diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2016-09-28 16:33:06 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-09-29 03:11:32 +1000 |
| commit | 0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f (patch) | |
| tree | b0271896ec4d6c0e716821954212677438824a05 | |
| parent | 27c3a9c2aede2184856b5de1e6eca414bb751c38 (diff) | |
upstream commit
Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea in terms of both cryptography (cf. multiple
compression oracle attacks in TLS) and attack surface.
Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.
Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@
NB. pre-auth authentication has been disabled by default in sshd
for >10 years.
Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
| -rw-r--r-- | Makefile.in | 2 | ||||
| -rw-r--r-- | monitor.c | 48 | ||||
| -rw-r--r-- | monitor.h | 6 | ||||
| -rw-r--r-- | monitor_mm.c | 357 | ||||
| -rw-r--r-- | monitor_mm.h | 62 | ||||
| -rw-r--r-- | monitor_wrap.h | 5 | ||||
| -rw-r--r-- | myproposal.h | 4 | ||||
| -rw-r--r-- | opacket.h | 3 | ||||
| -rw-r--r-- | packet.c | 104 | ||||
| -rw-r--r-- | packet.h | 7 | ||||
| -rw-r--r-- | servconf.c | 4 | ||||
| -rw-r--r-- | sshconnect2.c | 4 | ||||
| -rw-r--r-- | sshd.c | 10 |
13 files changed, 18 insertions, 598 deletions
diff --git a/Makefile.in b/Makefile.in index d6df2ff3..3990f552 100644 --- a/Makefile.in +++ b/Makefile.in @@ -104,7 +104,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \ auth2-chall.o groupaccess.o \ auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ auth2-none.o auth2-passwd.o auth2-pubkey.o \ - monitor_mm.o monitor.o monitor_wrap.o auth-krb5.o \ + monitor.o monitor_wrap.o auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ sftp-server.o sftp-common.o \ @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.165 2016/09/05 13:57:31 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -94,7 +94,6 @@ #include "misc.h" #include "servconf.h" #include "monitor.h" -#include "monitor_mm.h" #ifdef GSSAPI #include "ssh-gss.h" #endif @@ -411,31 +410,6 @@ monitor_child_postauth(struct monitor *pmonitor) monitor_read(pmonitor, mon_dispatch, NULL); } -void -monitor_sync(struct monitor *pmonitor) -{ - if (options.compression) { - /* The member allocation is not visible, so sync it */ - mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback); - } -} - -/* Allocation functions for zlib */ -static void * -mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) -{ - if (size == 0 || ncount == 0 || ncount > SIZE_MAX / size) - fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); - - return mm_malloc(mm, size * ncount); -} - -static void -mm_zfree(struct mm_master *mm, void *address) -{ - mm_free(mm, address); -} - static int monitor_read_log(struct monitor *pmonitor) { @@ -1632,13 +1606,6 @@ monitor_apply_keystate(struct monitor *pmonitor) kex->host_key_index=&get_hostkey_index; kex->sign = sshd_hostkey_sign; } - - /* Update with new address */ - if (options.compression) { - ssh_packet_set_compress_hooks(ssh, pmonitor->m_zlib, - (ssh_packet_comp_alloc_func *)mm_zalloc, - (ssh_packet_comp_free_func *)mm_zfree); - } } /* This function requries careful sanity checking */ @@ -1691,24 +1658,11 @@ monitor_openfds(struct monitor *mon, int do_logfds) struct monitor * monitor_init(void) { - struct ssh *ssh = active_state; /* XXX */ struct monitor *mon; mon = xcalloc(1, sizeof(*mon)); - monitor_openfds(mon, 1); - /* Used to share zlib space across processes */ - if (options.compression) { - mon->m_zback = mm_create(NULL, MM_MEMSIZE); - mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE); - - /* Compression needs to share state across borders */ - ssh_packet_set_compress_hooks(ssh, mon->m_zlib, - (ssh_packet_comp_alloc_func *)mm_zalloc, - (ssh_packet_comp_free_func *)mm_zfree); - } - return mon; } @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.h,v 1.19 2015/01/19 19:52:16 markus Exp $ */ +/* $OpenBSD: monitor.h,v 1.20 2016/09/28 16:33:07 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> @@ -67,21 +67,17 @@ enum monitor_reqtype { }; -struct mm_master; struct monitor { int m_recvfd; int m_sendfd; int m_log_recvfd; int m_log_sendfd; - struct mm_master *m_zback; - struct mm_master *m_zlib; struct kex **m_pkex; pid_t m_pid; }; struct monitor *monitor_init(void); void monitor_reinit(struct monitor *); -void monitor_sync(struct monitor *); struct Authctxt; void monitor_child_preauth(struct Authctxt *, struct monitor *); diff --git a/monitor_mm.c b/monitor_mm.c deleted file mode 100644 index aa47b2ed..00000000 --- a/monitor_mm.c +++ /dev/null @@ -1,357 +0,0 @@ -/* $OpenBSD: monitor_mm.c,v 1.21 2015/02/06 23:21:59 millert Exp $ */ -/* - * Copyright 2002 Niels Provos <provos@citi.umich.edu> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include <sys/types.h> -#ifdef HAVE_SYS_MMAN_H -#include <sys/mman.h> -#endif -#include "openbsd-compat/sys-tree.h" - -#include <errno.h> -#include <stdarg.h> -#include <stddef.h> -#ifdef HAVE_STDINT_H -#include <stdint.h> -#endif -#include <stdlib.h> -#include <string.h> - -#include "xmalloc.h" -#include "ssh.h" -#include "log.h" -#include "monitor_mm.h" - -static int -mm_compare(struct mm_share *a, struct mm_share *b) -{ - ptrdiff_t diff = (char *)a->address - (char *)b->address; - - if (diff == 0) - return (0); - else if (diff < 0) - return (-1); - else - return (1); -} - -RB_GENERATE(mmtree, mm_share, next, mm_compare) - -static struct mm_share * -mm_make_entry(struct mm_master *mm, struct mmtree *head, - void *address, size_t size) -{ - struct mm_share *tmp, *tmp2; - - if (mm->mmalloc == NULL) - tmp = xcalloc(1, sizeof(struct mm_share)); - else - tmp = mm_xmalloc(mm->mmalloc, sizeof(struct mm_share)); - tmp->address = address; - tmp->size = size; - - tmp2 = RB_INSERT(mmtree, head, tmp); - if (tmp2 != NULL) - fatal("mm_make_entry(%p): double address %p->%p(%zu)", - mm, tmp2, address, size); - - return (tmp); -} - -/* Creates a shared memory area of a certain size */ - -struct mm_master * -mm_create(struct mm_master *mmalloc, size_t size) -{ - void *address; - struct mm_master *mm; - - if (mmalloc == NULL) - mm = xcalloc(1, sizeof(struct mm_master)); - else - mm = mm_xmalloc(mmalloc, sizeof(struct mm_master)); - - /* - * If the memory map has a mm_master it can be completely - * shared including authentication between the child - * and the client. - */ - mm->mmalloc = mmalloc; - - address = xmmap(size); - if (address == (void *)MAP_FAILED) - fatal("mmap(%zu): %s", size, strerror(errno)); - - mm->address = address; - mm->size = size; - - RB_INIT(&mm->rb_free); - RB_INIT(&mm->rb_allocated); - - mm_make_entry(mm, &mm->rb_free, address, size); - - return (mm); -} - -/* Frees either the allocated or the free list */ - -static void -mm_freelist(struct mm_master *mmalloc, struct mmtree *head) -{ - struct mm_share *mms, *next; - - for (mms = RB_ROOT(head); mms; mms = next) { - next = RB_NEXT(mmtree, head, mms); - RB_REMOVE(mmtree, head, mms); - if (mmalloc == NULL) - free(mms); - else - mm_free(mmalloc, mms); - } -} - -/* Destroys a memory mapped area */ - -void -mm_destroy(struct mm_master *mm) -{ - mm_freelist(mm->mmalloc, &mm->rb_free); - mm_freelist(mm->mmalloc, &mm->rb_allocated); - -#ifdef HAVE_MMAP - if (munmap(mm->address, mm->size) == -1) - fatal("munmap(%p, %zu): %s", mm->address, mm->size, - strerror(errno)); -#else - fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported", - __func__); -#endif - if (mm->mmalloc == NULL) - free(mm); - else - mm_free(mm->mmalloc, mm); -} - -void * -mm_xmalloc(struct mm_master *mm, size_t size) -{ - void *address; - - address = mm_malloc(mm, size); - if (address == NULL) - fatal("%s: mm_malloc(%zu)", __func__, size); - memset(address, 0, size); - return (address); -} - - -/* Allocates data from a memory mapped area */ - -void * -mm_malloc(struct mm_master *mm, size_t size) -{ - struct mm_share *mms, *tmp; - - if (size == 0) - fatal("mm_malloc: try to allocate 0 space"); - if (size > SIZE_MAX - MM_MINSIZE + 1) - fatal("mm_malloc: size too big"); - - size = ((size + (MM_MINSIZE - 1)) / MM_MINSIZE) * MM_MINSIZE; - - RB_FOREACH(mms, mmtree, &mm->rb_free) { - if (mms->size >= size) - break; - } - - if (mms == NULL) - return (NULL); - - /* Debug */ - memset(mms->address, 0xd0, size); - - tmp = mm_make_entry(mm, &mm->rb_allocated, mms->address, size); - - /* Does not change order in RB tree */ - mms->size -= size; - mms->address = (char *)mms->address + size; - - if (mms->size == 0) { - RB_REMOVE(mmtree, &mm->rb_free, mms); - if (mm->mmalloc == NULL) - free(mms); - else - mm_free(mm->mmalloc, mms); - } - - return (tmp->address); -} - -/* Frees memory in a memory mapped area */ - -void -mm_free(struct mm_master *mm, void *address) -{ - struct mm_share *mms, *prev, tmp; - - tmp.address = address; - mms = RB_FIND(mmtree, &mm->rb_allocated, &tmp); - if (mms == NULL) - fatal("mm_free(%p): can not find %p", mm, address); - - /* Debug */ - memset(mms->address, 0xd0, mms->size); - - /* Remove from allocated list and insert in free list */ - RB_REMOVE(mmtree, &mm->rb_allocated, mms); - if (RB_INSERT(mmtree, &mm->rb_free, mms) != NULL) - fatal("mm_free(%p): double address %p", mm, address); - - /* Find previous entry */ - prev = mms; - if (RB_LEFT(prev, next)) { - prev = RB_LEFT(prev, next); - while (RB_RIGHT(prev, next)) - prev = RB_RIGHT(prev, next); - } else { - if (RB_PARENT(prev, next) && - (prev == RB_RIGHT(RB_PARENT(prev, next), next))) - prev = RB_PARENT(prev, next); - else { - while (RB_PARENT(prev, next) && - (prev == RB_LEFT(RB_PARENT(prev, next), next))) - prev = RB_PARENT(prev, next); - prev = RB_PARENT(prev, next); - } - } - - /* Check if range does not overlap */ - if (prev != NULL && MM_ADDRESS_END(prev) > address) - fatal("mm_free: memory corruption: %p(%zu) > %p", - prev->address, prev->size, address); - - /* See if we can merge backwards */ - if (prev != NULL && MM_ADDRESS_END(prev) == address) { - prev->size += mms->size; - RB_REMOVE(mmtree, &mm->rb_free, mms); - if (mm->mmalloc == NULL) - free(mms); - else - mm_free(mm->mmalloc, mms); - } else - prev = mms; - - if (prev == NULL) - return; - - /* Check if we can merge forwards */ - mms = RB_NEXT(mmtree, &mm->rb_free, prev); - if (mms == NULL) - return; - - if (MM_ADDRESS_END(prev) > mms->address) - fatal("mm_free: memory corruption: %p < %p(%zu)", - mms->address, prev->address, prev->size); - if (MM_ADDRESS_END(prev) != mms->address) - return; - - prev->size += mms->size; - RB_REMOVE(mmtree, &mm->rb_free, mms); - - if (mm->mmalloc == NULL) - free(mms); - else - mm_free(mm->mmalloc, mms); -} - -static void -mm_sync_list(struct mmtree *oldtree, struct mmtree *newtree, - struct mm_master *mm, struct mm_master *mmold) -{ - struct mm_master *mmalloc = mm->mmalloc; - struct mm_share *mms, *new; - - /* Sync free list */ - RB_FOREACH(mms, mmtree, oldtree) { - /* Check the values */ - mm_memvalid(mmold, mms, sizeof(struct mm_share)); - mm_memvalid(mm, mms->address, mms->size); - - new = mm_xmalloc(mmalloc, sizeof(struct mm_share)); - memcpy(new, mms, sizeof(struct mm_share)); - RB_INSERT(mmtree, newtree, new); - } -} - -void -mm_share_sync(struct mm_master **pmm, struct mm_master **pmmalloc) -{ - struct mm_master *mm; - struct mm_master *mmalloc; - struct mm_master *mmold; - struct mmtree