X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/7555d6a50b05d96de39b5e95cf11a8f05f0c4fd9..76a3e871f16ade91d573945193070afaa65fc6c7:/ssh.c diff --git a/ssh.c b/ssh.c index e693fb6a..fc20bec1 100644 --- a/ssh.c +++ b/ssh.c @@ -436,6 +436,8 @@ struct ssh_channel { Ssh ssh; /* pointer back to main context */ unsigned remoteid, localid; int type; + /* True if we opened this channel but server hasn't confirmed. */ + int halfopen; /* * In SSH1, this value contains four bits: * @@ -533,6 +535,7 @@ struct ssh_portfwd { struct Packet { long length; + long forcepad; /* Force padding to at least this length */ int type; unsigned long sequence; unsigned char *data; @@ -549,9 +552,9 @@ struct Packet { struct logblank_t *blanks; }; -static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, +static void ssh1_protocol(Ssh ssh, void *vin, int inlen, struct Packet *pktin); -static void ssh2_protocol(Ssh ssh, unsigned char *in, int inlen, +static void ssh2_protocol(Ssh ssh, void *vin, int inlen, struct Packet *pktin); static void ssh1_protocol_setup(Ssh ssh); static void ssh2_protocol_setup(Ssh ssh); @@ -567,7 +570,7 @@ static unsigned long ssh_pkt_getuint32(struct Packet *pkt); static int ssh2_pkt_getbool(struct Packet *pkt); static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length); static void ssh2_timer(void *ctx, long now); -static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, +static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, struct Packet *pktin); struct rdpkt1_state_tag { @@ -688,7 +691,7 @@ struct ssh_tag { int overall_bufsize; int throttled_all; int v1_stdout_throttling; - int v2_outgoing_sequence; + unsigned long v2_outgoing_sequence; int ssh1_rdpkt_crstate; int ssh2_rdpkt_crstate; @@ -710,7 +713,7 @@ struct ssh_tag { /* ssh1 and ssh2 use this for different things, but both use it */ int protocol_initial_phase_done; - void (*protocol) (Ssh ssh, unsigned char *in, int inlen, + void (*protocol) (Ssh ssh, void *vin, int inlen, struct Packet *pkt); struct Packet *(*s_rdpkt) (Ssh ssh, unsigned char **data, int *datalen); @@ -1572,6 +1575,7 @@ static struct Packet *ssh2_pkt_init(int pkt_type) { struct Packet *pkt = ssh_new_packet(); pkt->length = 5; + pkt->forcepad = 0; ssh2_pkt_addbyte(pkt, (unsigned char) pkt_type); return pkt; } @@ -1668,12 +1672,17 @@ static int ssh2_pkt_construct(Ssh ssh, struct Packet *pkt) /* * Add padding. At least four bytes, and must also bring total * length (minus MAC) up to a multiple of the block size. + * If pkt->forcepad is set, make sure the packet is at least that size + * after padding. */ cipherblk = ssh->cscipher ? ssh->cscipher->blksize : 8; /* block size */ cipherblk = cipherblk < 8 ? 8 : cipherblk; /* or 8 if blksize < 8 */ padding = 4; + if (pkt->length + padding < pkt->forcepad) + padding = pkt->forcepad - pkt->length; padding += (cipherblk - (pkt->length + padding) % cipherblk) % cipherblk; + assert(padding <= 255); maclen = ssh->csmac ? ssh->csmac->len : 0; ssh2_pkt_ensure(pkt, pkt->length + padding + maclen); pkt->data[4] = padding; @@ -1791,6 +1800,7 @@ static void ssh2_pkt_send(Ssh ssh, struct Packet *pkt) ssh2_pkt_send_noqueue(ssh, pkt); } +#if 0 /* disused */ /* * Either queue or defer a packet, depending on whether queueing is * set. @@ -1802,6 +1812,7 @@ static void ssh2_pkt_defer(Ssh ssh, struct Packet *pkt) else ssh2_pkt_defer_noqueue(ssh, pkt); } +#endif /* * Send the