compat.c (76262) | compat.c (92559) |
---|---|
1/* | 1/* |
2 * Copyright (c) 1999,2000 Markus Friedl. All rights reserved. | 2 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. |
3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the --- 7 unchanged lines hidden (view full) --- 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 25#include "includes.h" | 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the --- 7 unchanged lines hidden (view full) --- 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 25#include "includes.h" |
26RCSID("$FreeBSD: head/crypto/openssh/compat.c 76262 2001-05-04 04:14:23Z green $"); 27RCSID("$OpenBSD: compat.c,v 1.47 2001/04/18 23:43:25 markus Exp $"); | 26RCSID("$OpenBSD: compat.c,v 1.61 2002/03/06 00:24:39 markus Exp $"); 27RCSID("$FreeBSD: head/crypto/openssh/compat.c 92559 2002-03-18 10:09:43Z des $"); |
28 | 28 |
29#include <regex.h> 30 | 29#include "buffer.h" |
31#include "packet.h" 32#include "xmalloc.h" 33#include "compat.h" 34#include "log.h" | 30#include "packet.h" 31#include "xmalloc.h" 32#include "compat.h" 33#include "log.h" |
34#include "match.h" |
|
35 36int compat13 = 0; 37int compat20 = 0; 38int datafellows = 0; 39 40void 41enable_compat20(void) 42{ --- 5 unchanged lines hidden (view full) --- 48{ 49 verbose("Enabling compatibility mode for protocol 1.3"); 50 compat13 = 1; 51} 52/* datafellows bug compatibility */ 53void 54compat_datafellows(const char *version) 55{ | 35 36int compat13 = 0; 37int compat20 = 0; 38int datafellows = 0; 39 40void 41enable_compat20(void) 42{ --- 5 unchanged lines hidden (view full) --- 48{ 49 verbose("Enabling compatibility mode for protocol 1.3"); 50 compat13 = 1; 51} 52/* datafellows bug compatibility */ 53void 54compat_datafellows(const char *version) 55{ |
56 int i, ret; 57 char ebuf[1024]; 58 regex_t reg; | 56 int i; |
59 static struct { 60 char *pat; 61 int bugs; 62 } check[] = { | 57 static struct { 58 char *pat; 59 int bugs; 60 } check[] = { |
63 { "^OpenSSH[-_]2\\.[012]", 64 SSH_OLD_SESSIONID|SSH_BUG_BANNER| | 61 { "OpenSSH-2.0*," 62 "OpenSSH-2.1*," 63 "OpenSSH_2.1*," 64 "OpenSSH_2.2*", SSH_OLD_SESSIONID|SSH_BUG_BANNER| |
65 SSH_OLD_DHGEX|SSH_BUG_NOREKEY }, | 65 SSH_OLD_DHGEX|SSH_BUG_NOREKEY }, |
66 { "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES| | 66 { "OpenSSH_2.3.0*", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES| |
67 SSH_OLD_DHGEX|SSH_BUG_NOREKEY}, | 67 SSH_OLD_DHGEX|SSH_BUG_NOREKEY}, |
68 { "^OpenSSH_2\\.3\\.", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| | 68 { "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| |
69 SSH_BUG_NOREKEY}, | 69 SSH_BUG_NOREKEY}, |
70 { "^OpenSSH_2\\.5\\.[01]p1", | 70 { "OpenSSH_2.5.0p1*," 71 "OpenSSH_2.5.1p1*", |
71 SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| 72 SSH_BUG_NOREKEY }, | 72 SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| 73 SSH_BUG_NOREKEY }, |
73 { "^OpenSSH_2\\.5\\.[012]", 74 SSH_OLD_DHGEX|SSH_BUG_NOREKEY }, 75 { "^OpenSSH_2\\.5\\.3", 76 SSH_BUG_NOREKEY }, 77 { "^OpenSSH", 0 }, 78 { "MindTerm", 0 }, 79 { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 74 { "OpenSSH_2.5.0*," 75 "OpenSSH_2.5.1*," 76 "OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY }, 77 { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY }, 78 { "Sun_SSH_1.0*", SSH_BUG_NOREKEY }, 79 { "OpenSSH*", 0 }, 80 { "*MindTerm*", 0 }, 81 { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
80 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 81 SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, | 82 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 83 SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, |