rb_free, rb_allocated; - - debug3("%s: Share sync", __func__); - - mm = *pmm; - mmold = mm->mmalloc; - mm_memvalid(mmold, mm, sizeof(*mm)); - - mmalloc = mm_create(NULL, mm->size); - mm = mm_xmalloc(mmalloc, sizeof(struct mm_master)); - memcpy(mm, *pmm, sizeof(struct mm_master)); - mm->mmalloc = mmalloc; - - rb_free = mm->rb_free; - rb_allocated = mm->rb_allocated; - - RB_INIT(&mm->rb_free); - RB_INIT(&mm->rb_allocated); - - mm_sync_list(&rb_free, &mm->rb_free, mm, mmold); - mm_sync_list(&rb_allocated, &mm->rb_allocated, mm, mmold); - - mm_destroy(mmold); - - *pmm = mm; - *pmmalloc = mmalloc; - - debug3("%s: Share sync end", __func__); -} - -void -mm_memvalid(struct mm_master *mm, void *address, size_t size) -{ - void *end = (char *)address + size; - - if (address < mm->address) - fatal("mm_memvalid: address too small: %p", address); - if (end < address) - fatal("mm_memvalid: end < address: %p < %p", end, address); - if (end > MM_ADDRESS_END(mm)) - fatal("mm_memvalid: address too large: %p", address); -} diff --git a/monitor_mm.h b/monitor_mm.h deleted file mode 100644 index f1fae7e3..00000000 --- a/monitor_mm.h +++ /dev/null @@ -1,62 +0,0 @@ -/* $OpenBSD: monitor_mm.h,v 1.6 2014/01/04 17:50:55 tedu Exp $ */ - -/* - * Copyright 2002 Niels Provos <provos@citi.umich.edu> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _MM_H_ -#define _MM_H_ - -struct mm_share { - RB_ENTRY(mm_share) next; - void *address; - size_t size; -}; - -struct mm_master { - RB_HEAD(mmtree, mm_share) rb_free; - struct mmtree rb_allocated; - void *address; - size_t size; - - struct mm_master *mmalloc; /* Used to completely share */ -}; - -RB_PROTOTYPE(mmtree, mm_share, next, mm_compare) - -#define MM_MINSIZE 128 - -#define MM_ADDRESS_END(x) (void *)((char *)(x)->address + (x)->size) - -struct mm_master *mm_create(struct mm_master *, size_t); -void mm_destroy(struct mm_master *); - -void mm_share_sync(struct mm_master **, struct mm_master **); - -void *mm_malloc(struct mm_master *, size_t); -void *mm_xmalloc(struct mm_master *, size_t); -void mm_free(struct mm_master *, void *); - -void mm_memvalid(struct mm_master *, void *, size_t); -#endif /* _MM_H_ */ diff --git a/monitor_wrap.h b/monitor_wrap.h index 1bc76aff..db5902f5 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.31 2016/08/13 17:47:41 markus Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.32 2016/09/28 16:33:07 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> @@ -95,7 +95,4 @@ int mm_bsdauth_respond(void *, u_int, char **); int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **); int mm_skey_respond(void *, u_int, char **); -/* zlib allocation hooks */ -void mm_init_compression(struct mm_master *); - #endif /* _MM_WRAP_H_ */ diff --git a/myproposal.h b/myproposal.h index 4729b30b..072e36ec 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.53 2016/09/22 17:52:53 djm Exp $ */ +/* $OpenBSD: myproposal.h,v 1.54 2016/09/28 16:33:07 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -167,7 +167,7 @@ #endif /* WITH_OPENSSL */ -#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" +#define KEX_DEFAULT_COMP "none,zlib@openssh.com" #define KEX_DEFAULT_LANG "" #define KEX_CLIENT \ @@ -133,9 +133,6 @@ void packet_disconnect(const char *, ...) ssh_packet_get_input(active_state) #define packet_get_output() \ ssh_packet_get_output(active_state) -#define packet_set_compress_hooks(ctx, allocfunc, freefunc) \ - ssh_packet_set_compress_hooks(active_state, ctx, \ - allocfunc, freefunc); #define packet_check_eom() \ ssh_packet_check_eom(active_state) #define set_newkeys(mode) \ @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.238 2016/09/19 19:02:19 markus Exp $ */ +/* $OpenBSD: packet.c,v 1.239 2016/09/28 16:33:07 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -756,86 +756,6 @@ uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) /* NOTREACHED */ } -/* Serialise compression state into a blob for privsep */ -static int -ssh_packet_get_compress_state(struct sshbuf *m, struct ssh *ssh) -{ - struct session_state *state = ssh->state; - struct sshbuf *b; - int r; - - if ((b = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if (state->compression_in_started) { - if ((r = sshbuf_put_string(b, &state->compression_in_stream, - sizeof(state->compression_in_stream))) != 0) - goto out; - } else if ((r = sshbuf_put_string(b, NULL, 0)) != 0) - goto out; - if (state->compression_out_started) { - if ((r = sshbuf_put_string(b, &state->compression_out_stream, - sizeof(state->compression_out_stream))) != 0) - goto out; - } else if ((r = sshbuf_put_string(b, NULL, 0)) != 0) - goto out; - r = sshbuf_put_stringb(m, b); - out: - sshbuf_free(b); - return r; -} - -/* Deserialise compression state from a blob for privsep */ -static int -ssh_packet_set_compress_state(struct ssh *ssh, struct sshbuf *m) -{ - struct session_state *state = ssh->state; - struct sshbuf *b = NULL; - int r; - const u_char *inblob, *outblob; - size_t inl, outl; - - if ((r = sshbuf_froms(m, &b)) != 0) - goto out; - if ((r = sshbuf_get_string_direct(b, &inblob, &inl)) != 0 || - (r = sshbuf_get_string_direct(b, &outblob, &outl)) != 0) - goto out; - if (inl == 0) - state->compression_in_started = 0; - else if (inl != sizeof(state->compression_in_stream)) { - r = SSH_ERR_INTERNAL_ERROR; - goto out; - } else { - state->compression_in_started = 1; - memcpy(&state->compression_in_stream, inblob, inl); - } - if (outl == 0) - state->compression_out_started = 0; - else if (outl != sizeof(state->compression_out_stream)) { - r = SSH_ERR_INTERNAL_ERROR; - goto out; - } else { - state->compression_out_started = 1; - memcpy(&state->compression_out_stream, outblob, outl); - } - r = 0; - out: - sshbuf_free(b); - return r; -} - -void -ssh_packet_set_compress_hooks(struct ssh *ssh, void *ctx, - void *(*allocfunc)(void *, u_int, u_int), - void (*freefunc)(void *, void *)) -{ - ssh->state->compression_out_stream.zalloc = (alloc_func)allocfunc; - ssh->state->compression_out_stream.zfree = (free_func)freefunc; - ssh->state->compression_out_stream.opaque = ctx; - ssh->state->compression_in_stream.zalloc = (alloc_func)allocfunc; - ssh->state->compression_in_stream.zfree = (free_func)freefunc; - ssh->state->compression_in_stream.opaque = ctx; -} - /* * Causes any further packets to be encrypted using the given key. The same * key is used for both sending and reception. However, both directions are @@ -2450,21 +2370,14 @@ ssh_packet_get_output(struct ssh *ssh) static int ssh_packet_set_postauth(struct ssh *ssh) { - struct sshcomp *comp; - int r, mode; + int r; debug("%s: called", __func__); /* This was set in net child, but is not visible in user child */ ssh->state->after_authentication = 1; ssh->state->rekeying = 0; - for (mode = 0; mode < MODE_MAX; mode++) { - if (ssh->state->newkeys[mode] == NULL) - continue; - comp = &ssh->state->newkeys[mode]->comp; - if (comp && comp->enabled && - (r = ssh_packet_init_compression(ssh)) != 0) - return r; - } + if ((r = ssh_packet_enable_delayed_compress(ssh)) != 0) + return r; return 0; } @@ -2528,7 +2441,6 @@ newkeys_to_blob(struct sshbuf *m, struct ssh *ssh, int mode) goto out; } if ((r = sshbuf_put_u32(b, comp->type)) != 0 || - (r = sshbuf_put_u32(b, comp->enabled)) != 0 || (r = sshbuf_put_cstring(b, comp->name)) != 0) goto out; r = sshbuf_put_stringb(m, b); @@ -2589,9 +2501,7 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) return r; if (cipher_get_keycontext(state->receive_context, p) != (int)rlen) return SSH_ERR_INTERNAL_ERROR; - - if ((r = ssh_packet_get_compress_state(m, ssh)) != 