diff options
-rw-r--r-- | ChangeLog | 23 | ||||
-rw-r--r-- | atomicio.c | 2 | ||||
-rw-r--r-- | auth-options.c | 2 | ||||
-rw-r--r-- | auth-passwd.c | 2 | ||||
-rw-r--r-- | auth-rh-rsa.c | 2 | ||||
-rw-r--r-- | auth-rhosts.c | 2 | ||||
-rw-r--r-- | auth-rsa.c | 2 | ||||
-rw-r--r-- | auth-skey.c | 2 | ||||
-rw-r--r-- | auth2.c | 9 | ||||
-rw-r--r-- | authfd.c | 2 | ||||
-rw-r--r-- | authfd.h | 2 | ||||
-rw-r--r-- | authfile.c | 2 | ||||
-rw-r--r-- | bufaux.c | 2 | ||||
-rw-r--r-- | bufaux.h | 2 | ||||
-rw-r--r-- | buffer.c | 2 | ||||
-rw-r--r-- | buffer.h | 2 | ||||
-rw-r--r-- | canohost.c | 2 | ||||
-rw-r--r-- | channels.c | 2 | ||||
-rw-r--r-- | channels.h | 2 | ||||
-rw-r--r-- | cipher.c | 2 | ||||
-rw-r--r-- | cipher.h | 2 | ||||
-rw-r--r-- | clientloop.c | 2 | ||||
-rw-r--r-- | compat.c | 4 | ||||
-rw-r--r-- | compat.h | 3 | ||||
-rw-r--r-- | compress.c | 2 | ||||
-rw-r--r-- | compress.h | 2 | ||||
-rw-r--r-- | crc32.c | 2 | ||||
-rw-r--r-- | crc32.h | 2 | ||||
-rw-r--r-- | deattack.c | 2 | ||||
-rw-r--r-- | dispatch.c | 2 | ||||
-rw-r--r-- | dsa.c | 17 | ||||
-rw-r--r-- | fingerprint.c | 2 | ||||
-rw-r--r-- | fingerprint.h | 2 | ||||
-rw-r--r-- | getput.h | 2 | ||||
-rw-r--r-- | hmac.c | 2 | ||||
-rw-r--r-- | kex.c | 2 | ||||
-rw-r--r-- | key.c | 27 | ||||
-rw-r--r-- | log-client.c | 2 | ||||
-rw-r--r-- | log-server.c | 2 | ||||
-rw-r--r-- | login.c | 2 | ||||
-rw-r--r-- | match.c | 2 | ||||
-rw-r--r-- | mpaux.c | 2 | ||||
-rw-r--r-- | mpaux.h | 2 | ||||
-rw-r--r-- | nchan.c | 2 | ||||
-rw-r--r-- | nchan.h | 2 | ||||
-rw-r--r-- | packet.c | 2 | ||||
-rw-r--r-- | packet.h | 2 | ||||
-rw-r--r-- | pty.c | 2 | ||||
-rw-r--r-- | pty.h | 2 | ||||
-rw-r--r-- | readconf.c | 2 | ||||
-rw-r--r-- | readconf.h | 2 | ||||
-rw-r--r-- | readpass.c | 2 | ||||
-rw-r--r-- | rsa.c | 2 | ||||
-rw-r--r-- | rsa.h | 2 | ||||
-rw-r--r-- | scp.c | 4 | ||||
-rw-r--r-- | servconf.c | 2 | ||||
-rw-r--r-- | servconf.h | 2 | ||||
-rw-r--r-- | ssh-add.c | 2 | ||||
-rw-r--r-- | ssh-keygen.c | 2 | ||||
-rw-r--r-- | ssh.c | 2 | ||||
-rw-r--r-- | ssh.h | 2 | ||||
-rw-r--r-- | sshconnect2.c | 20 | ||||
-rw-r--r-- | tildexpand.c | 2 | ||||
-rw-r--r-- | ttymodes.c | 2 | ||||
-rw-r--r-- | ttymodes.h | 2 | ||||
-rw-r--r-- | uidswap.c | 2 | ||||
-rw-r--r-- | xmalloc.c | 2 | ||||
-rw-r--r-- | xmalloc.h | 2 |
68 files changed, 138 insertions, 89 deletions
@@ -2,6 +2,29 @@ - (djm) Automatically generate host key during "make install". Suggested by Gary E. Miller <gem@rellim.com> - (djm) Paranoia before kill() system call + - OpenBSD CVS Updates: + - markus@cvs.openbsd.org 2000/06/18 18:50:11 + [auth2.c compat.c compat.h sshconnect2.c] + make userauth+pubkey interop with ssh.com-2.2.0 + - markus@cvs.openbsd.org 2000/06/18 20:56:17 + [dsa.c] + mem leak + be more paranoid in dsa_verify. + - markus@cvs.openbsd.org 2000/06/18 21:29:50 + [key.c] + cleanup fingerprinting, less hardcoded sizes + - markus@cvs.openbsd.org 2000/06/19 19:39:45 + [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] + [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h] + [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] + [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h] + [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c] + [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] + [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] + [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c] + [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h] + OpenBSD tag + - markus@cvs.openbsd.org 