82 { "^2\\.1 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 84 { "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
83 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 84 SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, | 85 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 86 SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, |
85 { "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 87 { "2.0.13*," 88 "2.0.14*," 89 "2.0.15*," 90 "2.0.16*," 91 "2.0.17*," 92 "2.0.18*," 93 "2.0.19*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
86 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 87 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| 88 SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| | 94 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 95 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| 96 SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| |
89 SSH_BUG_HBSERVICE }, 90 { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 97 SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE| 98 SSH_BUG_DUMMYCHAN }, 99 { "2.0.11*," 100 "2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
91 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 92 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| 93 SSH_BUG_PKAUTH|SSH_BUG_PKOK| | 101 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 102 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| 103 SSH_BUG_PKAUTH|SSH_BUG_PKOK| |
104 SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| 105 SSH_BUG_DUMMYCHAN }, 106 { "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| 107 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 108 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| 109 SSH_BUG_PKAUTH|SSH_BUG_PKOK| 110 SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| 111 SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN }, 112 { "2.2.0*," 113 "2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG| |
|
94 SSH_BUG_RSASIGMD5 }, | 114 SSH_BUG_RSASIGMD5 }, |
95 { "^2\\.[23]\\.0", SSH_BUG_HMAC|SSH_BUG_RSASIGMD5 }, 96 { "^2\\.3\\.", SSH_BUG_RSASIGMD5 }, 97 { "^2\\.[2-9]\\.", 0 }, 98 { "^2\\.4$", SSH_OLD_SESSIONID }, /* Van Dyke */ 99 { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID }, 100 { "^1\\.7 SecureFX", SSH_OLD_SESSIONID }, 101 { "^1\\.2\\.1[89]", SSH_BUG_IGNOREMSG }, 102 { "^1\\.2\\.2[012]", SSH_BUG_IGNOREMSG }, 103 { "^1\\.3\\.2", SSH_BUG_IGNOREMSG }, /* f-secure */ 104 { "^SSH Compatible Server", /* Netscreen */ | 115 { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5 }, 116 { "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */ 117 { "2.*", SSH_BUG_DEBUG }, 118 { "3.0.*", SSH_BUG_DEBUG }, 119 { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, 120 { "1.7 SecureFX*", SSH_OLD_SESSIONID }, 121 { "1.2.18*," 122 "1.2.19*," 123 "1.2.20*," 124 "1.2.21*," 125 "1.2.22*", SSH_BUG_IGNOREMSG }, 126 { "1.3.2*", SSH_BUG_IGNOREMSG }, /* f-secure */ 127 { "*SSH Compatible Server*", /* Netscreen */ |
105 SSH_BUG_PASSWORDPAD }, | 128 SSH_BUG_PASSWORDPAD }, |
106 { "^OSU_0", SSH_BUG_PASSWORDPAD }, 107 { "^OSU_1\\.[0-4]", SSH_BUG_PASSWORDPAD }, 108 { "^OSU_1\\.5alpha[1-3]", 109 SSH_BUG_PASSWORDPAD }, 110 { "^SSH_Version_Mapper", | 129 { "*OSU_0*," 130 "OSU_1.0*," 131 "OSU_1.1*," 132 "OSU_1.2*," 133 "OSU_1.3*," 134 "OSU_1.4*," 135 "OSU_1.5alpha1*," 136 "OSU_1.5alpha2*," 137 "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD }, 138 { "*SSH_Version_Mapper*", |
111 SSH_BUG_SCANNER }, 112 { NULL, 0 } 113 }; | 139 SSH_BUG_SCANNER }, 140 { NULL, 0 } 141 }; |