whole deferred data block constructed by @@ -2236,13 +2247,7 @@ static int do_ssh_init(Ssh ssh, unsigned char c) s->vstring[s->vslen] = 0; s->vstring[strcspn(s->vstring, "\015\012")] = '\0';/* remove EOL chars */ - { - char *vlog; - vlog = snewn(20 + s->vslen, char); - sprintf(vlog, "Server version: %s", s->vstring); - logevent(vlog); - sfree(vlog); - } + logeventf(ssh, "Server version: %s", s->vstring); ssh_detect_bugs(ssh, s->vstring); /* @@ -2422,6 +2427,7 @@ static void ssh_log(Plug plug, int type, SockAddr addr, int port, msg = dupprintf("Failed to connect to %s: %s", addrbuf, error_msg); logevent(msg); + sfree(msg); } static int ssh_closing(Plug plug, const char *error_msg, int error_code, @@ -3036,17 +3042,9 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, s->p = s->response + 5; s->nkeys = GET_32BIT(s->p); s->p += 4; - { - char buf[64]; - sprintf(buf, "Pageant has %d SSH1 keys", s->nkeys); - logevent(buf); - } + logeventf(ssh, "Pageant has %d SSH1 keys", s->nkeys); for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) { - { - char buf[64]; - sprintf(buf, "Trying Pageant key #%d", s->keyi); - logevent(buf); - } + logeventf(ssh, "Trying Pageant key #%d", s->keyi); if (s->publickey_blob && !memcmp(s->p, s->publickey_blob, s->publickey_bloblen)) { @@ -3255,18 +3253,18 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, if (s->pwpkt_type == SSH1_CMSG_AUTH_RSA) { char *comment = NULL; int type; - char msgbuf[256]; if (flags & FLAG_VERBOSE) c_write_str(ssh, "Trying public key authentication.\r\n"); logeventf(ssh, "Trying public key \"%s\"", filename_to_str(&ssh->cfg.keyfile)); type = key_type(&ssh->cfg.keyfile); if (type != SSH_KEYTYPE_SSH1) { - sprintf(msgbuf, "Key is of wrong type (%s)", - key_type_to_str(type)); - logevent(msgbuf); - c_write_str(ssh, msgbuf); + char *msg = dupprintf("Key is of wrong type (%s)", + key_type_to_str(type)); + logevent(msg); + c_write_str(ssh, msg); c_write_str(ssh, "\r\n"); + sfree(msg); s->tried_publickey = 1; continue; } @@ -3556,13 +3554,13 @@ void sshfwd_close(struct ssh_channel *c) if (c && !c->closes) { /* - * If the channel's remoteid is -1, we have sent + * If halfopen is true, we have sent * CHANNEL_OPEN for this channel, but it hasn't even been * acknowledged by the server. So we must set a close flag * on it now, and then when the server acks the channel * open, we can close it then. */ - if (((int)c->remoteid) != -1) { + if (!c->halfopen) { if (ssh->version == 1) { send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid, PKT_END); @@ -3810,6 +3808,8 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg) } } else { while (*portfwd_strptr) portfwd_strptr++; + host[0] = 0; + dports[0] = 0; dport = dserv = -1; portfwd_strptr++; /* eat the NUL and move to next one */ } @@ -3905,6 +3905,9 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg) if (epf->saddr) { ssh2_pkt_addstring(pktout, epf->saddr); } else if (ssh->cfg.rport_acceptall) { + /* XXX: ssh->cfg.rport_acceptall may not represent + * what was used to open the original connection, + * since it's reconfigurable. */ ssh2_pkt_addstring(pktout, "0.0.0.0"); } else { ssh2_pkt_addstring(pktout, "127.0.0.1"); @@ -3951,7 +3954,7 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg) if (epf->type == 'L') { const char *err = pfd_addforward(epf->daddr, epf->dport, epf->saddr, epf->sport, - ssh, &ssh->cfg, + ssh, cfg, &epf->local, epf->addressfamily); @@ -3963,7 +3966,7 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg) } else if (epf->type == 'D') { const char *err = pfd_addforward(NULL, -1, epf->saddr, epf->sport, - ssh, &ssh->cfg, + ssh, cfg, &epf->local, epf->addressfamily); @@ -4019,7 +4022,7 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg) ssh2_pkt_addbool(pktout, 1);/* want reply */ if (epf->saddr) { ssh2_pkt_addstring(pktout, epf->saddr); - } else if (ssh->cfg.rport_acceptall) { + } else if (cfg->rport_acceptall) { ssh2_pkt_addstring(pktout, "0.0.0.0"); } else { ssh2_pkt_addstring(pktout, "127.0.0.1"); @@ -4084,6 +4087,7 @@ static void ssh1_smsg_x11_open(Ssh ssh, struct Packet *pktin) logevent ("Opening X11 forward connection succeeded"); c->remoteid = remoteid; + c->halfopen = FALSE; c->localid = alloc_channel_id(ssh); c->closes = 0; c->v.v1.throttling = 0; @@ -4112,6 +4116,7 @@ static void ssh1_smsg_agent_open(Ssh ssh, struct Packet *pktin) c = snew(struct ssh_channel); c->ssh = ssh; c->remoteid = remoteid; + c->halfopen = FALSE; c->localid = alloc_channel_id(ssh); c->closes = 0; c->v.v1.throttling = 0; @@ -4132,7 +4137,7 @@ static void ssh1_msg_port_open(Ssh ssh, struct Packet *pktin) struct ssh_rportfwd pf, *pfp; int remoteid; int hostsize, port; - char *host, buf[1024]; + char *host; const char *e; c = snew(struct ssh_channel); c->ssh = ssh; @@ -4149,26 +4154,23 @@ static void ssh1_msg_port_open(Ssh ssh, struct Packet *pktin) pfp = find234(ssh->rportfwds, &pf, NULL); if (pfp == NULL) { - sprintf(buf, "Rejected remote port open request for %s:%d", - pf.dhost, port); - logevent(buf); + logeventf(ssh, "Rejected remote port open request for %s:%d", + pf.dhost, port); send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE, PKT_INT, remoteid, PKT_END); } else { - sprintf(buf, "Received remote port open request for %s:%d", - pf.dhost, port); - logevent(buf); + logeventf(ssh, "Received remote port open request for %s:%d", + pf.dhost, port); e = pfd_newconnect(&c->u.pfd.s, pf.dhost, port, c, &ssh->cfg, pfp->pfrec->addressfamily); if (e != NULL) { - char buf[256]; - sprintf(buf, "Port open failed: %s", e); - logevent(buf); + logeventf(ssh, "Port open failed: %s", e); sfree(c); send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE, PKT_INT, remoteid, PKT_END); } else { c->remoteid = remoteid; + c->halfopen = FALSE; c->localid = alloc_channel_id(ssh); c->closes = 0; c->v.v1.throttling = 0; @@ -4191,6 +4193,7 @@ static void ssh1_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin) c = find234(ssh->channels, &remoteid, ssh_channelfind); if (c && c->type == CHAN_SOCKDATA_DORMANT) { c->remoteid = localid; + c->halfopen = FALSE; c->type = CHAN_SOCKDATA; c->v.v1.throttling = 0; pfd_confirm(c->u.pfd.s); @@ -4228,7 +4231,7 @@ static void ssh1_msg_channel_close(Ssh ssh, struct Packet *pktin) unsigned i = ssh_pkt_getuint32(pktin); struct ssh_channel *c; c = find234(ssh->channels, &i, ssh_channelfind); - if (c && ((int)c->remoteid) != -1) { + if (c && !c->halfopen) { int closetype; closetype = (pktin->type == SSH1_MSG_CHANNEL_CLOSE ? 