Annotation of src/usr.bin/ssh/compat.c, Revision 1.110
1.110 ! djm 1: /* $OpenBSD: compat.c,v 1.109 2018/07/03 11:42:12 djm Exp $ */
1.5 markus 2: /*
1.61 markus 3: * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
1.5 markus 4: *
5: * Redistribution and use in source and binary forms, with or without
6: * modification, are permitted provided that the following conditions
7: * are met:
8: * 1. Redistributions of source code must retain the above copyright
9: * notice, this list of conditions and the following disclaimer.
10: * 2. Redistributions in binary form must reproduce the above copyright
11: * notice, this list of conditions and the following disclaimer in the
12: * documentation and/or other materials provided with the distribution.
13: *
14: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24: */
25:
1.76 deraadt 26: #include <sys/types.h>
1.74 stevesk 27:
1.75 stevesk 28: #include <stdlib.h>
1.74 stevesk 29: #include <string.h>
1.76 deraadt 30: #include <stdarg.h>
1.2 markus 31:
1.76 deraadt 32: #include "xmalloc.h"
1.57 markus 33: #include "buffer.h"
1.6 markus 34: #include "packet.h"
1.10 markus 35: #include "compat.h"
1.34 markus 36: #include "log.h"
1.55 markus 37: #include "match.h"
1.100 djm 38: #include "kex.h"
1.1 markus 39:
1.6 markus 40: int datafellows = 0;
1.4 markus 41:
1.6 markus 42: /* datafellows bug compatibility */
1.87 markus 43: u_int
1.6 markus 44: compat_datafellows(const char *version)
45: {
1.55 markus 46: int i;
1.24 markus 47: static struct {
48: char *pat;
1.13 markus 49: int bugs;
50: } check[] = {
1.62 markus 51: { "OpenSSH_2.*,"
52: "OpenSSH_3.0*,"
1.108 djm 53: "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR|
54: SSH_BUG_SIGTYPE},
55: { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR|SSH_BUG_SIGTYPE },
56: { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
57: SSH_BUG_SIGTYPE},
1.105 djm 58: { "OpenSSH_2*,"
59: "OpenSSH_3*,"
1.108 djm 60: "OpenSSH_4*", SSH_BUG_SIGTYPE },
61: { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT|
62: SSH_BUG_SIGTYPE},
63: { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE},
1.83 djm 64: { "OpenSSH_6.5*,"
1.108 djm 65: "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD|
66: SSH_BUG_SIGTYPE},
67: { "OpenSSH_7.0*,"
68: "OpenSSH_7.1*,"
69: "OpenSSH_7.2*,"
70: "OpenSSH_7.3*,"
71: "OpenSSH_7.4*,"
72: "OpenSSH_7.5*,"
1.109 djm 73: "OpenSSH_7.6*,"
74: "OpenSSH_7.7*", SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE},
1.78 markus 75: { "OpenSSH*", SSH_NEW_OPENSSH },
1.55 markus 76: { "*MindTerm*", 0 },
77: { "3.0.*", SSH_BUG_DEBUG },
78: { "3.0 SecureCRT*", SSH_OLD_SESSIONID },
79: { "1.7 SecureFX*", SSH_OLD_SESSIONID },
80: { "1.2.18*,"
81: "1.2.19*,"
82: "1.2.20*,"
83: "1.2.21*,"
1.69 markus 84: "1.2.22*", SSH_BUG_IGNOREMSG },
1.63 markus 85: { "1.3.2*", /* F-Secure */
1.69 markus 86: SSH_BUG_IGNOREMSG },
1.96 djm 87: { "Cisco-1.*", SSH_BUG_DHGEX_LARGE|
88: SSH_BUG_HOSTKEYS },
1.55 markus 89: { "*SSH Compatible Server*", /* Netscreen */
1.38 deraadt 90: SSH_BUG_PASSWORDPAD },
1.56 deraadt 91: { "*OSU_0*,"
1.55 markus 92: "OSU_1.0*,"
93: "OSU_1.1*,"
94: "OSU_1.2*,"
95: "OSU_1.3*,"
96: "OSU_1.4*,"
97: "OSU_1.5alpha1*,"
98: "OSU_1.5alpha2*,"
99: "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD },
100: { "*SSH_Version_Mapper*",
1.39 deraadt 101: SSH_BUG_SCANNER },
1.95 dtucker 102: { "PuTTY_Local:*," /* dev versions < Sep 2014 */
103: "PuTTY-Release-0.5*," /* 0.50-0.57, DH-GEX in >=0.52 */
1.93 dtucker 104: "PuTTY_Release_0.5*," /* 0.58-0.59 */
105: "PuTTY_Release_0.60*,"
106: "PuTTY_Release_0.61*,"
107: "PuTTY_Release_0.62*,"
108: "PuTTY_Release_0.63*,"
109: "PuTTY_Release_0.64*",
110: SSH_OLD_DHGEX },
1.97 djm 111: { "FuTTY*", SSH_OLD_DHGEX }, /* Putty Fork */
1.65 mickey 112: { "Probe-*",
113: SSH_BUG_PROBE },
1.89 dtucker 114: { "TeraTerm SSH*,"
115: "TTSSH/1.5.*,"
116: "TTSSH/2.1*,"
117: "TTSSH/2.2*,"
118: "TTSSH/2.3*,"
119: "TTSSH/2.4*,"
