X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/0405e71f25335f47635d29b5a9d9b815191e6586..70cd2027d47923b19665b4b1e31f462ec63f8c57:/ssh.c diff --git a/ssh.c b/ssh.c index 0edaf932..19c93df4 100644 --- a/ssh.c +++ b/ssh.c @@ -182,6 +182,7 @@ static const char *const ssh2_disconnect_reasons[] = { #define BUG_NEEDS_SSH1_PLAIN_PASSWORD 4 #define BUG_CHOKES_ON_RSA 8 #define BUG_SSH2_RSA_PADDING 16 +#define BUG_SSH2_DERIVEKEY 32 static int ssh_pkt_ctx = 0; @@ -885,6 +886,15 @@ static int ssh2_rdpkt(unsigned char **data, int *datalen) st->pad = pktin.data[4]; /* + * _Completely_ silly lengths should be stomped on before they + * do us any more damage. + */ + if (st->len < 0 || st->pad < 0 || st->len + st->pad < 0) { + bombout(("Incoming packet was garbled on decryption")); + crReturn(0); + } + + /* * This enables us to deduce the payload length. */ st->payload = st->len - st->pad - 1; @@ -1692,6 +1702,16 @@ static void ssh_detect_bugs(char *vstring) logevent("We believe remote version has SSH2 HMAC bug"); } + if (!strncmp(imp, "2.0.", 4)) { + /* + * These versions have the key-derivation bug (failing to + * include the literal shared secret in the hashes that + * generate the keys). + */ + ssh_remote_bugs |= BUG_SSH2_DERIVEKEY; + logevent("We believe remote version has SSH2 key-derivation bug"); + } + if ((!strncmp(imp, "OpenSSH_2.", 10) && imp[10]>='5' && imp[10]<='9') || (!strncmp(imp, "OpenSSH_3.", 10) && imp[10]>='0' && imp[10]<='2')) { /* @@ -3488,14 +3508,16 @@ static void ssh2_mkkey(Bignum K, char *H, char *sessid, char chr, SHA_State s; /* First 20 bytes. */ SHA_Init(&s); - sha_mpint(&s, K); + if (!(ssh_remote_bugs & BUG_SSH2_DERIVEKEY)) + sha_mpint(&s, K); SHA_Bytes(&s, H, 20); SHA_Bytes(&s, &chr, 1); SHA_Bytes(&s, sessid, 20); SHA_Final(&s, keyspace); /* Next 20 bytes. */ SHA_Init(&s); - sha_mpint(&s, K); + if (!(ssh_remote_bugs & BUG_SSH2_DERIVEKEY)) + sha_mpint(&s, K); SHA_Bytes(&s, H, 20); SHA_Bytes(&s, keyspace, 20); SHA_Final(&s, keyspace + 20);