Ignore:
Timestamp:
Jan 9, 2017, 11:09:38 AM (2 years ago)
Author:
jrpelegrina
Message:

Update new version: 3.15.02

File:
1 edited

Legend:

Unmodified
Added
Removed
  • filezilla/trunk/fuentes/src/putty/ssh.c

    r130 r3185  
    367367static void ssh2_channel_check_close(struct ssh_channel *c);
    368368static void ssh_channel_destroy(struct ssh_channel *c);
     369static void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin);
    369370
    370371/*
     
    794795    int echoing, editing;
    795796
     797    int session_started;
    796798    void *frontend;
    797799
     
    20172019
    20182020    /*
     2021     * RFC 4253 doesn't explicitly say that completely empty packets
     2022     * with no type byte are forbidden, so treat them as deserving
     2023     * an SSH_MSG_UNIMPLEMENTED.
     2024     */
     2025    if (st->pktin->length <= 5) { /* == 5 we hope, but robustness */
     2026        ssh2_msg_something_unimplemented(ssh, st->pktin);
     2027        crStop(NULL);
     2028    }
     2029    /*
    20192030     * pktin->body and pktin->length should identify the semantic
    20202031     * content of the packet, excluding the initial type byte.
     
    31893200
    31903201    ssh_fix_verstring(verstring + strlen(protoname));
     3202#ifdef FUZZING
     3203    /* FUZZING make PuTTY insecure, so make live use difficult. */
     3204    verstring[0] = 'I';
     3205#endif
    31913206
    31923207    if (ssh->version == 2) {
     
    32373252        crReturn(1);
    32383253    }
     3254
     3255    ssh->session_started = TRUE;
    32393256
    32403257    s->vstrsize = sizeof(protoname) + 16;
     
    36203637{
    36213638    Ssh ssh = (Ssh) plug;
    3622     char addrbuf[256], *msg;
    3623 
    3624     if (ssh->attempting_connshare) {
    3625         /*
    3626          * While we're attempting connection sharing, don't loudly log
    3627          * everything that happens. Real TCP connections need to be
    3628          * logged when we _start_ trying to connect, because it might
    3629          * be ages before they respond if something goes wrong; but
    3630          * connection sharing is local and quick to respond, and it's
    3631          * sufficient to simply wait and see whether it worked
    3632          * afterwards.
    3633          */
    3634     } else {
    3635         sk_getaddr(addr, addrbuf, lenof(addrbuf));
    3636 
    3637         if (type == 0) {
    3638             if (sk_addr_needs_port(addr)) {
    3639                 msg = dupprintf("Connecting to %s port %d", addrbuf, port);
    3640             } else {
    3641                 msg = dupprintf("Connecting to %s", addrbuf);
    3642             }
    3643         } else {
    3644             msg = dupprintf("Failed to connect to %s: %s", addrbuf, error_msg);
    3645         }
    3646 
    3647         logevent(msg);
    3648         sfree(msg);
    3649     }
     3639
     3640    /*
     3641     * While we're attempting connection sharing, don't loudly log
     3642     * everything that happens. Real TCP connections need to be logged
     3643     * when we _start_ trying to connect, because it might be ages
     3644     * before they respond if something goes wrong; but connection
     3645     * sharing is local and quick to respond, and it's sufficient to
     3646     * simply wait and see whether it worked afterwards.
     3647     */
     3648
     3649    if (!ssh->attempting_connshare)
     3650        backend_socket_log(ssh->frontend, type, addr, port,
     3651                           error_msg, error_code, ssh->conf,
     3652                           ssh->session_started);
    36503653}
    36513654
     
    37743777    int ret;
    37753778
     3779    random_ref(); /* platform may need this to determine share socket name */
    37763780    ssh_hostport_setup(host, port, conf, &savedhost, &savedport, NULL);
    37773781    ret = ssh_share_test_for_upstream(savedhost, savedport, conf);
    37783782    sfree(savedhost);
     3783    random_unref();
    37793784
    37803785    return ret;
     
    38403845         */
    38413846        addressfamily = conf_get_int(ssh->conf, CONF_addressfamily);
    3842         logeventf(ssh, "Looking up host \"%s\"%s", host,
    3843                   (addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" :
    3844                    (addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" : "")));
    3845         addr = name_lookup(host, port, realhost, ssh->conf, addressfamily);
     3847        addr = name_lookup(host, port, realhost, ssh->conf, addressfamily,
     3848                           ssh->frontend, "SSH connection");
    38463849        if ((err = sk_addr_error(addr)) != NULL) {
    38473850            sk_addr_free(addr);
     
    42204223                                            ssh_dialog_callback, ssh);
    42214224            sfree(keystr);
     4225#ifdef FUZZING
     4226            s->dlgret = 1;
     4227#endif
    42224228            if (s->dlgret < 0) {
    42234229                do {
     