142 |
|
114 /* process table, return first match */ 115 for (i = 0; check[i].pat; i++) { | 143 /* process table, return first match */ 144 for (i = 0; check[i].pat; i++) { |
116 ret = regcomp(®, check[i].pat, REG_EXTENDED|REG_NOSUB); 117 if (ret != 0) { 118 regerror(ret, ®, ebuf, sizeof(ebuf)); 119 ebuf[sizeof(ebuf)-1] = '\0'; 120 error("regerror: %s", ebuf); 121 continue; 122 } 123 ret = regexec(®, version, 0, NULL, 0); 124 regfree(®); 125 if (ret == 0) { | 145 if (match_pattern_list(version, check[i].pat, 146 strlen(check[i].pat), 0) == 1) { |
126 debug("match: %s pat %s", version, check[i].pat); 127 datafellows = check[i].bugs; 128 return; 129 } 130 } 131 debug("no match: %s", version); 132} 133 134#define SEP "," 135int 136proto_spec(const char *spec) 137{ 138 char *s, *p, *q; 139 int ret = SSH_PROTO_UNKNOWN; 140 141 if (spec == NULL) 142 return ret; 143 q = s = xstrdup(spec); 144 for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) { | 147 debug("match: %s pat %s", version, check[i].pat); 148 datafellows = check[i].bugs; 149 return; 150 } 151 } 152 debug("no match: %s", version); 153} 154 155#define SEP "," 156int 157proto_spec(const char *spec) 158{ 159 char *s, *p, *q; 160 int ret = SSH_PROTO_UNKNOWN; 161 162 if (spec == NULL) 163 return ret; 164 q = s = xstrdup(spec); 165 for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) { |
145 switch(atoi(p)) { | 166 switch (atoi(p)) { |
146 case 1: 147 if (ret == SSH_PROTO_UNKNOWN) 148 ret |= SSH_PROTO_1_PREFERRED; 149 ret |= SSH_PROTO_1; 150 break; 151 case 2: 152 ret |= SSH_PROTO_2; 153 break; --- 4 unchanged lines hidden (view full) --- 158 } 159 xfree(s); 160 return ret; 161} 162 163char * 164compat_cipher_proposal(char *cipher_prop) 165{ | 167 case 1: 168 if (ret == SSH_PROTO_UNKNOWN) 169 ret |= SSH_PROTO_1_PREFERRED; 170 ret |= SSH_PROTO_1; 171 break; 172 case 2: 173 ret |= SSH_PROTO_2; 174 break; --- 4 unchanged lines hidden (view full) --- 179 } 180 xfree(s); 181 return ret; 182} 183 184char * 185compat_cipher_proposal(char *cipher_prop) 186{ |
187 Buffer b; |
|
166 char *orig_prop, *fix_ciphers; 167 char *cp, *tmp; | 188 char *orig_prop, *fix_ciphers; 189 char *cp, *tmp; |
168 size_t len; | |
169 170 if (!(datafellows & SSH_BUG_BIGENDIANAES)) 171 return(cipher_prop); 172 | 190 191 if (!(datafellows & SSH_BUG_BIGENDIANAES)) 192 return(cipher_prop); 193 |
173 len = strlen(cipher_prop) + 1; 174 fix_ciphers = xmalloc(len); 175 *fix_ciphers = '\0'; | 194 buffer_init(&b); |
176 tmp = orig_prop = xstrdup(cipher_prop); | 195 tmp = orig_prop = xstrdup(cipher_prop); |
177 while((cp = strsep(&tmp, ",")) != NULL) { 178 if (strncmp(cp, "aes", 3) && strncmp(cp, "rijndael", 8)) { 179 if (*fix_ciphers) 180 strlcat(fix_ciphers, ",", len); 181 strlcat(fix_ciphers, cp, len); | 196 while ((cp = strsep(&tmp, ",")) != NULL) { 197 if (strncmp(cp, "aes", 3) != 0) { 198 if (buffer_len(&b) > 0) 199 buffer_append(&b, ",", 1); 200 buffer_append(&b, cp, strlen(cp)); |
182 } 183 } | 201 } 202 } |
203 buffer_append(&b, "\0", 1); 204 fix_ciphers = xstrdup(buffer_ptr(&b)); 205 buffer_free(&b); |
|
184 xfree(orig_prop); 185 debug2("Original cipher proposal: %s", cipher_prop); 186 debug2("Compat cipher proposal: %s", fix_ciphers); 187 if (!*fix_ciphers) 188 fatal("No available ciphers found."); 189 190 return(fix_ciphers); 191} | 206 xfree(orig_prop); 207 debug2("Original cipher proposal: %s", cipher_prop); 208 debug2("Compat cipher proposal: %s", fix_ciphers); 209 if (!*fix_ciphers) 210 fatal("No available ciphers found."); 211 212 return(fix_ciphers); 213} |