1 : 2); @@ -4270,7 +4273,7 @@ static void ssh1_msg_channel_data(Ssh ssh, struct Packet *pktin) /* Data sent down one of our channels. */ int i = ssh_pkt_getuint32(pktin); char *p; - unsigned int len; + int len; struct ssh_channel *c; ssh_pkt_getstring(pktin, &p, &len); @@ -4337,11 +4340,8 @@ static void ssh1_msg_channel_data(Ssh ssh, struct Packet *pktin) static void ssh1_smsg_exit_status(Ssh ssh, struct Packet *pktin) { - char buf[100]; ssh->exitcode = ssh_pkt_getuint32(pktin); - sprintf(buf, "Server sent command exit status %d", - ssh->exitcode); - logevent(buf); + logeventf(ssh, "Server sent command exit status %d", ssh->exitcode); send_packet(ssh, SSH1_CMSG_EXIT_CONFIRMATION, PKT_END); /* * In case `helpful' firewalls or proxies tack @@ -4548,13 +4548,11 @@ static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen, */ static void ssh1_msg_debug(Ssh ssh, struct Packet *pktin) { - char *buf, *msg; + char *msg; int msglen; ssh_pkt_getstring(pktin, &msg, &msglen); - buf = dupprintf("Remote debug message: %.*s", msglen, msg); - logevent(buf); - sfree(buf); + logeventf(ssh, "Remote debug message: %.*s", msglen, msg); } static void ssh1_msg_disconnect(Ssh ssh, struct Packet *pktin) @@ -4567,7 +4565,7 @@ static void ssh1_msg_disconnect(Ssh ssh, struct Packet *pktin) bombout(("Server sent disconnect message:\n\"%.*s\"", msglen, msg)); } -void ssh_msg_ignore(Ssh ssh, struct Packet *pktin) +static void ssh_msg_ignore(Ssh ssh, struct Packet *pktin) { /* Do nothing, because we're ignoring it! Duhh. */ } @@ -4590,9 +4588,10 @@ static void ssh1_protocol_setup(Ssh ssh) ssh->packet_dispatch[SSH1_MSG_DEBUG] = ssh1_msg_debug; } -static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, +static void ssh1_protocol(Ssh ssh, void *vin, int inlen, struct Packet *pktin) { + unsigned char *in=(unsigned char*)vin; if (ssh->state == SSH_STATE_CLOSED) return; @@ -4643,6 +4642,28 @@ static int in_commasep_string(char *needle, char *haystack, int haylen) } /* + * Similar routine for checking whether we have the first string in a list. + */ +static int first_in_commasep_string(char *needle, char *haystack, int haylen) +{ + int needlen; + if (!needle || !haystack) /* protect against null pointers */ + return 0; + needlen = strlen(needle); + /* + * Is it at the start of the string? + */ + if (haylen >= needlen && /* haystack is long enough */ + !memcmp(needle, haystack, needlen) && /* initial match */ + (haylen == needlen || haystack[needlen] == ',') + /* either , or EOS follows */ + ) + return 1; + return 0; +} + + +/* * SSH2 key creation method. */ static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H, @@ -4670,9 +4691,10 @@ static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H, /* * Handle the SSH2 transport layer. */ -static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, +static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, struct Packet *pktin) { + unsigned char *in = (unsigned char *)vin; struct do_ssh2_transport_state { int nbits, pbits, warn; Bignum p, g, e, f, K; @@ -4909,7 +4931,7 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, */ { char *str; - int i, j, len; + int i, j, len, guessok; if (pktin->type != SSH2_MSG_KEXINIT) { bombout(("expected key exchange packet from server")); @@ -4948,6 +4970,13 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, str ? str : "(null)")); crStop(0); } + /* + * Note that the server's guess is considered wrong if it doesn't match + * the first algorithm in our list, even if it's still the algorithm + * we end up using. + */ + guessok = + first_in_commasep_string(s->preferred_kex[0]->name, str, len); ssh_pkt_getstring(pktin, &str, &len); /* host key algorithms */ for (i = 0; i < lenof(hostkey_algs); i++) { if (in_commasep_string(hostkey_algs[i]->name, str, len)) { @@ -4955,6 +4984,8 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, break; } } + guessok = guessok && + first_in_commasep_string(hostkey_algs[0]->name, str, len); ssh_pkt_getstring(pktin, &str, &len); /* client->server cipher */ s->warn = 0; for (i = 0; i < s->n_preferred_ciphers; i++) { @@ -5047,6 +5078,10 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, break; } } + ssh_pkt_getstring(pktin, &str, &len); /* client->server language */ + ssh_pkt_getstring(pktin, &str, &len); /* server->client language */ + if (ssh2_pkt_getbool(pktin) && !guessok) /* first_kex_packet_follows */ + crWaitUntil(pktin); /* Ignore packet */ } /* @@ -5109,16 +5144,19 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, /* * Now generate and send e for Diffie-Hellman. */ + set_busy_status(ssh->frontend, BUSY_CPU); /* this can take a while */ s->e = dh_create_e(ssh->kex_ctx, s->nbits * 2); s->pktout = ssh2_pkt_init(s->kex_init_value); ssh2_pkt_addmp(s->pktout, s->e); ssh2_pkt_send_noqueue(ssh, s->pktout); + set_busy_status(ssh->frontend, BUSY_WAITING); /* wait for server */ crWaitUntil(pktin); if (pktin->type != s->kex_reply_value) { bombout(("expected key exchange reply packet from server")); crStop(0); } + set_busy_status(ssh->frontend, BUSY_CPU); /* cogitate */ ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen); s->f = ssh2_pkt_getmp(pktin); if (!s->f) { @@ -5129,6 +5167,10 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, s->K = dh_find_K(ssh->kex_ctx, s->f); + /* We assume everything from now on will be quick, and it might + * involve user interaction. */ + set_busy_status(ssh->frontend, BUSY_NOT); + sha_string(&ssh->exhash, s->hostkeydata, s->hostkeylen); if (ssh->kex == &ssh_diffiehellman_gex) { sha_uint32(&ssh->exhash, s->pbits); @@ -5439,7 +5481,14 @@ static void ssh2_set_window(struct ssh_channel *c, unsigned newwin) if (c->closes != 0) return; - if (newwin > c->v.v2.locwindow) { + /* + * Only send a WINDOW_ADJUST if there's significantly more window + * available than the other end thinks there is. This saves us + * sending a WINDOW_ADJUST for every character in a shell session. + * + * "Significant" is arbitrarily defined as half the window size. + */ + if (newwin > c->v.v2.locwindow * 2) { struct Packet *pktout; pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_WINDOW_ADJUST); @@ -5462,7 +5511,7 @@ static void ssh2_msg_channel_window_adjust(Ssh ssh, struct Packet *pktin) static void ssh2_msg_channel_data(Ssh ssh, struct Packet *pktin) { char *data; - unsigned int length; + int length; unsigned i = ssh_pkt_getuint32(pktin); struct ssh_channel *c; c = find234(ssh->channels, &i, ssh_channelfind); @@ -5570,7 +5619,7 @@ static void ssh2_msg_channel_close(Ssh ssh, struct Packet *pktin) struct Packet *pktout; c = find234(ssh->channels, &i, ssh_channelfind); - if (!c || ((int)c->remoteid) == -1) { + if (!c || c->halfopen) { bombout(("Received CHANNEL_CLOSE for %s channel %d\n", c ? "half-open" : "nonexistent", i)); return; @@ -5646,6 +5695,7 @@ static void ssh2_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin) if (c->type != CHAN_SOCKDATA_DORMANT) return; /* dunno why they're confirming this */ c->remoteid = ssh_pkt_getuint32(pktin); + c->halfopen = FALSE; c->type = CHAN_SOCKDATA; c->v.v2.remwindow = ssh_pkt_getuint32(pktin); c->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin); @@ -5677,7 +5727,6 @@ static void ssh2_msg_channel_open_failure(Ssh ssh, struct Packet *pktin) unsigned reason_code; char *reason_string; int reason_length; - char *message; struct ssh_channel *c; c = find234(ssh->channels, &i, ssh_channelfind); if (!c) @@ -5689,11 +5738,8 @@ static void ssh2_msg_channel_open_failure(Ssh ssh, struct Packet *pktin) if (reason_code >= lenof(reasons)) reason_code = 0; /* ensure reasons[reason_code] in range */ ssh_pkt_getstring(pktin, &reason_string, &reason_length); - message = dupprintf("Forwarded connection refused by" - " server: %s [%.*s]", reasons[reason_code], - reason_length, reason_string); - logevent(message); - sfree(message); + logeventf(ssh, "Forwarded connection refused by server: %s [%.*s]", + reasons[reason_code], reason_length, reason_string); pfd_close(c->u.pfd.s); @@ -5781,7 +5827,7 @@ static void ssh2_msg_channel_request(Ssh ssh, struct Packet *pktin) if (q >= 0 && q+4 <= len) { \ q = q + 4 + GET_32BIT(p+q); \ if (q >= 0 && q+4 <= len && \ - (q = q + 4 + GET_32BIT(p+q)) && q == len) \ + ((q = q + 4 + GET_32BIT(p+q))!= 0) && q == len) \ result = TRUE; \ } \ } while(0) @@ -5953,6 +5999,7 @@ static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin) } c->remoteid = remid; + c->halfopen = FALSE; if (error) { pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_FAILURE); ssh2_pkt_adduint32(pktout, c->remoteid); @@ -6327,19 +6374,11 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, s->p = s->response + 5; s->nkeys = GET_32BIT(s->p); s->p += 4; - { - char buf[64]; - sprintf(buf, "Pageant has %d SSH2 keys", s->nkeys); - logevent(buf); - } + logeventf(ssh, "Pageant has %d SSH2 keys", s->nkeys); for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) { void *vret; - { - char buf[64]; - sprintf(buf, "Trying Pageant key #%d", s->keyi); - logevent(buf); - } + logeventf(ssh, "Trying Pageant key #%d", s->keyi); s->pklen = GET_32BIT(s->p); s->p += 4; if (s->publickey_blob && @@ -6749,20 +6788,16 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, } } else if (s->method == AUTH_PASSWORD) { /* - * We send the password packet lumped tightly together with - * an SSH_MSG_IGNORE packet. The IGNORE packet contains a - * string long enough to make the total length of the two - * packets constant. This should ensure that a passive - * listener doing traffic analyis can't work out the length - * of the password. + * We pad out the password packet to 256 bytes to make + * it harder for an attacker to find the length of the + * user's password. * - * For this to work, we need an assumption about the - * maximum length of the password packet. I think 256 is - * pretty conservative. Anyone using a password longer than - * that probably doesn't have much to worry about from + * Anyone using a password longer than 256 bytes + * probably doesn't have much to worry about from * people who find out how long their password is! */ s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST); + s->pktout->forcepad = 256; ssh2_pkt_addstring(s->pktout, s->username); ssh2_pkt_addstring(s->pktout, "ssh-connection"); /* service requested */ ssh2_pkt_addstring(s->pktout, "password"); @@ -6771,46 +6806,13 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, ssh2_pkt_addstring(s->pktout, s->password); memset(s->password, 0, sizeof(s->password)); end_log_omission(ssh, s->pktout); - ssh2_pkt_defer(ssh, s->pktout); - /* - * We'll include