X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/bf98289914f47f394aa0cc442c267e56490c9e70..62ddb51e0424dd4bd1098b024f2427959aefc729:/ssh.c

diff --git a/ssh.c b/ssh.c
index fc75e91a..953c69f1 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1489,6 +1489,7 @@ static struct Packet *construct_packet(Ssh ssh, int pkttype, va_list ap)
 
     while ((argtype = va_arg(ap, int)) != PKT_END) {
 	unsigned char *argp, argchar;
+	char *sargp;
 	unsigned long argint;
 	int arglen;
 	switch (argtype) {
@@ -1507,8 +1508,8 @@ static struct Packet *construct_packet(Ssh ssh, int pkttype, va_list ap)
 	    ssh_pkt_adddata(pkt, argp, arglen);
 	    break;
 	  case PKT_STR:
-	    argp = va_arg(ap, unsigned char *);
-	    ssh_pkt_addstring(pkt, argp);
+	    sargp = va_arg(ap, char *);
+	    ssh_pkt_addstring(pkt, sargp);
 	    break;
 	  case PKT_BIGNUM:
 	    bn = va_arg(ap, Bignum);
@@ -1654,7 +1655,7 @@ static void ssh_pkt_addstring(struct Packet *pkt, char *data)
 static void ssh1_pkt_addmp(struct Packet *pkt, Bignum b)
 {
     int len = ssh1_bignum_length(b);
-    unsigned char *data = snewn(len, char);
+    unsigned char *data = snewn(len, unsigned char);
     (void) ssh1_write_bignum(data, b);
     ssh_pkt_adddata(pkt, data, len);
     sfree(data);
@@ -1904,7 +1905,6 @@ static void ssh2_pkt_send(Ssh ssh, struct Packet *pkt)
 	ssh2_pkt_send_noqueue(ssh, pkt);
 }
 
-#if 0 /* disused */
 /*
  * Either queue or defer a packet, depending on whether queueing is
  * set.
@@ -1916,7 +1916,6 @@ static void ssh2_pkt_defer(Ssh ssh, struct Packet *pkt)
     else
 	ssh2_pkt_defer_noqueue(ssh, pkt, FALSE);
 }
-#endif
 
 /*
  * Send the whole deferred data block constructed by
@@ -1950,6 +1949,74 @@ static void ssh_pkt_defersend(Ssh ssh)
 }
 
