X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/3d63ca2ea3f917bf24a6c0a6e4dae5357bcf5dd6..e6f8202f682fa90aa3c7b645e6d7e80bed5c176c:/ssh.c?ds=sidebyside

diff --git a/ssh.c b/ssh.c
index 01c5caa1..d03de083 100644
--- a/ssh.c
+++ b/ssh.c
@@ -168,6 +168,7 @@ static const char *const ssh2_disconnect_reasons[] = {
 #define BUG_CHOKES_ON_SSH1_IGNORE                 1
 #define BUG_SSH2_HMAC                             2
 #define BUG_NEEDS_SSH1_PLAIN_PASSWORD        	  4
+#define BUG_CHOKES_ON_RSA	        	  8
 
 static int ssh_pkt_ctx = 0;
 
@@ -1590,6 +1591,16 @@ static void ssh_detect_bugs(char *vstring)
 	logevent("We believe remote version needs a plain SSH1 password");
     }
 
+    if (!strcmp(imp, "Cisco-1.25")) {
+	/*
+	 * These versions apparently have no clue whatever about
+	 * RSA authentication and will panic and die if they see
+	 * an AUTH_RSA message.
+	 */
+	ssh_remote_bugs |= BUG_CHOKES_ON_RSA;
+	logevent("We believe remote version can't handle RSA authentication");
+    }
+
     if (!strncmp(imp, "2.1.0", 5) || !strncmp(imp, "2.0.", 4) ||
 	!strncmp(imp, "2.2.0", 5) || !strncmp(imp, "2.3.0", 5) ||
 	!strncmp(imp, "2.1 ", 4)) {
@@ -1862,8 +1873,10 @@ static char *connect_to_host(char *host, int port, char **realhost, int nodelay)
 	logevent(buf);
     }
     s = sk_new(addr, port, 0, 1, nodelay, &fn_table_ptr);
-    if ((err = sk_socket_error(s)))
+    if ((err = sk_socket_error(s))) {
+	s = NULL;
 	return err;
+    }
 
 #ifdef FWHACK
     sk_write(s, "connect ", 8);
@@ -2155,8 +2168,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 			    break;
 			  case 3:
 			  case 4:
-			    random_save_seed();
-			    exit(0);
+			    cleanup_exit(0);
 			    break;
 			  default:
 			    if (((c >= ' ' && c <= '~') ||
@@ -2191,7 +2203,12 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 
     crWaitUntil(ispkt);
 
-    tried_publickey = tried_agent = 0;
+    if ((ssh_remote_bugs & BUG_CHOKES_ON_RSA)) {
+	/* We must not attempt PK auth. Pretend we've already tried it. */
+	tried_publickey = tried_agent = 1;
+    } else {
+	tried_publickey = tried_agent = 0;
+    }
     tis_auth_refused = ccard_auth_refused = 0;
     /* Load the public half of cfg.keyfile so we notice if it's in Pageant */
     if (*cfg.keyfile) {
@@ -2456,8 +2473,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 			break;
 		      case 3:
 		      case 4:
-			random_save_seed();
-			exit(0);
+			cleanup_exit(0);
 			break;
 		      default:
 			if (pos < sizeof(password)-1)
@@ -3955,8 +3971,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 			    break;
 			  case 3:
 			  case 4:
-			    random_save_seed();
-			    exit(0);
+			    cleanup_exit(0);
 			    break;
 			  default:
 			    if (((c >= ' ' && c <= '~') ||
@@ -4434,8 +4449,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 				break;
 			      case 3:
 			      case 4:
-				random_save_seed();
-				exit(0);
+				cleanup_exit(0);
 				break;
 			      default:
 				if (pos < sizeof(password)-1)