#define BUG_NEEDS_SSH1_PLAIN_PASSWORD 4
#define BUG_CHOKES_ON_RSA 8
#define BUG_SSH2_RSA_PADDING 16
+#define BUG_SSH2_DERIVEKEY 32
+#define BUG_SSH2_DH_GEX 64
static int ssh_pkt_ctx = 0;
struct ssh_channel {
unsigned remoteid, localid;
int type;
+ /*
+ * In SSH1, this value contains four bits:
+ *
+ * 1 We have sent SSH1_MSG_CHANNEL_CLOSE.
+ * 2 We have sent SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
+ * 4 We have received SSH1_MSG_CHANNEL_CLOSE.
+ * 8 We have received SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
+ *
+ * A channel is completely finished with when all four bits are set.
+ */
int closes;
union {
struct ssh1_data_channel {
if (pktin.type == SSH1_MSG_DEBUG) {
/* log debug message */
- char buf[80];
+ char buf[512];
int stringlen = GET_32BIT(pktin.body);
- strcpy(buf, "Remote: ");
- if (stringlen > 70)
- stringlen = 70;
+ strcpy(buf, "Remote debug message: ");
+ if (stringlen > 480)
+ stringlen = 480;
memcpy(buf + 8, pktin.body + 4, stringlen);
buf[8 + stringlen] = '\0';
logevent(buf);
ssh_remote_bugs = 0;
- if (!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") ||
- !strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") ||
- !strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25")) {
+ if (cfg.sshbug_ignore1 == BUG_ON ||
+ (cfg.sshbug_ignore1 == BUG_AUTO &&
+ (!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") ||
+ !strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") ||
+ !strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25")))) {
/*
* These versions don't support SSH1_MSG_IGNORE, so we have
* to use a different defence against password length
logevent("We believe remote version has SSH1 ignore bug");
}
- if (!strcmp(imp, "Cisco-1.25")) {
+ if (cfg.sshbug_plainpw1 == BUG_ON ||
+ (cfg.sshbug_plainpw1 == BUG_AUTO &&
+ (!strcmp(imp, "Cisco-1.25")))) {
/*
* These versions need a plain password sent; they can't
* handle having a null and a random length of data after
logevent("We believe remote version needs a plain SSH1 password");
}
- if (!strcmp(imp, "Cisco-1.25")) {
+ if (cfg.sshbug_rsa1 == BUG_ON ||
+ (cfg.sshbug_rsa1 == BUG_AUTO &&
+ (!strcmp(imp, "Cisco-1.25")))) {
/*
* These versions apparently have no clue whatever about
* RSA authentication and will panic and die if they see
logevent("We believe remote version can't handle RSA authentication");
}
- if (!strncmp(imp, "2.1.0", 5) || !strncmp(imp, "2.0.", 4) ||
- !strncmp(imp, "2.2.0", 5) || !strncmp(imp, "2.3.0", 5) ||
- !strncmp(imp, "2.1 ", 4)) {
+ if (cfg.sshbug_hmac2 == BUG_ON ||
+ (cfg.sshbug_hmac2 == BUG_AUTO &&
+ (!strncmp(imp, "2.1.0", 5) || !strncmp(imp, "2.0.", 4) ||
+ !strncmp(imp, "2.2.0", 5) || !strncmp(imp, "2.3.0", 5) ||
+ !strncmp(imp, "2.1 ", 4)))) {
/*
* These versions have the HMAC bug.
*/
logevent("We believe remote version has SSH2 HMAC bug");
}
- if ((!strncmp(imp, "OpenSSH_2.", 10) && imp[10]>='5' && imp[10]<='9') ||
- (!strncmp(imp, "OpenSSH_3.", 10) && imp[10]>='0' && imp[10]<='2')) {
+ if (cfg.sshbug_derivekey2 == BUG_ON ||
+ (cfg.sshbug_derivekey2 == BUG_AUTO &&
+ (!strncmp(imp, "2.0.", 4)))) {
+ /*
+ * These versions have the key-derivation bug (failing to
+ * include the literal shared secret in the hashes that
+ * generate the keys).
+ */
+ ssh_remote_bugs |= BUG_SSH2_DERIVEKEY;
+ logevent("We believe remote version has SSH2 key-derivation bug");
+ }
+
+ if (cfg.sshbug_rsapad2 == BUG_ON ||
+ (cfg.sshbug_rsapad2 == BUG_AUTO &&
+ ((!strncmp(imp, "OpenSSH_2.", 10) && imp[10]>='5' && imp[10]<='9') ||
+ (!strncmp(imp, "OpenSSH_3.", 10) && imp[10]>='0' && imp[10]<='2')))){
/*
* These versions have the SSH2 RSA padding bug.
*/
ssh_remote_bugs |= BUG_SSH2_RSA_PADDING;
logevent("We believe remote version has SSH2 RSA padding bug");
}
+
+ if (cfg.sshbug_dhgex2 == BUG_ON) {
+ /*
+ * These versions have the SSH2 DH GEX bug.