    66576663        for (k = KEXLIST_CSCIPHER; k <= KEXLIST_SCCIPHER; k++) {
    66586664            warn = FALSE;
     6665#ifdef FUZZING
     6666            alg = ssh2_kexinit_addalg(s->kexlists[k], "none");
     6667            alg->u.cipher.cipher = NULL;
     6668            alg->u.cipher.warn = warn;
     6669#endif /* FUZZING */
    66596670            for (i = 0; i < s->n_preferred_ciphers; i++) {
    66606671                const struct ssh2_ciphers *c = s->preferred_ciphers[i];
     
    66706681        /* List MAC algorithms (client->server then server->client). */
    66716682        for (j = KEXLIST_CSMAC; j <= KEXLIST_SCMAC; j++) {
     6683#ifdef FUZZING
     6684            alg = ssh2_kexinit_addalg(s->kexlists[j], "none");
     6685            alg->u.mac.mac = NULL;
     6686            alg->u.mac.etm = FALSE;
     6687#endif /* FUZZING */
    66726688            for (i = 0; i < s->nmacs; i++) {
    66736689                alg = ssh2_kexinit_addalg(s->kexlists[j], s->maclist[i]->name);
     
    69426958            int csbits, scbits;
    69436959
    6944             csbits = s->cscipher_tobe->real_keybits;
    6945             scbits = s->sccipher_tobe->real_keybits;
     6960            csbits = s->cscipher_tobe ? s->cscipher_tobe->real_keybits : 0;
     6961            scbits = s->sccipher_tobe ? s->sccipher_tobe->real_keybits : 0;
    69466962            s->nbits = (csbits > scbits ? csbits : scbits);
    69476963        }
     
    72867302#endif
    72877303
    7288     if (!s->hkey ||
    7289         !ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen,
     7304    if (!s->hkey) {
     7305        bombout(("Server's host key is invalid"));
     7306        crStopV;
     7307    }
     7308
     7309    if (!ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen,
    72907310                                 (char *)s->exchange_hash,
    72917311                                 ssh->kex->hash->hlen)) {
     7312#ifndef FUZZING
    72927313        bombout(("Server's host key did not match the signature supplied"));
    72937314        crStopV;
     7315#endif
    72947316    }
    72957317
     
    73177339                                            s->fingerprint,
    73187340                                            ssh_dialog_callback, ssh);
     7341#ifdef FUZZING
     7342            s->dlgret = 1;
     7343#endif
    73197344            if (s->dlgret < 0) {
    73207345                do {
     
    73497374         */
    73507375        if (strcmp(ssh->hostkey_str, s->keystr)) {
     7376#ifndef FUZZING
    73517377            bombout(("Host key was different in repeat key exchange"));
    73527378            crStopV;
     7379#endif
    73537380        }
    73547381        sfree(s->keystr);
     
    73847411        ssh->cscipher->free_context(ssh->cs_cipher_ctx);
    73857412    ssh->cscipher = s->cscipher_tobe;
    7386     ssh->cs_cipher_ctx = ssh->cscipher->make_context();
     7413    if (ssh->cscipher) ssh->cs_cipher_ctx = ssh->cscipher->make_context();
    73877414
    73887415    if (ssh->cs_mac_ctx)
     
    73907417    ssh->csmac = s->csmac_tobe;
    73917418    ssh->csmac_etm = s->csmac_etm_tobe;
    7392     ssh->cs_mac_ctx = ssh->csmac->make_context(ssh->cs_cipher_ctx);
     7419    if (ssh->csmac)
     7420        ssh->cs_mac_ctx = ssh->csmac->make_context(ssh->cs_cipher_ctx);
    73937421
    73947422    if (ssh->cs_comp_ctx)
     
    74017429     * hash from the _first_ key exchange.
    74027430     */
    7403     {
     7431    if (ssh->cscipher) {
    74047432        unsigned char *key;
    74057433
     
    74157443        smemclr(key, ssh->cscipher->blksize);
    74167444        sfree(key);
     7445    }
     7446    if (ssh->csmac) {
     7447        unsigned char *key;
    74177448
    74187449        key = ssh2_mkkey(ssh, s->K, s->exchange_hash, 'E',
     