2000/06/21 10:46:10 + sshconnect2.c missing free; nuke old comment 20000620 - (djm) Replace use of '-o' and '-a' logical operators in configure tests @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$Id: atomicio.c,v 1.11 2000/04/16 02:31:49 damien Exp $"); +RCSID("$OpenBSD: atomicio.c,v 1.4 2000/06/20 01:39:37 markus Exp $"); #include "xmalloc.h" #include "ssh.h" diff --git a/auth-options.c b/auth-options.c index 7ebbb766..55ccc851 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,5 +1,5 @@ #include "includes.h" -RCSID("$Id: auth-options.c,v 1.1 2000/06/18 04:50:44 djm Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.2 2000/06/20 01:39:38 markus Exp $"); #include "ssh.h" #include "packet.h" diff --git a/auth-passwd.c b/auth-passwd.c index b27c5bae..d722122c 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -11,7 +11,7 @@ #ifndef USE_PAM -RCSID("$Id: auth-passwd.c,v 1.20 2000/05/20 05:03:00 damien Exp $"); +RCSID("$OpenBSD: auth-passwd.c,v 1.16 2000/06/20 01:39:38 markus Exp $"); #include "packet.h" #include "ssh.h" diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 1073ecc1..4386758d 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$Id: auth-rh-rsa.c,v 1.11 2000/04/16 02:31:49 damien Exp $"); +RCSID("$OpenBSD: auth-rh-rsa.c,v 1.14 2000/06/20 01:39:38 markus Exp $"); #include "packet.h" #include "ssh.h" diff --git a/auth-rhosts.c b/auth-rhosts.c index 6a5c13e4..f670276b 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$Id: auth-rhosts.c,v 1.8 2000/04/16 01:18:39 damien Exp $"); +RCSID("$OpenBSD: auth-rhosts.c,v 1.14 2000/06/20 01:39:38 markus Exp $"); #include "packet.h" #include "ssh.h" @@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$Id: auth-rsa.c,v 1.21 2000/06/18 04:50:44 djm Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.26 2000/06/20 01:39:38 markus Exp $"); #include "rsa.h" #include "packet.h" diff --git a/auth-skey.c b/auth-skey.c index 7eb32e8f..d66d84e7 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -1,6 +1,6 @@ #include "includes.h" #ifdef SKEY -RCSID("$Id: auth-skey.c,v 1.6 2000/04/14 10:30:29 markus Exp $"); +RCSID("$OpenBSD: auth-skey.c,v 1.7 2000/06/20 01:39:38 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -27,7 +27,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.10 2000/06/18 04:05:02 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.11 2000/06/19 00:50:11 markus Exp $"); #include <openssl/dsa.h> #include <openssl/rsa.h> @@ -302,8 +302,11 @@ ssh2_auth_pubkey(struct passwd *pw, char *service) sig = packet_get_string(&slen); packet_done(); buffer_init(&b); - buffer_append(&b, session_id2, session_id2_len); - + if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) { + buffer_put_string(&b, session_id2, session_id2_len); + } else { + buffer_append(&b, session_id2, session_id2_len); + } /* reconstruct packet */ buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); buffer_put_cstring(&b, pw->pw_name); @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: authfd.c,v 1.14 2000/04/30 00:00:53 damien Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.20 2000/06/20 01:39:38 markus Exp $"); #include "ssh.h" #include "rsa.h" @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: authfd.