent_callback, ssh)) {
+ do {
+ crReturnV;
+ if (ispkt) {
+ bombout(("Unexpected data from server"
+ " while waiting for agent"
+ " response"));
+ crStopV;
+ }
+ } while (ispkt || inlen > 0);
+ vret = ssh->agent_response;
+ s->retlen = ssh->agent_response_len;
+ }
s->ret = vret;
sfree(s->agentreq);
if (s->ret) {
c->u.a.lensofar += l;
}
if (c->u.a.lensofar == c->u.a.totallen) {
- void *reply, *sentreply;
+ void *reply;
int replylen;
- agent_query(c->u.a.message,
- c->u.a.totallen, &reply,
- &replylen);
- if (reply)
- sentreply = reply;
- else {
- /* Fake SSH_AGENT_FAILURE. */
- sentreply = "\0\0\0\1\5";
- replylen = 5;
- }
- ssh2_add_channel_data(c, sentreply, replylen);
- s->try_send = TRUE;
- if (reply)
- sfree(reply);
+ if (agent_query(c->u.a.message,
+ c->u.a.totallen,
+ &reply, &replylen,
+ ssh_agentf_callback, c))
+ ssh_agentf_callback(c, reply, replylen);
sfree(c->u.a.message);
c->u.a.lensofar = 0;
}
if (realpf == NULL) {
error = "Remote port is not recognised";
} else {
- char *e = pfd_newconnect(&c->u.pfd.s, realpf->dhost,
- realpf->dport, c, &ssh->cfg);
+ const char *e = pfd_newconnect(&c->u.pfd.s,
+ realpf->dhost,
+ realpf->dport, c,
+ &ssh->cfg);
logeventf(ssh, "Received remote port open request"
" for %s:%d", realpf->dhost, realpf->dport);
if (e != NULL) {
*
* Returns an error message, or NULL on success.
*/
-static char *ssh_init(void *frontend_handle, void **backend_handle,
- Config *cfg,
- char *host, int port, char **realhost, int nodelay)
+static const char *ssh_init(void *frontend_handle, void **backend_handle,
+ Config *cfg,
+ char *host, int port, char **realhost, int nodelay)
{
- char *p;
+ const char *p;
Ssh ssh;
ssh = snew(struct ssh_tag);
projects / u / mdw / putty / blobdiff