    74237454    }
    74247455
    7425     fzprintf(sftpCipherClientToServer, ssh->cscipher->text_name);
    7426     fzprintf(sftpMacClientToServer, ssh->csmac_etm ? "%s (in ETM mode)" : "%s", ssh->csmac->text_name);
    7427     logeventf(ssh, "Initialised %.200s client->server encryption",
    7428               ssh->cscipher->text_name);
    7429     logeventf(ssh, "Initialised %.200s client->server MAC algorithm%s%s",
    7430               ssh->csmac->text_name,
    7431               ssh->csmac_etm ? " (in ETM mode)" : "",
    7432               ssh->cscipher->required_mac ? " (required by cipher)" : "");
     7456    if (ssh->cscipher) {
     7457        fzprintf(sftpCipherClientToServer, ssh->cscipher->text_name);
     7458        logeventf(ssh, "Initialised %.200s client->server encryption",
     7459                  ssh->cscipher->text_name);
     7460    }
     7461    if (ssh->csmac) {
     7462        fzprintf(sftpMacClientToServer, ssh->csmac_etm ? "%s (in ETM mode)" : "%s", ssh->csmac->text_name);
     7463        logeventf(ssh, "Initialised %.200s client->server MAC algorithm%s%s",
     7464                  ssh->csmac->text_name,
     7465                  ssh->csmac_etm ? " (in ETM mode)" : "",
     7466                  ssh->cscipher->required_mac ? " (required by cipher)" : "");
     7467    }
    74337468    if (ssh->cscomp->text_name)
    74347469        logeventf(ssh, "Initialised %s compression",
     
    74587493    if (ssh->sc_cipher_ctx)
    74597494        ssh->sccipher->free_context(ssh->sc_cipher_ctx);
    7460     ssh->sccipher = s->sccipher_tobe;
    7461     ssh->sc_cipher_ctx = ssh->sccipher->make_context();
     7495    if (s->sccipher_tobe) {
     7496        ssh->sccipher = s->sccipher_tobe;
     7497        ssh->sc_cipher_ctx = ssh->sccipher->make_context();
     7498    }
    74627499
    74637500    if (ssh->sc_mac_ctx)
    74647501        ssh->scmac->free_context(ssh->sc_mac_ctx);
    7465     ssh->scmac = s->scmac_tobe;
    7466     ssh->scmac_etm = s->scmac_etm_tobe;
    7467     ssh->sc_mac_ctx = ssh->scmac->make_context(ssh->sc_cipher_ctx);
     7502    if (s->scmac_tobe) {
     7503        ssh->scmac = s->scmac_tobe;
     7504        ssh->scmac_etm = s->scmac_etm_tobe;
     7505        ssh->sc_mac_ctx = ssh->scmac->make_context(ssh->sc_cipher_ctx);
     7506    }
    74687507
    74697508    if (ssh->sc_comp_ctx)
     
    74767515     * hash from the _first_ key exchange.
    74777516     */
    7478     {
     7517    if (ssh->sccipher) {
    74797518        unsigned char *key;
    74807519
     
    74907529        smemclr(key, ssh->sccipher->blksize);
    74917530        sfree(key);
     7531    }
     7532    if (ssh->scmac) {
     7533        unsigned char *key;
    74927534
    74937535        key = ssh2_mkkey(ssh, s->K, s->exchange_hash, 'F',
     
    74977539        sfree(key);
    74987540    }
    7499     fzprintf(sftpCipherServerToClient, ssh->sccipher->text_name);
    7500     fzprintf(sftpMacServerToClient, ssh->scmac_etm ? "%s (in ETM mode)" : "%s", ssh->scmac->text_name);
    7501     logeventf(ssh, "Initialised %.200s server->client encryption",
    7502               ssh->sccipher->text_name);
    7503     logeventf(ssh, "Initialised %.200s server->client MAC algorithm%s%s",
    7504               ssh->scmac->text_name,
    7505               ssh->scmac_etm ? " (in ETM mode)" : "",
    7506               ssh->sccipher->required_mac ? " (required by cipher)" : "");
     7541    if (ssh->sccipher) {
     7542        fzprintf(sftpCipherServerToClient, ssh->sccipher->text_name);
     7543        logeventf(ssh, "Initialised %.200s server->client encryption",
     7544                  ssh->sccipher->text_name);
     7545    }
     7546    if (ssh->scmac) {
     7547        fzprintf(sftpMacServerToClient, ssh->scmac_etm ? "%s (in ETM mode)" : "%s", ssh->scmac->text_name);
     7548        logeventf(ssh, "Initialised %.200s server->client MAC algorithm%s%s",
     7549                  ssh->scmac->text_name,
     7550                  ssh->scmac_etm ? " (in ETM mode)" : "",
     7551                  ssh->sccipher->required_mac ? " (required by cipher)" : "");
     7552    }
    75077553    if (ssh->sccomp->text_name)
    75087554        logeventf(ssh, "Initialised %s decompression",
     
    1134211388    ssh->connshare = NULL;
    1134311389    ssh->attempting_connshare = FALSE;
     11390    ssh->session_started = FALSE;
    1134411391
    1134511392    *backend_handle = ssh;
Note: See TracChangeset for help on using the changeset viewer.