120: "TTSSH/2.5*,"
121: "TTSSH/2.6*,"
122: "TTSSH/2.70*,"
123: "TTSSH/2.71*,"
124: "TTSSH/2.72*", SSH_BUG_HOSTKEYS },
1.97 djm 125: { "WinSCP_release_4*,"
126: "WinSCP_release_5.0*,"
1.104 dtucker 127: "WinSCP_release_5.1,"
128: "WinSCP_release_5.1.*,"
129: "WinSCP_release_5.5,"
130: "WinSCP_release_5.5.*,"
131: "WinSCP_release_5.6,"
132: "WinSCP_release_5.6.*,"
1.97 djm 133: "WinSCP_release_5.7,"
134: "WinSCP_release_5.7.1,"
135: "WinSCP_release_5.7.2,"
136: "WinSCP_release_5.7.3,"
137: "WinSCP_release_5.7.4",
138: SSH_OLD_DHGEX },
1.106 dtucker 139: { "ConfD-*",
140: SSH_BUG_UTF8TTYMODE },
1.107 djm 141: { "Twisted_*", 0 },
142: { "Twisted*", SSH_BUG_DEBUG },
1.25 markus 143: { NULL, 0 }
1.6 markus 144: };
1.55 markus 145:
1.21 markus 146: /* process table, return first match */
1.24 markus 147: for (i = 0; check[i].pat; i++) {
1.91 djm 148: if (match_pattern_list(version, check[i].pat, 0) == 1) {
1.82 djm 149: debug("match: %s pat %s compat 0x%08x",
1.87 markus 150: version, check[i].pat, check[i].bugs);
151: datafellows = check[i].bugs; /* XXX for now */
152: return check[i].bugs;
1.6 markus 153: }
154: }
1.24 markus 155: debug("no match: %s", version);
1.87 markus 156: return 0;
1.10 markus 157: }
158:
159: #define SEP ","
160: int
161: proto_spec(const char *spec)
162: {
1.18 provos 163: char *s, *p, *q;
1.10 markus 164: int ret = SSH_PROTO_UNKNOWN;
165:
1.14 markus 166: if (spec == NULL)
167: return ret;
1.87 markus 168: q = s = strdup(spec);
169: if (s == NULL)
170: return ret;
1.19 ho 171: for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) {
1.54 deraadt 172: switch (atoi(p)) {
1.10 markus 173: case 2:
174: ret |= SSH_PROTO_2;
175: break;
176: default:
1.67 itojun 177: logit("ignoring bad proto spec: '%s'.", p);
1.10 markus 178: break;
179: }
180: }
1.81 djm 181: free(s);
1.10 markus 182: return ret;
1.40 djm 183: }
184:
1.82 djm 185: char *
186: compat_cipher_proposal(char *cipher_prop)
187: {
188: if (!(datafellows & SSH_BUG_BIGENDIANAES))
189: return cipher_prop;
190: debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
1.110 ! djm 191: if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL)
! 192: fatal("match_filter_blacklist failed");
1.82 djm 193: debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
194: if (*cipher_prop == '\0')
195: fatal("No supported ciphers found");
196: return cipher_prop;
197: }
198:
199: char *
200: compat_pkalg_proposal(char *pkalg_prop)
201: {
202: if (!(datafellows & SSH_BUG_RSASIGMD5))
203: return pkalg_prop;
204: debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
1.110 ! djm 205: if ((pkalg_prop = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL)
! 206: fatal("match_filter_blacklist failed");
1.82 djm 207: debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
208: if (*pkalg_prop == '\0')
209: fatal("No supported PK algorithms found");
210: return pkalg_prop;
1.83 djm 211: }
212:
213: char *
1.90 djm 214: compat_kex_proposal(char *p)
1.83 djm 215: {
1.90 djm 216: if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
217: return p;
218: debug2("%s: original KEX proposal: %s", __func__, p);
219: if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)
1.110 ! djm 220: if ((p = match_filter_blacklist(p,
1.100 djm 221: "curve25519-sha256@libssh.org")) == NULL)
1.110 ! djm 222: fatal("match_filter_blacklist failed");
1.90 djm 223: if ((datafellows & SSH_OLD_DHGEX) != 0) {
1.110 ! djm 224: if ((p = match_filter_blacklist(p,
1.100 djm 225: "diffie-hellman-group-exchange-sha256,"
226: "diffie-hellman-group-exchange-sha1")) == NULL)
1.110 ! djm 227: fatal("match_filter_blacklist failed");
1.90 djm 228: }
229: debug2("%s: compat KEX proposal: %s", __func__, p);
230: if (*p == '\0')
1.83 djm 231: fatal("No supported key exchange algorithms found");
1.90 djm 232: return p;
1.82 djm 233: }
234:
![[BACK]](/icons/back.gif){kind=icon}
Return to compat.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh