X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/bd358db116eb6c3bf56a0b9a154f8eee0cf28761..2c2f4dba28ea405dd544aecfd752cd9c99760828:/ssh.c

diff --git a/ssh.c b/ssh.c
index 737871ad..baa811fb 100644
--- a/ssh.c
+++ b/ssh.c
@@ -236,15 +236,13 @@ extern void pfd_override_throttle(Socket s, int enable);
 #define OUR_V2_WINSIZE 16384
 
 /*
- * Ciphers for SSH2. We miss out single-DES because it isn't
- * supported; also 3DES and Blowfish are both done differently from
- * SSH1. (3DES uses outer chaining; Blowfish has the opposite
- * endianness and different-sized keys.)
+ * Ciphers for SSH2.
  */
 const static struct ssh2_ciphers *ciphers[] = {
     &ssh2_aes,
     &ssh2_blowfish,
     &ssh2_3des,
+    &ssh2_des,
 };
 
 const static struct ssh_kex *kex_algs[] = {
@@ -942,23 +940,18 @@ static int s_wrpkt_prepare(void)
 
     pktout.body[-1] = pktout.type;
 
-#ifdef DUMP_PACKETS
-    debug(("Packet payload pre-compression:\n"));
-    dmemdump(pktout.body - 1, pktout.length + 1);
-#endif
-
     if (ssh1_compressing) {
 	unsigned char *compblk;
 	int complen;
+#ifdef DUMP_PACKETS
+	debug(("Packet payload pre-compression:\n"));
+	dmemdump(pktout.body - 1, pktout.length + 1);
+#endif
 	zlib_compress_block(pktout.body - 1, pktout.length + 1,
 			    &compblk, &complen);
 	ssh1_pktout_size(complen - 1);
 	memcpy(pktout.body - 1, compblk, complen);
 	sfree(compblk);
-#ifdef DUMP_PACKETS
-	debug(("Packet payload post-compression:\n"));
-	dmemdump(pktout.body - 1, pktout.length + 1);
-#endif
     }
 
     len = pktout.length + 5;	       /* type and CRC */
@@ -1241,13 +1234,15 @@ static int ssh2_pkt_construct(void)
     /*
      * Compress packet payload.
      */
-#ifdef DUMP_PACKETS
-    debug(("Pre-compression payload:\n"));
-    dmemdump(pktout.data + 5, pktout.length - 5);
-#endif
     {
 	unsigned char *newpayload;
 	int newlen;
+#ifdef DUMP_PACKETS
+	if (cscomp && cscomp != &ssh_comp_none) {
+	    debug(("Pre-compression payload:\n"));
+	    dmemdump(pktout.data + 5, pktout.length - 5);
+	}
+#endif
 	if (cscomp && cscomp->compress(pktout.data + 5, pktout.length - 5,
 				       &newpayload, &newlen)) {
 	    pktout.length = 5;
@@ -2422,6 +2417,10 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 		 * against password length sniffing.
 		 */
 		if (!(ssh_remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE)) {
+		    /*
+		     * The server can deal with SSH1_MSG_IGNORE, so
+		     * we can use the primary defence.
+		     */
 		    int bottom, top, pwlen, i;
 		    char *randomstr;
 