0 || - (r = sshbuf_put_stringb(m, state->input)) != 0 || + if ((r = sshbuf_put_stringb(m, state->input)) != 0 || (r = sshbuf_put_stringb(m, state->output)) != 0) return r; @@ -2645,7 +2555,6 @@ newkeys_from_blob(struct sshbuf *m, struct ssh *ssh, int mode) mac->key_len = maclen; } if ((r = sshbuf_get_u32(b, &comp->type)) != 0 || - (r = sshbuf_get_u32(b, (u_int *)&comp->enabled)) != 0 || (r = sshbuf_get_cstring(b, &comp->name, NULL)) != 0) goto out; if (enc->name == NULL || @@ -2773,8 +2682,7 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) cipher_set_keycontext(state->send_context, keyout); cipher_set_keycontext(state->receive_context, keyin); - if ((r = ssh_packet_set_compress_state(ssh, m)) != 0 || - (r = ssh_packet_set_postauth(ssh)) != 0) + if ((r = ssh_packet_set_postauth(ssh)) != 0) return r; sshbuf_reset(state->input); @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.71 2016/03/07 19:02:43 djm Exp $ */ +/* $OpenBSD: packet.h,v 1.72 2016/09/28 16:33:07 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -120,11 +120,6 @@ void ssh_packet_send_debug(struct ssh *, const char *fmt, ...) __attribute__ int ssh_set_newkeys(struct ssh *, int mode); void ssh_packet_get_bytes(struct ssh *, u_int64_t *, u_int64_t *); -typedef void *(ssh_packet_comp_alloc_func)(void *, u_int, u_int); -typedef void (ssh_packet_comp_free_func)(void *, void *); -void ssh_packet_set_compress_hooks(struct ssh *, void *, - ssh_packet_comp_alloc_func *, ssh_packet_comp_free_func *); - int ssh_packet_write_poll(struct ssh *); int ssh_packet_write_wait(struct ssh *); int ssh_packet_have_data_to_write(struct ssh *); @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.295 2016/08/25 23:57:54 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.296 2016/09/28 16:33:07 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -921,7 +921,7 @@ static const struct multistate multistate_permitrootlogin[] = { }; static const struct multistate multistate_compression[] = { { "delayed", COMP_DELAYED }, - { "yes", COMP_ZLIB }, + { "yes", COMP_DELAYED }, { "no", COMP_NONE }, { NULL, -1 } }; diff --git a/sshconnect2.c b/sshconnect2.c index 5e7d07dc..a633e76c 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.248 2016/09/22 02:29:57 dtucker Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.249 2016/09/28 16:33:07 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -174,7 +174,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) compat_cipher_proposal(options.ciphers); myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? - "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib"; + "zlib@openssh.com,none" : "none,zlib@openssh.com"; myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; if (options.hostkeyalgorithms != NULL) { @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.475 2016/08/28 22:28:12 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.476 2016/09/28 16:33:07 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -114,7 +114,6 @@ #include "dispatch.h" #include "channels.h" #include "session.h" -#include "monitor_mm.h" #include "monitor.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -582,9 +581,6 @@ privsep_preauth(Authctxt *authctxt) ssh_sandbox_parent_preauth(box, pid); monitor_child_preauth(authctxt, pmonitor); - /* Sync memory */ - monitor_sync(pmonitor); - /* Wait for the child's exit status */ while (waitpid(pid, &status, 0) < 0) { if (errno == EINTR) @@ -2152,10 +2148,6 @@ do_ssh2_kex(void) if (options.compression == COMP_NONE) { myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; - } else if (options.compression == COMP_DELAYED) { - myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = - "none,zlib@openssh.com"; } if (options.rekey_limit || options.rekey_interval) |