summaryrefslogtreecommitdiff
path: root/compat.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2021-01-27 09:26:53 +0000
committerDamien Miller <djm@mindrot.org>2021-01-27 20:28:25 +1100
commit4ca6a1fac328477c642329676d6469dba59019a3 (patch)
treeac76df599462722785b86d21f2a82f5b7fc8888a /compat.c
parentbba229b6f3328171f5e3ae85de443002523c0452 (diff)
upstream: remove global variable used to stash compat flags and use the
purpose-built ssh->compat variable instead; feedback/ok markus@ OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
Diffstat (limited to 'compat.c')
-rw-r--r--compat.c36
1 files changed, 17 insertions, 19 deletions
diff --git a/compat.c b/compat.c
index a9d46e30..69befa96 100644
--- a/compat.c
+++ b/compat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.116 2020/10/18 11:32:01 djm Exp $ */
+/* $OpenBSD: compat.c,v 1.117 2021/01/27 09:26:54 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
@@ -38,11 +38,9 @@
#include "match.h"
#include "kex.h"
-int datafellows = 0;
-
-/* datafellows bug compatibility */
-u_int
-compat_datafellows(const char *version)
+/* determine bug flags from SSH protocol banner */
+void
+compat_banner(struct ssh *ssh, const char *version)
{
int i;
static struct {
@@ -145,22 +143,22 @@ compat_datafellows(const char *version)
};
/* process table, return first match */
+ ssh->compat = 0;
for (i = 0; check[i].pat; i++) {
if (match_pattern_list(version, check[i].pat, 0) == 1) {
- debug("match: %s pat %s compat 0x%08x",
+ debug_f("match: %s pat %s compat 0x%08x",
version, check[i].pat, check[i].bugs);
- datafellows = check[i].bugs; /* XXX for now */
- return check[i].bugs;
+ ssh->compat = check[i].bugs;
+ return;
}
}
- debug("no match: %s", version);
- return 0;
+ debug_f("no match: %s", version);
}
char *
-compat_cipher_proposal(char *cipher_prop)
+compat_cipher_proposal(struct ssh *ssh, char *cipher_prop)
{
- if (!(datafellows & SSH_BUG_BIGENDIANAES))
+ if (!(ssh->compat & SSH_BUG_BIGENDIANAES))
return cipher_prop;
debug2_f("original cipher proposal: %s", cipher_prop);
if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL)
@@ -172,9 +170,9 @@ compat_cipher_proposal(char *cipher_prop)
}
char *
-compat_pkalg_proposal(char *pkalg_prop)
+compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop)
{
- if (!(datafellows & SSH_BUG_RSASIGMD5))
+ if (!(ssh->compat & SSH_BUG_RSASIGMD5))
return pkalg_prop;
debug2_f("original public key proposal: %s", pkalg_prop);
if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL)
@@ -186,16 +184,16 @@ compat_pkalg_proposal(char *pkalg_prop)
}
char *
-compat_kex_proposal(char *p)
+compat_kex_proposal(struct ssh *ssh, char *p)
{
- if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
+ if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
return p;
debug2_f("original KEX proposal: %s", p);
- if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)
+ if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0)
if ((p = match_filter_denylist(p,
"curve25519-sha256@libssh.org")) == NULL)
fatal("match_filter_denylist failed");
- if ((datafellows & SSH_OLD_DHGEX) != 0) {
+ if ((ssh->compat & SSH_OLD_DHGEX) != 0) {
if ((p = match_filter_denylist(p,
"diffie-hellman-group-exchange-sha256,"
"diffie-hellman-group-exchange-sha1")) == NULL)