X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/d8d6c7e50e1fcf5171ec15f8a3e9bdcd141f0b64..9a3a93a5c6a879994d61da8a146142a6555fd5d0:/ssh.c

diff --git a/ssh.c b/ssh.c
index e0fed88b..b8abc5ba 100644
--- a/ssh.c
+++ b/ssh.c
@@ -724,6 +724,11 @@ static int ssh1_rdpkt(unsigned char **data, int *datalen)
 	st->to_read -= st->chunk;
     }
 
+    if (cipher && detect_attack(pktin.data, st->biglen, NULL)) {
+        bombout(("Network attack (CRC compensation) detected!"));
+        crReturn(0);
+    }
+
     if (cipher)
 	cipher->decrypt(pktin.data, st->biglen);
 
@@ -1854,11 +1859,13 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
     struct RSAKey servkey, hostkey;
     struct MD5Context md5c;
     static unsigned long supported_ciphers_mask, supported_auths_mask;
-    static int tried_publickey;
+    static int tried_publickey, tried_agent;
     static int tis_auth_refused, ccard_auth_refused;
     static unsigned char session_id[16];
     static int cipher_type;
     static char username[100];
+    static void *publickey_blob;
+    int publickey_bloblen;
 
     crBegin;
 
@@ -2103,8 +2110,14 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 
     crWaitUntil(ispkt);
 
-    tried_publickey = 0;
+    tried_publickey = tried_agent = 0;
     tis_auth_refused = ccard_auth_refused = 0;
+    /* Load the public half of cfg.keyfile so we notice if it's in Pageant */
+    if (*cfg.keyfile) {
+	if (!rsakey_pubblob(cfg.keyfile, &publickey_blob, &publickey_bloblen))
+	    publickey_blob = NULL;
+    } else
+	publickey_blob = NULL;
 
     while (pktin.type == SSH1_SMSG_FAILURE) {
 	static char password[100];
@@ -2114,7 +2127,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 	static int pwpkt_type;
 	pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
 
-	if (agent_exists()) {
+	if (agent_exists() && !tried_agent) {
 	    /*
 	     * Attempt RSA authentication using Pageant.
 	     */
@@ -2124,6 +2137,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 	    static int authed = FALSE;
 	    void *r;
 
+	    tried_agent = 1;
 	    logevent("Pageant is running. Requesting keys.");
 
 	    /* Request the keys held by the agent. */
@@ -2152,6 +2166,11 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 			sprintf(buf, "Trying Pageant key #%d", i);
 			logevent(buf);
 		    }
+		    if (publickey_blob &&
+			!memcmp(p, publickey_blob, publickey_bloblen)) {
+			logevent("This key matches configured key file");
+			tried_publickey = 1;
+		    }
 		    p += 4;
 		    p += ssh1_read_bignum(p, &key.exponent);
 		    p += ssh1_read_bignum(p, &key.modulus);
@@ -3751,6 +3770,8 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
     static char username[100];
     static char pwprompt[200];
     static char password[100];
+    static void *publickey_blob;
+    static int publickey_bloblen;
 
     crBegin;
 
@@ -3891,6 +3912,12 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 	tried_agent = FALSE;
 	tried_keyb_inter = FALSE;
 	kbd_inter_running = FALSE;
+	/* Load the pub half of cfg.keyfile so we notice if it's in Pageant */
+	if (*cfg.keyfile) {
+	    publickey_blob = ssh2_userkey_loadpub(cfg.keyfile, NULL,
+						  &publickey_bloblen);
+	} else
+	    publickey_blob = NULL;
 
 	while (1) {
 	    /*
@@ -4046,6 +4073,12 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 			}
 			pklen = GET_32BIT(p);
 			p += 4;
+			if (publickey_blob &&
+			    pklen == publickey_bloblen &&
+			    !memcmp(p, publickey_blob, publickey_bloblen)) {
+			    logevent("This key matches configured key file");
+			    tried_pubkey_config = 1;
+			}
 			pkblob = p;
 			p += pklen;
 			alglen = GET_32BIT(pkblob);