a string that's an exact multiple of the - * cipher block size. If the cipher is NULL for some - * reason, we don't do this trick at all because we gain - * nothing by it. - */ - if (ssh->cscipher) { - int stringlen, i; - - stringlen = (256 - ssh->deferred_len); - stringlen += ssh->cscipher->blksize - 1; - stringlen -= (stringlen % ssh->cscipher->blksize); - if (ssh->cscomp) { - /* - * Temporarily disable actual compression, - * so we can guarantee to get this string - * exactly the length we want it. The - * compression-disabling routine should - * return an integer indicating how many - * bytes we should adjust our string length - * by. - */ - stringlen -= - ssh->cscomp->disable_compression(ssh->cs_comp_ctx); - } - s->pktout = ssh2_pkt_init(SSH2_MSG_IGNORE); - ssh2_pkt_addstring_start(s->pktout); - for (i = 0; i < stringlen; i++) { - char c = (char) random_byte(); - ssh2_pkt_addstring_data(s->pktout, &c, 1); - } - ssh2_pkt_defer(ssh, s->pktout); - } - ssh_pkt_defersend(ssh); + ssh2_pkt_send(ssh, s->pktout); logevent("Sent password"); s->type = AUTH_TYPE_PASSWORD; } else if (s->method == AUTH_KEYBOARD_INTERACTIVE) { if (s->curr_prompt == 0) { s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_INFO_RESPONSE); + s->pktout->forcepad = 256; ssh2_pkt_adduint32(s->pktout, s->num_prompts); } if (s->need_pw) { /* only add pw if we just got one! */ @@ -6894,6 +6896,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, crStopV; } ssh->mainchan->remoteid = ssh_pkt_getuint32(pktin); + ssh->mainchan->halfopen = FALSE; ssh->mainchan->type = CHAN_MAINSESSION; ssh->mainchan->closes = 0; ssh->mainchan->v.v2.remwindow = ssh_pkt_getuint32(pktin); @@ -7231,7 +7234,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, /* * Handlers for SSH2 messages that might arrive at any moment. */ -void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin) +static void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin) { /* log reason code in disconnect message */ char *buf, *msg; @@ -7260,10 +7263,10 @@ void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin) sfree(buf); } -void ssh2_msg_debug(Ssh ssh, struct Packet *pktin) +static void ssh2_msg_debug(Ssh ssh, struct Packet *pktin) { /* log the debug message */ - char *buf, *msg; + char *msg; int msglen; int always_display; @@ -7271,12 +7274,10 @@ void ssh2_msg_debug(Ssh ssh, struct Packet *pktin) always_display = ssh2_pkt_getbool(pktin); ssh_pkt_getstring(pktin, &msg, &msglen); - buf = dupprintf("Remote debug message: %.*s", msglen, msg); - logevent(buf); - sfree(buf); + logeventf(ssh, "Remote debug message: %.*s", msglen, msg); } -void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin) +static void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin) { struct Packet *pktout; pktout = ssh2_pkt_init(SSH2_MSG_UNIMPLEMENTED); @@ -7357,9 +7358,10 @@ static void ssh2_timer(void *ctx, long now) } } -static void ssh2_protocol(Ssh ssh, unsigned char *in, int inlen, +static void ssh2_protocol(Ssh ssh, void *vin, int inlen, struct Packet *pktin) { + unsigned char *in = (unsigned char *)vin; if (ssh->state == SSH_STATE_CLOSED) return; @@ -7904,7 +7906,7 @@ void *new_sock_channel(void *handle, Socket s) c->ssh = ssh; if (c) { - c->remoteid = -1; /* to be set when open confirmed */ + c->halfopen = TRUE; c->localid = alloc_channel_id(ssh); c->closes = 0; c->type = CHAN_SOCKDATA_DORMANT;/* identify channel type */