| version 1.116, 2020/10/18 11:32:01 |
version 1.117, 2021/01/27 09:26:54 |
|
|
| #include "match.h" |
#include "match.h" |
| #include "kex.h" |
#include "kex.h" |
| |
|
| int datafellows = 0; |
/* determine bug flags from SSH protocol banner */ |
| |
void |
| /* datafellows bug compatibility */ |
compat_banner(struct ssh *ssh, const char *version) |
| u_int |
|
| compat_datafellows(const char *version) |
|
| { |
{ |
| int i; |
int i; |
| static struct { |
static struct { |
|
|
| }; |
}; |
| |
|
| /* process table, return first match */ |
/* process table, return first match */ |
| |
ssh->compat = 0; |
| for (i = 0; check[i].pat; i++) { |
for (i = 0; check[i].pat; i++) { |
| if (match_pattern_list(version, check[i].pat, 0) == 1) { |
if (match_pattern_list(version, check[i].pat, 0) == 1) { |
| debug("match: %s pat %s compat 0x%08x", |
debug_f("match: %s pat %s compat 0x%08x", |
| version, check[i].pat, check[i].bugs); |
version, check[i].pat, check[i].bugs); |
| datafellows = check[i].bugs; /* XXX for now */ |
ssh->compat = check[i].bugs; |
| return check[i].bugs; |
return; |
| } |
} |
| } |
} |
| debug("no match: %s", version); |
debug_f("no match: %s", version); |
| return 0; |
|
| } |
} |
| |
|
| char * |
char * |
| compat_cipher_proposal(char *cipher_prop) |
compat_cipher_proposal(struct ssh *ssh, char *cipher_prop) |
| { |
{ |
| if (!(datafellows & SSH_BUG_BIGENDIANAES)) |
if (!(ssh->compat & SSH_BUG_BIGENDIANAES)) |
| return cipher_prop; |
return cipher_prop; |
| debug2_f("original cipher proposal: %s", cipher_prop); |
debug2_f("original cipher proposal: %s", cipher_prop); |
| if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL) |
if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL) |
|
|
| } |
} |
| |
|
| char * |
char * |
| compat_pkalg_proposal(char *pkalg_prop) |
compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop) |
| { |
{ |
| if (!(datafellows & SSH_BUG_RSASIGMD5)) |
if (!(ssh->compat & SSH_BUG_RSASIGMD5)) |
| return pkalg_prop; |
return pkalg_prop; |
| debug2_f("original public key proposal: %s", pkalg_prop); |
debug2_f("original public key proposal: %s", pkalg_prop); |
| if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL) |
if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL) |
|
|
| } |
} |
| |
|
| char * |
char * |
| compat_kex_proposal(char *p) |
compat_kex_proposal(struct ssh *ssh, char *p) |
| { |
{ |
| if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) |
if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) |
| return p; |
return p; |
| debug2_f("original KEX proposal: %s", p); |
debug2_f("original KEX proposal: %s", p); |
| if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) |
if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0) |
| if ((p = match_filter_denylist(p, |
if ((p = match_filter_denylist(p, |
| "curve25519-sha256@libssh.org")) == NULL) |
"curve25519-sha256@libssh.org")) == NULL) |
| fatal("match_filter_denylist failed"); |
fatal("match_filter_denylist failed"); |
| if ((datafellows & SSH_OLD_DHGEX) != 0) { |
if ((ssh->compat & SSH_OLD_DHGEX) != 0) { |
| if ((p = match_filter_denylist(p, |
if ((p = match_filter_denylist(p, |
| "diffie-hellman-group-exchange-sha256," |
"diffie-hellman-group-exchange-sha256," |
| "diffie-hellman-group-exchange-sha1")) == NULL) |
"diffie-hellman-group-exchange-sha1")) == NULL) |
![[BACK]](/icons/back.gif){kind=icon}
Return to compat.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh