st->to_read -= st->chunk;
}
+ if (cipher && detect_attack(pktin.data, st->biglen, NULL)) {
+ bombout(("Network attack (CRC compensation) detected!"));
+ crReturn(0);
+ }
+
if (cipher)
cipher->decrypt(pktin.data, st->biglen);
struct RSAKey servkey, hostkey;
struct MD5Context md5c;
static unsigned long supported_ciphers_mask, supported_auths_mask;
- static int tried_publickey;
+ static int tried_publickey, tried_agent;
static int tis_auth_refused, ccard_auth_refused;
static unsigned char session_id[16];
static int cipher_type;
crWaitUntil(ispkt);
- tried_publickey = 0;
+ tried_publickey = tried_agent = 0;
tis_auth_refused = ccard_auth_refused = 0;
/* Load the public half of cfg.keyfile so we notice if it's in Pageant */
if (*cfg.keyfile) {
static int pwpkt_type;
pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
- if (agent_exists()) {
+ if (agent_exists() && !tried_agent) {
/*
* Attempt RSA authentication using Pageant.
*/
static int authed = FALSE;
void *r;
+ tried_agent = 1;
logevent("Pageant is running. Requesting keys.");
/* Request the keys held by the agent. */
*/
static void ssh2_set_window(struct ssh_channel *c, unsigned newwin)
{
+ /*
+ * Never send WINDOW_ADJUST for a channel that the remote side
+ * already thinks it's closed; there's no point, since it won't
+ * be sending any more data anyway.
+ */
+ if (c->closes != 0)
+ return;
+
if (newwin > c->v.v2.locwindow) {
ssh2_pkt_init(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
ssh2_pkt_adduint32(c->remoteid);
ssh2_pkt_send();
}
}
+ } else if (pktin.type == SSH2_MSG_GLOBAL_REQUEST) {
+ char *type;
+ int typelen, want_reply;
+
+ ssh2_pkt_getstring(&type, &typelen);
+ want_reply = ssh2_pkt_getbool();
+
+ /*
+ * We currently don't support any global requests
+ * at all, so we either ignore the request or
+ * respond with REQUEST_FAILURE, depending on
+ * want_reply.
+ */
+ if (want_reply) {
+ ssh2_pkt_init(SSH2_MSG_REQUEST_FAILURE);
+ ssh2_pkt_send();
+ }
} else if (pktin.type == SSH2_MSG_CHANNEL_OPEN) {
char *type;
int typelen;