projects
/
u
/
mdw
/
putty
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add the CRC32 compensation attack detector that all other SSH
[u/mdw/putty]
/
ssh.c
diff --git
a/ssh.c
b/ssh.c
index
e0fed88
..
b8abc5b
100644
(file)
--- a/
ssh.c
+++ b/
ssh.c
@@
-724,6
+724,11
@@
static int ssh1_rdpkt(unsigned char **data, int *datalen)
st->to_read -= st->chunk;
}
st->to_read -= st->chunk;
}
+ if (cipher && detect_attack(pktin.data, st->biglen, NULL)) {
+ bombout(("Network attack (CRC compensation) detected!"));
+ crReturn(0);
+ }
+
if (cipher)
cipher->decrypt(pktin.data, st->biglen);
if (cipher)
cipher->decrypt(pktin.data, st->biglen);
@@
-1854,11
+1859,13
@@
static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
struct RSAKey servkey, hostkey;
struct MD5Context md5c;
static unsigned long supported_ciphers_mask, supported_auths_mask;
struct RSAKey servkey, hostkey;
struct MD5Context md5c;
static unsigned long supported_ciphers_mask, supported_auths_mask;
- static int tried_publickey;
+ static int tried_publickey
, tried_agent
;
static int tis_auth_refused, ccard_auth_refused;
static unsigned char session_id[16];
static int cipher_type;
static char username[100];
static int tis_auth_refused, ccard_auth_refused;
static unsigned char session_id[16];
static int cipher_type;
static char username[100];
+ static void *publickey_blob;
+ int publickey_bloblen;
crBegin;
crBegin;
@@
-2103,8
+2110,14
@@
static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
crWaitUntil(ispkt);
crWaitUntil(ispkt);
- tried_publickey = 0;
+ tried_publickey =
tried_agent =
0;
tis_auth_refused = ccard_auth_refused = 0;
tis_auth_refused = ccard_auth_refused = 0;
+ /* Load the public half of cfg.keyfile so we notice if it's in Pageant */
+ if (*cfg.keyfile) {
+ if (!rsakey_pubblob(cfg.keyfile, &publickey_blob, &publickey_bloblen))
+ publickey_blob = NULL;
+ } else
+ publickey_blob = NULL;
while (pktin.type == SSH1_SMSG_FAILURE) {
static char password[100];
while (pktin.type == SSH1_SMSG_FAILURE) {
static char password[100];
@@
-2114,7
+2127,7
@@
static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
static int pwpkt_type;
pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
static int pwpkt_type;
pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
- if (agent_exists()) {
+ if (agent_exists()
&& !tried_agent
) {
/*
* Attempt RSA authentication using Pageant.
*/
/*
* Attempt RSA authentication using Pageant.
*/
@@
-2124,6
+2137,7
@@
static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
static int authed = FALSE;
void *r;
static int authed = FALSE;
void *r;
+ tried_agent = 1;
logevent("Pageant is running. Requesting keys.");
/* Request the keys held by the agent. */
logevent("Pageant is running. Requesting keys.");
/* Request the keys held by the agent. */
@@
-2152,6
+2166,11
@@
static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
sprintf(buf, "Trying Pageant key #%d", i);
logevent(buf);
}
sprintf(buf, "Trying Pageant key #%d", i);
logevent(buf);
}
+ if (publickey_blob &&
+ !memcmp(p, publickey_blob, publickey_bloblen)) {
+ logevent("This key matches configured key file");
+ tried_publickey = 1;
+ }
p += 4;
p += ssh1_read_bignum(p, &key.exponent);
p += ssh1_read_bignum(p, &key.modulus);
p += 4;
p += ssh1_read_bignum(p, &key.exponent);
p += ssh1_read_bignum(p, &key.modulus);
@@
-3751,6
+3770,8
@@
static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
static char username[100];
static char pwprompt[200];
static char password[100];
static char username[100];
static char pwprompt[200];
static char password[100];
+ static void *publickey_blob;
+ static int publickey_bloblen;
crBegin;
crBegin;
@@
-3891,6
+3912,12
@@
static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
tried_agent = FALSE;
tried_keyb_inter = FALSE;
kbd_inter_running = FALSE;
tried_agent = FALSE;
tried_keyb_inter = FALSE;
kbd_inter_running = FALSE;
+ /* Load the pub half of cfg.keyfile so we notice if it's in Pageant */
+ if (*cfg.keyfile) {
+ publickey_blob = ssh2_userkey_loadpub(cfg.keyfile, NULL,
+ &publickey_bloblen);
+ } else
+ publickey_blob = NULL;
while (1) {
/*
while (1) {
/*
@@
-4046,6
+4073,12
@@
static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
}
pklen = GET_32BIT(p);
p += 4;
}
pklen = GET_32BIT(p);
p += 4;
+ if (publickey_blob &&
+ pklen == publickey_bloblen &&
+ !memcmp(p, publickey_blob, publickey_bloblen)) {
+ logevent("This key matches configured key file");
+ tried_pubkey_config = 1;
+ }
pkblob = p;
p += pklen;
alglen = GET_32BIT(pkblob);
pkblob = p;
p += pklen;
alglen = GET_32BIT(pkblob);