 /*
+ * Send a packet whose length needs to be disguised (typically
+ * passwords or keyboard-interactive responses).
+ */
+static void ssh2_pkt_send_with_padding(Ssh ssh, struct Packet *pkt,
+				       int padsize)
+{
+#if 0
+    if (0) {
+	/*
+	 * The simplest way to do this is to adjust the
+	 * variable-length padding field in the outgoing packet.
+	 * 
+	 * Currently compiled out, because some Cisco SSH servers
+	 * don't like excessively padded packets (bah, why's it
+	 * always Cisco?)
+	 */
+	pkt->forcepad = padsize;
+	ssh2_pkt_send(ssh, pkt);
+    } else
+#endif
+    {
+	/*
+	 * If we can't do that, however, an alternative approach is
+	 * to use the pkt_defer mechanism to bundle the packet
+	 * tightly together with an SSH_MSG_IGNORE such that their
+	 * combined length is a constant. So first we construct the
+	 * final form of this packet and defer its sending.
+	 */
+	ssh2_pkt_defer(ssh, pkt);
+
+	/*
+	 * Now construct an SSH_MSG_IGNORE which includes a string
+	 * that's an exact multiple of the cipher block size. (If
+	 * the cipher is NULL so that the block size is
+	 * unavailable, we don't do this trick at all, because we
+	 * gain nothing by it.)
+	 */
+	if (ssh->cscipher) {
+	    int stringlen, i;
+
+	    stringlen = (256 - ssh->deferred_len);
+	    stringlen += ssh->cscipher->blksize - 1;
+	    stringlen -= (stringlen % ssh->cscipher->blksize);
+	    if (ssh->cscomp) {
+		/*
+		 * Temporarily disable actual compression, so we
+		 * can guarantee to get this string exactly the
+		 * length we want it. The compression-disabling
+		 * routine should return an integer indicating how
+		 * many bytes we should adjust our string length
+		 * by.
+		 */
+		stringlen -=
+		    ssh->cscomp->disable_compression(ssh->cs_comp_ctx);
+	    }
+	    pkt = ssh2_pkt_init(SSH2_MSG_IGNORE);
+	    ssh2_pkt_addstring_start(pkt);
+	    for (i = 0; i < stringlen; i++) {
+		char c = (char) random_byte();
+		ssh2_pkt_addstring_data(pkt, &c, 1);
+	    }
+	    ssh2_pkt_defer(ssh, pkt);
+	}
+	ssh_pkt_defersend(ssh);
+    }
+}
+
+/*
  * Send all queued SSH-2 packets. We send them by means of
  * ssh2_pkt_defer_noqueue(), in case they included a pair of
  * packets that needed to be lumped together.
@@ -4574,7 +4641,7 @@ static void ssh1_msg_channel_data(Ssh ssh, struct Packet *pktin)
 	    /* Data for an agent message. Buffer it. */
 	    while (len > 0) {
 		if (c->u.a.lensofar < 4) {
-		    unsigned int l = min(4 - c->u.a.lensofar, len);
+		    unsigned int l = min(4 - c->u.a.lensofar, (unsigned)len);
 		    memcpy(c->u.a.msglen + c->u.a.lensofar, p,
 			   l);
 		    p += l;
@@ -4591,7 +4658,7 @@ static void ssh1_msg_channel_data(Ssh ssh, struct Packet *pktin)
 		if (c->u.a.lensofar >= 4 && len > 0) {
 		    unsigned int l =
 			min(c->u.a.totallen - c->u.a.lensofar,
-			    len);
+			    (unsigned)len);
 		    memcpy(c->u.a.message + c->u.a.lensofar, p,
 			   l);
 		    p += l;
@@ -6011,7 +6078,8 @@ static void ssh2_msg_channel_data(Ssh ssh, struct Packet *pktin)
 	  case CHAN_AGENT:
 	    while (length > 0) {
 		if (c->u.a.lensofar < 4) {
-		    unsigned int l = min(4 - c->u.a.lensofar, length);
+		    unsigned int l = min(4 - c->u.a.lensofar,
+					 (unsigned)length);
 		    memcpy(c->u.a.msglen + c->u.a.lensofar,
 			   data, l);
 		    data += l;
@@ -6028,7 +6096,7 @@ static void ssh2_msg_channel_data(Ssh ssh, struct Packet *pktin)
 		if (c->u.a.lensofar >= 4 && length > 0) {
 		    unsigned int l =
 			min(c->u.a.totallen - c->u.a.lensofar,
-			    length);
+			    (unsigned)length);
 		    memcpy(c->u.a.message + c->u.a.lensofar,
 			   data, l);
 		    data += l;
@@ -7373,7 +7441,6 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 		     * Send the responses to the server.
 		     */
 		    s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_INFO_RESPONSE);
-		    s->pktout->forcepad = 256;
 		    ssh2_pkt_adduint32(s->pktout, s->num_prompts);
 		    for (i=0; i < s->num_prompts; i++) {
 			dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
@@ -7381,7 +7448,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 					   s->cur_prompt->prompts[i]->result);
 			end_log_omission(ssh, s->pktout);
 		    }
-		    ssh2_pkt_send(ssh, s->pktout);
+		    ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
 
 		    /*
 		     * Get the next packet in case it's another
@@ -7451,7 +7518,6 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 		 * people who find out how long their password is!
 		 */
 		s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
-		s->pktout->forcepad = 256;
 		ssh2_pkt_addstring(s->pktout, s->username);
 		ssh2_pkt_addstring(s->pktout, "ssh-connection");
 							/* service requested */
@@ -7460,7 +7526,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 		dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
 		ssh2_pkt_addstring(s->pktout, s->password);
 		end_log_omission(ssh, s->pktout);
-		ssh2_pkt_send(ssh, s->pktout);
+		ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
 		logevent("Sent password");
 		s->type = AUTH_TYPE_PASSWORD;
 
@@ -7581,7 +7647,6 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 		     * (see above for padding rationale)
 		     */
 		    s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
-		    s->pktout->forcepad = 256;
 		    ssh2_pkt_addstring(s->pktout, s->username);
 		    ssh2_pkt_addstring(s->pktout, "ssh-connection");
 							/* service requested */
@@ -7593,7 +7658,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 				       s->cur_prompt->prompts[1]->result);
 		    free_prompts(s->cur_prompt);
 		    end_log_omission(ssh, s->pktout);
-		    ssh2_pkt_send(ssh, s->pktout);
+		    ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
 		    logevent("Sent new password");
 		    
 		    /*