summaryrefslogtreecommitdiff
path: root/sshconnect.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2000-04-16 11:18:38 +1000
committerDamien Miller <djm@mindrot.org>2000-04-16 11:18:38 +1000
commit4af51306d9a51459a5bef922df1037f876ae51fe (patch)
tree09ecfc215fce82345a3259f8a0f384b9a67906f0 /sshconnect.c
parent5d1705ecf9bd3216dc99a84242bcdf2e7297d307 (diff)
- OpenBSD CVS updates.
[ssh.1 ssh.c] - ssh -2 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c] [session.c sshconnect.c] - check payload for (illegal) extra data [ALL] - whitespace cleanup
Diffstat (limited to 'sshconnect.c')
-rw-r--r--sshconnect.c56
1 files changed, 34 insertions, 22 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 675de610..bca0bf43 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.66 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.68 2000/04/14 10:30:33 markus Exp $");
#ifdef HAVE_OPENSSL
#include <openssl/bn.h>
@@ -250,7 +250,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
debug("Trying again...");
/* Loop through addresses for this host, and try each one in
- sequence until the connection succeeds. */
+ sequence until the connection succeeds. */
for (ai = aitop; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
continue;
@@ -264,7 +264,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
host, ntop, strport);
/* Create a socket for connecting. */
- sock = ssh_create_socket(original_real_uid,
+ sock = ssh_create_socket(original_real_uid,
!anonymous && geteuid() == 0 && port < IPPORT_RESERVED,
ai->ai_family);
if (sock < 0)
@@ -1059,7 +1059,7 @@ ssh_exchange_identification()
break;
}
/* FALLTHROUGH */
- default:
+ default:
mismatch = 1;
break;
}
@@ -1363,13 +1363,13 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
debug("Sending KEX init.");
if (options.ciphers != NULL) {
- myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
} else if (
options.cipher == SSH_CIPHER_ARCFOUR ||
- options.cipher == SSH_CIPHER_3DES_CBC ||
- options.cipher == SSH_CIPHER_CAST128_CBC ||
- options.cipher == SSH_CIPHER_BLOWFISH_CBC) {
+ options.cipher == SSH_CIPHER_3DES_CBC ||
+ options.cipher == SSH_CIPHER_CAST128_CBC ||
+ options.cipher == SSH_CIPHER_BLOWFISH_CBC) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher);
}
@@ -1411,6 +1411,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
debug("first kex follow == %d", i);
i = packet_get_int();
debug("reserved == %d", i);
+ packet_done();
debug("done read kexinit");
kex = kex_choose_conf(cprop, sprop, 0);
@@ -1434,7 +1435,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
fprintf(stderr, "\npub= ");
bignum_print(dh->pub_key);
fprintf(stderr, "\n");
- DHparams_print_fp(stderr, dh);
+ DHparams_print_fp(stderr, dh);
#endif
debug("Wait SSH2_MSG_KEXDH_REPLY.");
@@ -1466,6 +1467,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
/* signed H */
signature = packet_get_string(&slen);
+ packet_done();
if (!dh_pub_is_valid(dh, dh_server_pub))
packet_disconnect("bad server public DH value");
@@ -1475,14 +1477,14 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
kout = DH_compute_key(kbuf, dh_server_pub, dh);
#ifdef DEBUG_KEXDH
debug("shared secret: len %d/%d", klen, kout);
- fprintf(stderr, "shared secret == ");
- for (i = 0; i< kout; i++)
- fprintf(stderr, "%02x", (kbuf[i])&0xff);
- fprintf(stderr, "\n");
+ fprintf(stderr, "shared secret == ");
+ for (i = 0; i< kout; i++)
+ fprintf(stderr, "%02x", (kbuf[i])&0xff);
+ fprintf(stderr, "\n");
#endif
- shared_secret = BN_new();
+ shared_secret = BN_new();
- BN_bin2bn(kbuf, kout, shared_secret);
+ BN_bin2bn(kbuf, kout, shared_secret);
memset(kbuf, 0, klen);
xfree(kbuf);
@@ -1502,10 +1504,10 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
xfree(client_kexinit);
xfree(server_kexinit);
#ifdef DEBUG_KEXDH
- fprintf(stderr, "hash == ");
- for (i = 0; i< 20; i++)
- fprintf(stderr, "%02x", (hash[i])&0xff);
- fprintf(stderr, "\n");
+ fprintf(stderr, "hash == ");
+ for (i = 0; i< 20; i++)
+ fprintf(stderr, "%02x", (hash[i])&0xff);
+ fprintf(stderr, "\n");
#endif
dsa_verify(server_host_key, (unsigned char *)signature, slen, hash, 20);
key_free(server_host_key);
@@ -1518,6 +1520,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
debug("Wait SSH2_MSG_NEWKEYS.");
packet_read_expect(&payload_len, SSH2_MSG_NEWKEYS);
+ packet_done();
debug("GOT SSH2_MSG_NEWKEYS.");
debug("send SSH2_MSG_NEWKEYS.");
@@ -1551,7 +1554,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
char *server_user, *local_user;
char *auths;
char *password;
- char *service = "ssh-connection"; // service name
+ char *service = "ssh-connection"; /* service name */
debug("send SSH2_MSG_SERVICE_REQUEST");
packet_start(SSH2_MSG_SERVICE_REQUEST);
@@ -1563,8 +1566,15 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
if (type != SSH2_MSG_SERVICE_ACCEPT) {
fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
}
- /* payload empty for ssh-2.0.13 ?? */
- /* reply = packet_get_string(&payload_len); */
+ if (packet_remaining() > 0) {
+ char *reply = packet_get_string(&plen);
+ debug("service_accept: %s", reply);
+ xfree(reply);
+ } else {
+ /* payload empty for ssh-2.0.13 ?? */
+ log("buggy server: service_accept w/o service");
+ }
+ packet_done();
debug("got SSH2_MSG_SERVICE_ACCEPT");
/*XX COMMONCODE: */
@@ -1593,6 +1603,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
auths = packet_get_string(&dlen);
debug("authentications that can continue: %s", auths);
partial = packet_get_char();
+ packet_done();
if (partial)
debug("partial success");
if (strstr(auths, "password") == NULL)
@@ -1613,6 +1624,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
packet_send();
packet_write_wait();
}
+ packet_done();
debug("ssh-userauth2 successfull");
}