@@ -2457,6 +2456,11 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 		    ssh_pkt_defersend();
 		} 
 		else if (!(ssh_remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
+		    /*
+		     * The server can't deal with SSH1_MSG_IGNORE
+		     * but can deal with padded passwords, so we
+		     * can use the secondary defence.
+		     */
 		    char string[64];
 		    char *s;
 		    int len;
@@ -2517,19 +2521,29 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 void sshfwd_close(struct ssh_channel *c)
 {
     if (c && !c->closes) {
-	if (ssh_version == 1) {
-	    send_packet(SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
-			PKT_END);
-	} else {
-	    ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
-	    ssh2_pkt_adduint32(c->remoteid);
-	    ssh2_pkt_send();
+	/*
+	 * If the channel's remoteid is -1, we have sent
+	 * CHANNEL_OPEN for this channel, but it hasn't even been
+	 * acknowledged by the server. So we must set a close flag
+	 * on it now, and then when the server acks the channel
+	 * open, we can close it then.
+	 */
+	if (c->remoteid != -1) {
+	    if (ssh_version == 1) {
+		send_packet(SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
+			    PKT_END);
+	    } else {
+		ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
+		ssh2_pkt_adduint32(c->remoteid);
+		ssh2_pkt_send();
+	    }
 	}
 	c->closes = 1;
 	if (c->type == CHAN_X11) {
 	    c->u.x11.s = NULL;
 	    logevent("Forwarded X11 connection terminated");
-	} else if (c->type == CHAN_SOCKDATA) {
+	} else if (c->type == CHAN_SOCKDATA ||
+		   c->type == CHAN_SOCKDATA_DORMANT) {
 	    c->u.pfd.s = NULL;
 	    logevent("Forwarded port closed");
 	}
@@ -2896,9 +2910,21 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt)
 		if (c && c->type == CHAN_SOCKDATA_DORMANT) {
 		    c->remoteid = localid;
 		    c->type = CHAN_SOCKDATA;
+		    c->v.v1.throttling = 0;
 		    pfd_confirm(c->u.pfd.s);
 		}
 
+		if (c && c->closes) {
+		    /*
+		     * We have a pending close on this channel,
+		     * which we decided on before the server acked
+		     * the channel open. So now we know the
+		     * remoteid, we can close it again.
+		     */
+		    send_packet(SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
+				PKT_END);
+		}
+
 	    } else if (pktin.type == SSH1_MSG_CHANNEL_OPEN_FAILURE) {
 		unsigned int remoteid = GET_32BIT(pktin.body);
 		unsigned int localid = GET_32BIT(pktin.body+4);
@@ -3144,7 +3170,8 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
 	    n_preferred_ciphers++;
 	    break;
 	  case CIPHER_DES:
-	    /* Not supported in SSH2; silently drop */
+	    preferred_ciphers[n_preferred_ciphers] = &ssh2_des;
+	    n_preferred_ciphers++;
 	    break;
 	  case CIPHER_3DES:
 	    preferred_ciphers[n_preferred_ciphers] = &ssh2_3des;
@@ -3325,6 +3352,11 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
 	    break;
 	}
     }
+    if (!cscipher_tobe) {
+	bombout(("Couldn't agree a client-to-server cipher (available: %s)", str));
+	crReturn(0);
+    }
+
     ssh2_pkt_getstring(&str, &len);    /* server->client cipher */
     warn = 0;
     for (i = 0; i < n_preferred_ciphers; i++) {
@@ -3345,6 +3377,11 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
 	    break;
 	}
     }
+    if (!sccipher_tobe) {
+	bombout(("Couldn't agree a server-to-client cipher (available: %s)", str));
+	crReturn(0);
+    }
+
     ssh2_pkt_getstring(&str, &len);    /* client->server mac */
     for (i = 0; i < nmacs; i++) {
 	if (in_commasep_string(maclist[i]->name, str, len)) {
@@ -3472,15 +3509,6 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
     }
 
     /*
-     * Expect SSH2_MSG_NEWKEYS from server.
-     */
-    crWaitUntil(ispkt);
-    if (pktin.type != SSH2_MSG_NEWKEYS) {
-	bombout(("expected new-keys packet from server"));
-	crReturn(0);
-    }
-
-    /*
      * Authenticate remote host: verify host key. (We've already
      * checked the signature of the exchange hash.)
      */
@@ -3503,6 +3531,15 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
     ssh2_pkt_send();
 
     /*
+     * Expect SSH2_MSG_NEWKEYS from server.
+     */
+    crWaitUntil(ispkt);
+    if (pktin.type != SSH2_MSG_NEWKEYS) {
+	bombout(("expected new-keys packet from server"));
+	crReturn(0);
+    }
+
+    /*
      * Create and initialise session keys.
      */
     cscipher = cscipher_tobe;
@@ -4118,6 +4155,8 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 
 		    ssh2_pkt_getstring(&prompt, &prompt_len);
 		    strncpy(pwprompt, prompt, sizeof(pwprompt));
+		    pwprompt[prompt_len < sizeof(pwprompt) ?
+			     prompt_len : sizeof(pwprompt)-1] = '\0';
 		    need_pw = TRUE;
 
 		    echo = ssh2_pkt_getbool();
@@ -4769,8 +4808,6 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 		ssh_state = SSH_STATE_CLOSED;
 		logevent("Received disconnect message");
 		crReturnV;
-	    } else if (pktin.type == SSH2_MSG_CHANNEL_REQUEST) {
-		continue;	       /* exit status et al; ignore (FIXME?) */
 	    } else if (pktin.type == SSH2_MSG_CHANNEL_EOF) {
 		unsigned i = ssh2_pkt_getuint32();
 		struct ssh_channel *c;
@@ -4858,11 +4895,22 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 		    continue;	       /* dunno why they're confirming this */
 		c->remoteid = ssh2_pkt_getuint32();
 		c->type = CHAN_SOCKDATA;
-		c->closes = 0;
 		c->v.v2.remwindow = ssh2_pkt_getuint32();
 		c->v.v2.remmaxpkt = ssh2_pkt_getuint32();
 		bufchain_init(&c->v.v2.outbuffer);
-		pfd_confirm(c->u.pfd.s);
+		if (c->u.pfd.s)
+		    pfd_confirm(c->u.pfd.s);
+		if (c->closes) {
+		    /*
+		     * We have a pending close on this channel,
+		     * which we decided on before the server acked
+		     * the channel open. So now we know the
+		     * remoteid, we can close it again.
+		     */
+		    ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
+		    ssh2_pkt_adduint32(c->remoteid);
+		    ssh2_pkt_send();
+		}
 	    } else if (pktin.type == SSH2_MSG_CHANNEL_OPEN_FAILURE) {
 		unsigned i = ssh2_pkt_getuint32();
 		struct ssh_channel *c;
@@ -4878,6 +4926,46 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 
 		del234(ssh_channels, c);
 		sfree(c);
+	    } else if (pktin.type == SSH2_MSG_CHANNEL_REQUEST) {
+ 		unsigned localid;
+		char *type;
+		int typelen, want_reply;
+		struct ssh_channel *c;
+
+		localid = ssh2_pkt_getuint32();
+		ssh2_pkt_getstring(&type, &typelen);
+		want_reply = ssh2_pkt_getbool();
+
+		/*
+		 * First, check that the channel exists. Otherwise,
+		 * we can instantly disconnect with a rude message.
+		 */
+		c = find234(ssh_channels, &localid, ssh_channelfind);
+		if (!c) {
+		    char buf[80];
+		    sprintf(buf, "Received channel request for nonexistent"
+			    " channel %d", localid);
+		    logevent(buf);
+		    ssh2_pkt_init(SSH2_MSG_DISCONNECT);
+		    ssh2_pkt_adduint32(SSH2_DISCONNECT_BY_APPLICATION);
+		    ssh2_pkt_addstring(buf);
+		    ssh2_pkt_addstring("en");	/* language tag */
+		    ssh2_pkt_send();
+		    connection_fatal(buf);
+		    ssh_state = SSH_STATE_CLOSED;
+		    crReturnV;
+		}
+
+		/*
+		 * We don't recognise any form of channel request,
+		 * so we now either ignore the request or respond
+		 * with CHANNEL_FAILURE, depending on want_reply.
+		 */
+		if (want_reply) {
+		    ssh2_pkt_init(SSH2_MSG_CHANNEL_FAILURE);
+		    ssh2_pkt_adduint32(c->remoteid);
+		    ssh2_pkt_send();
+		}
 	    } else if (pktin.type == SSH2_MSG_CHANNEL_OPEN) {
 		char *type;
 		int typelen;