+ */
+ ssh_remote_bugs |= BUG_SSH2_DH_GEX;
+ logevent("We believe remote version has SSH2 DH group exchange bug");
+ }
}
static int do_ssh_init(unsigned char c)
c_write_str("\r\n");
}
} else {
- strncpy(username, cfg.username, 99);
- username[99] = '\0';
+ strncpy(username, cfg.username, sizeof(username));
+ username[sizeof(username)-1] = '\0';
}
send_packet(SSH1_CMSG_USER, PKT_STR, username, PKT_END);
ssh2_pkt_send();
}
}
- c->closes = 1;
+ c->closes = 1; /* sent MSG_CLOSE */
if (c->type == CHAN_X11) {
c->u.x11.s = NULL;
logevent("Forwarded X11 connection terminated");
unsigned i = GET_32BIT(pktin.body);
struct ssh_channel *c;
c = find234(ssh_channels, &i, ssh_channelfind);
- if (c) {
+ if (c && ((int)c->remoteid) != -1) {
int closetype;
closetype =
(pktin.type == SSH1_MSG_CHANNEL_CLOSE ? 1 : 2);
- if (!(c->closes & closetype))
- send_packet(pktin.type, PKT_INT, c->remoteid,
- PKT_END);
+
if ((c->closes == 0) && (c->type == CHAN_X11)) {
logevent("Forwarded X11 connection terminated");
assert(c->u.x11.s != NULL);
pfd_close(c->u.pfd.s);
c->u.pfd.s = NULL;
}
- c->closes |= closetype;
- if (c->closes == 3) {
+
+ c->closes |= (closetype << 2); /* seen this message */
+ if (!(c->closes & closetype)) {
+ send_packet(pktin.type, PKT_INT, c->remoteid,
+ PKT_END);
+ c->closes |= closetype; /* sent it too */
+ }
+
+ if (c->closes == 15) {
del234(ssh_channels, c);
sfree(c);
}
+ } else {
+ bombout(("Received CHANNEL_CLOSE%s for %s channel %d\n",
+ pktin.type == SSH1_MSG_CHANNEL_CLOSE ? "" :
+ "_CONFIRMATION", c ? "half-open" : "nonexistent",
+ i));
}
} else if (pktin.type == SSH1_MSG_CHANNEL_DATA) {
/* Data sent down one of our channels. */
SHA_State s;
/* First 20 bytes. */
SHA_Init(&s);
- sha_mpint(&s, K);
+ if (!(ssh_remote_bugs & BUG_SSH2_DERIVEKEY))
+ sha_mpint(&s, K);
SHA_Bytes(&s, H, 20);
SHA_Bytes(&s, &chr, 1);
SHA_Bytes(&s, sessid, 20);
SHA_Final(&s, keyspace);
/* Next 20 bytes. */
SHA_Init(&s);
- sha_mpint(&s, K);
+ if (!(ssh_remote_bugs & BUG_SSH2_DERIVEKEY))
+ sha_mpint(&s, K);
SHA_Bytes(&s, H, 20);
SHA_Bytes(&s, keyspace, 20);
SHA_Final(&s, keyspace + 20);
/*
* Be prepared to work around the buggy MAC problem.
*/
- if (cfg.buggymac || (ssh_remote_bugs & BUG_SSH2_HMAC))
+ if (ssh_remote_bugs & BUG_SSH2_HMAC)
maclist = buggymacs, nmacs = lenof(buggymacs);
else
maclist = macs, nmacs = lenof(macs);
/* List key exchange algorithms. */
ssh2_pkt_addstring_start();
for (i = 0; i < lenof(kex_algs); i++) {
+ if (kex_algs[i] == &ssh_diffiehellman_gex &&
+ (ssh_remote_bugs & BUG_SSH2_DH_GEX))
+ continue;
ssh2_pkt_addstring_str(kex_algs[i]->name);
if (i < lenof(kex_algs) - 1)
ssh2_pkt_addstring_str(",");
pktin.savedpos += 16; /* skip garbage cookie */
ssh2_pkt_getstring(&str, &len); /* key exchange algorithms */
for (i = 0; i < lenof(kex_algs); i++) {
+ if (kex_algs[i] == &ssh_diffiehellman_gex &&
+ (ssh_remote_bugs & BUG_SSH2_DH_GEX))
+ continue;
if (in_commasep_string(kex_algs[i]->name, str, len)) {
kex = kex_algs[i];
break;
username[strcspn(username, "\n\r")] = '\0';
} else {
char stuff[200];
- strncpy(username, cfg.username, 99);
- username[99] = '\0';
+ strncpy(username, cfg.username, sizeof(username));
+ username[sizeof(username)-1] = '\0';
if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
sprintf(stuff, "Using username \"%s\".\r\n", username);
c_write_str(stuff);
struct ssh_channel *c;
c = find234(ssh_channels, &i, ssh_channelfind);
- if (!c)
- continue; /* nonexistent channel */
+ if (!c || ((int)c->remoteid) == -1) {
+ bombout(("Received CHANNEL_CLOSE for %s channel %d\n",
+ c ? "half-open" : "nonexistent", i));
+ }
/* Do pre-close processing on the channel. */
switch (c->type) {
case CHAN_MAINSESSION:
if (ssh_state == SSH_STATE_CLOSED
|| ssh_state == SSH_STATE_PREPACKET) return;
if (ssh_version == 1) {
- send_packet(SSH1_MSG_IGNORE, PKT_STR, "", PKT_END);
+ if (!(ssh_remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
+ send_packet(SSH1_MSG_IGNORE, PKT_STR, "", PKT_END);
} else {
ssh2_pkt_init(SSH2_MSG_IGNORE);
ssh2_pkt_addstring_start();