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */ +/* RCSID("$OpenBSD: authfd.h,v 1.8 2000/06/20 01:39:38 markus Exp $"); */ #ifndef AUTHFD_H #define AUTHFD_H @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$Id: authfile.c,v 1.12 2000/04/29 13:57:10 damien Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.17 2000/06/20 01:39:38 markus Exp $"); #include <openssl/bn.h> #include <openssl/dsa.h> @@ -17,7 +17,7 @@ */ #include "includes.h" -RCSID("$Id: bufaux.c,v 1.12 2000/04/16 02:31:50 damien Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.12 2000/06/20 01:39:39 markus Exp $"); #include "ssh.h" #include <openssl/bn.h> @@ -11,7 +11,7 @@ * */ -/* RCSID("$Id: bufaux.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */ +/* RCSID("$OpenBSD: bufaux.h,v 1.7 2000/06/20 01:39:39 markus Exp $"); */ #ifndef BUFAUX_H #define BUFAUX_H @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: buffer.c,v 1.5 2000/04/16 01:18:40 damien Exp $"); +RCSID("$OpenBSD: buffer.c,v 1.7 2000/06/20 01:39:39 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: buffer.h,v 1.4 2000/04/16 02:31:50 damien Exp $"); */ +/* RCSID("$OpenBSD: buffer.h,v 1.5 2000/06/20 01:39:39 markus Exp $"); */ #ifndef BUFFER_H #define BUFFER_H @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: canohost.c,v 1.9 2000/04/16 01:18:40 damien Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.13 2000/06/20 01:39:39 markus Exp $"); #include "packet.h" #include "xmalloc.h" @@ -17,7 +17,7 @@ */ #include "includes.h" -RCSID("$Id: channels.c,v 1.33 2000/06/18 04:50:44 djm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.62 2000/06/20 01:39:39 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -1,4 +1,4 @@ -/* RCSID("$Id: channels.h,v 1.10 2000/06/07 09:55:44 djm Exp $"); */ +/* RCSID("$OpenBSD: channels.h,v 1.14 2000/06/20 01:39:40 markus Exp $"); */ #ifndef CHANNELS_H #define CHANNELS_H @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$Id: cipher.c,v 1.21 2000/05/30 03:44:52 damien Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.28 2000/06/20 01:39:40 markus Exp $"); #include "ssh.h" #include "cipher.h" @@ -11,7 +11,7 @@ * */ -/* RCSID("$Id: cipher.h,v 1.13 2000/05/09 01:03:00 damien Exp $"); */ +/* RCSID("$OpenBSD: cipher.h,v 1.18 2000/06/20 01:39:40 markus Exp $"); */ #ifndef CIPHER_H #define CIPHER_H diff --git a/clientloop.c b/clientloop.c index 82d1d27d..5df584ab 100644 --- a/clientloop.c +++ b/clientloop.c @@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$Id: clientloop.c,v 1.16 2000/05/09 01:03:00 damien Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.27 2000/06/20 01:39:40 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: compat.c,v 1.12 2000/06/18 04:50:44 djm Exp $"); +RCSID("$OpenBSD: compat.c,v 1.17 2000/06/20 01:39:40 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -61,7 +61,7 @@ compat_datafellows(const char *version) char *version; int bugs; } check[] = { - {"2.2.0", SSH_BUG_HMAC}, + {"2.2.0", SSH_BUG_HMAC|SSH_COMPAT_SESSIONID_ENCODING}, {"2.1.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC}, {"2.0.1", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD}, {NULL, 0} @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$Id: compat.h,v 1.6 2000/05/09 01:03:00 damien Exp $"); */ +/* RCSID("$OpenBSD: compat.h,v 1.9 2000/06/20 01:39:40 markus Exp $"); */ #ifndef COMPAT_H #define COMPAT_H @@ -40,6 +40,7 @@ #define SSH_BUG_PUBKEYAUTH 0x02 #define SSH_BUG_HMAC 0x04 #define SSH_BUG_X11FWD 0x08 +#define SSH_COMPAT_SESSIONID_ENCODING 0x10 void enable_compat13(void); void enable_compat20(void); @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: compress.c,v 1.6 2000/04/16 01:18:42 damien Exp $"); +RCSID("$OpenBSD: compress.c,v 1.8 2000/06/20 01:39:40 markus Exp $"); #include "ssh.h" #include "buffer.h" @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: compress.h,v 1.4 2000/04/16 01:18:42 damien Exp $"); */ +/* RCSID("$OpenBSD: compress.h,v 1.5 2000/06/20 01:39:40 markus Exp $"); */ #ifndef COMPRESS_H #define COMPRESS_H @@ -6,7 +6,7 @@ */ #include "includes.h" -RCSID("$Id: crc32.c,v 1.2 1999/11/24 13:26:22 damien Exp $"); +RCSID("$OpenBSD: crc32.c,v 1.5 2000/06/20 01:39:40 markus Exp $"); #include "crc32.h" @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: crc32.h,v 1.4 2000/04/16 01:18:42 damien Exp $"); */ +/* RCSID("$OpenBSD: crc32.h,v 1.6 2000/06/20 01:39:40 markus Exp $"); */ #ifndef CRC32_H #define CRC32_H @@ -1,5 +1,5 @@ /* - * $Id: deattack.c,v 1.3 1999/11/24 13:26:22 damien Exp $ + * $OpenBSD: deattack.c,v 1.7 2000/06/20 01:39:41 markus Exp $ * Cryptographic attack detector for ssh - source code * * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina. @@ -27,7 +27,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$Id: dispatch.c,v 1.3 2000/04/16 01:18:42 damien Exp $"); +RCSID("$OpenBSD: dispatch.c,v 1.3 2000/06/20 01:39:41 markus Exp $"); #include "ssh.h" #include "dispatch.h" #include "packet.h" @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: dsa.c,v 1.7 2000/05/08 17:42:24 markus Exp $"); +RCSID("$OpenBSD: dsa.c,v 1.9 2000/06/20 01:39:41 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -72,7 +72,7 @@ dsa_key_from_blob( buffer_append(&b, blob, blen); ktype = buffer_get_string(&b, NULL); if (strcmp(KEX_DSS, ktype) != 0) { - error("dsa_key_from_blob: cannot handle type %s", ktype); + error("dsa_key_from_blob: cannot handle type %s", ktype); key_free(key); return NULL; } @@ -197,7 +197,6 @@ dsa_verify( DSA_SIG *sig; EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; - char *ktype; unsigned char *sigblob; char *txt; unsigned int len; @@ -227,14 +226,24 @@ dsa_verify( len = signaturelen; } else { /* ietf-drafts */ + char *ktype; buffer_init(&b); buffer_append(&b, (char *) signature, signaturelen); ktype = buffer_get_string(&b, NULL); + if (strcmp(KEX_DSS, ktype) != 0) { + error("dsa_verify: cannot handle type %s", ktype); + buffer_free(&b); + return -1; + } sigblob = (unsigned char *)buffer_get_string(&b, &len); rlen = buffer_len(&b); - if(rlen != 0) + if(rlen != 0) { error("remaining bytes in signature %d", rlen); + buffer_free(&b); + return -1; + } buffer_free(&b); + xfree(ktype); } if (len != SIGBLOB_LEN) { diff --git a/fingerprint.c b/fingerprint.c index 4b0966d9..801f6a6e 100644 --- a/fingerprint.c +++ b/fingerprint.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: fingerprint.c,v 1.6 2000/04/12 09:39:10 markus Exp $"); +RCSID("$OpenBSD: fingerprint.c,v 1.7 2000/06/20 01:39:41 markus Exp $"); #include "ssh.h" #include "xmalloc.h" diff --git a/fingerprint.h b/fingerprint.h index fbb0d4c4..3d7bcb32 100644 --- a/fingerprint.h +++ b/fingerprint.h @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$Id: fingerprint.h,v 1.3 1999/11/24 16:15:25 markus Exp $"); */ +/* RCSID("$OpenBSD: fingerprint.h,v 1.4 2000/06/20 01:39:41 markus Exp $"); */ #ifndef FINGERPRINT_H #define FINGERPRINT_H @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: getput.h,v 1.3 2000/04/16 01:18:42 damien Exp $"); */ +/* RCSID("$OpenBSD: getput.h,v 1.4 2000/06/20 01:39:41 markus Exp $"); */ #ifndef GETPUT_H #define GETPUT_H @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: hmac.c,v 1.2 2000/04/12 09:39:10 markus Exp $"); +RCSID("$OpenBSD: hmac.c,v 1.3 2000/06/20 01:39:41 markus Exp $"); #include "xmalloc.h" #include "ssh.h" diff -- |