diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2016-09-28 16:33:06 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-09-29 03:11:32 +1000 |
| commit | 0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f (patch) | |
| tree | b0271896ec4d6c0e716821954212677438824a05 /monitor.c | |
| parent | 27c3a9c2aede2184856b5de1e6eca414bb751c38 (diff) | |
upstream commit
Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea in terms of both cryptography (cf. multiple
compression oracle attacks in TLS) and attack surface.
Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.
Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@
NB. pre-auth authentication has been disabled by default in sshd
for >10 years.
Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
Diffstat (limited to 'monitor.c')
| -rw-r--r-- | monitor.c | 48 |
1 files changed, 1 insertions, 47 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.165 2016/09/05 13:57:31 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -94,7 +94,6 @@ #include "misc.h" #include "servconf.h" #include "monitor.h" -#include "monitor_mm.h" #ifdef GSSAPI #include "ssh-gss.h" #endif @@ -411,31 +410,6 @@ monitor_child_postauth(struct monitor *pmonitor) monitor_read(pmonitor, mon_dispatch, NULL); } -void -monitor_sync(struct monitor *pmonitor) -{ - if (options.compression) { - /* The member allocation is not visible, so sync it */ - mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback); - } -} - -/* Allocation functions for zlib */ -static void * -mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) -{ - if (size == 0 || ncount == 0 || ncount > SIZE_MAX / size) - fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); - - return mm_malloc(mm, size * ncount); -} - -static void -mm_zfree(struct mm_master *mm, void *address) -{ - mm_free(mm, address); -} - static int monitor_read_log(struct monitor *pmonitor) { @@ -1632,13 +1606,6 @@ monitor_apply_keystate(struct monitor *pmonitor) kex->host_key_index=&get_hostkey_index; kex->sign = sshd_hostkey_sign; } - - /* Update with new address */ - if (options.compression) { - ssh_packet_set_compress_hooks(ssh, pmonitor->m_zlib, - (ssh_packet_comp_alloc_func *)mm_zalloc, - (ssh_packet_comp_free_func *)mm_zfree); - } } /* This function requries careful sanity checking */ @@ -1691,24 +1658,11 @@ monitor_openfds(struct monitor *mon, int do_logfds) struct monitor * monitor_init(void) { - struct ssh *ssh = active_state; /* XXX */ struct monitor *mon; mon = xcalloc(1, sizeof(*mon)); - monitor_openfds(mon, 1); - /* Used to share zlib space across processes */ - if (options.compression) { - mon->m_zback = mm_create(NULL, MM_MEMSIZE); - mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE); - - /* Compression needs to share state across borders */ - ssh_packet_set_compress_hooks(ssh, mon->m_zlib, - (ssh_packet_comp_alloc_func *)mm_zalloc, - (ssh_packet_comp_free_func *)mm_zfree); - } - return mon; } |