Annotation of src/usr.bin/ssh/compat.c, Revision 1.94
1.94 ! dtucker 1: /* $OpenBSD: compat.c,v 1.93 2015/05/06 04:07:18 dtucker Exp $ */
1.5 markus 2: /*
1.61 markus 3: * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
1.5 markus 4: *
5: * Redistribution and use in source and binary forms, with or without
6: * modification, are permitted provided that the following conditions
7: * are met:
8: * 1. Redistributions of source code must retain the above copyright
9: * notice, this list of conditions and the following disclaimer.
10: * 2. Redistributions in binary form must reproduce the above copyright
11: * notice, this list of conditions and the following disclaimer in the
12: * documentation and/or other materials provided with the distribution.
13: *
14: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24: */
25:
1.76 deraadt 26: #include <sys/types.h>
1.74 stevesk 27:
1.75 stevesk 28: #include <stdlib.h>
1.74 stevesk 29: #include <string.h>
1.76 deraadt 30: #include <stdarg.h>
1.2 markus 31:
1.76 deraadt 32: #include "xmalloc.h"
1.57 markus 33: #include "buffer.h"
1.6 markus 34: #include "packet.h"
1.10 markus 35: #include "compat.h"
1.34 markus 36: #include "log.h"
1.55 markus 37: #include "match.h"
1.1 markus 38:
1.4 markus 39: int compat13 = 0;
1.6 markus 40: int compat20 = 0;
41: int datafellows = 0;
1.4 markus 42:
1.11 markus 43: void
1.6 markus 44: enable_compat20(void)
45: {
1.80 djm 46: if (compat20)
47: return;
1.64 stevesk 48: debug("Enabling compatibility mode for protocol 2.0");
1.7 markus 49: compat20 = 1;
1.6 markus 50: }
1.11 markus 51: void
1.4 markus 52: enable_compat13(void)
53: {
1.64 stevesk 54: debug("Enabling compatibility mode for protocol 1.3");
1.4 markus 55: compat13 = 1;
1.6 markus 56: }
57: /* datafellows bug compatibility */
1.87 markus 58: u_int
1.6 markus 59: compat_datafellows(const char *version)
60: {
1.55 markus 61: int i;
1.24 markus 62: static struct {
63: char *pat;
1.13 markus 64: int bugs;
65: } check[] = {
1.55 markus 66: { "OpenSSH-2.0*,"
67: "OpenSSH-2.1*,"
68: "OpenSSH_2.1*,"
69: "OpenSSH_2.2*", SSH_OLD_SESSIONID|SSH_BUG_BANNER|
1.62 markus 70: SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
1.71 djm 71: SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
1.55 markus 72: { "OpenSSH_2.3.0*", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES|
1.62 markus 73: SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
1.71 djm 74: SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
1.55 markus 75: { "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX|
1.71 djm 76: SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
77: SSH_OLD_FORWARD_ADDR},
1.55 markus 78: { "OpenSSH_2.5.0p1*,"
79: "OpenSSH_2.5.1p1*",
1.45 markus 80: SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX|
1.71 djm 81: SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
82: SSH_OLD_FORWARD_ADDR},
1.55 markus 83: { "OpenSSH_2.5.0*,"
84: "OpenSSH_2.5.1*,"
1.62 markus 85: "OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
1.71 djm 86: SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
87: { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
88: SSH_OLD_FORWARD_ADDR},
1.62 markus 89: { "OpenSSH_2.*,"
90: "OpenSSH_3.0*,"
1.71 djm 91: "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
92: { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR },
1.62 markus 93: { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
1.78 markus 94: { "OpenSSH_4*", 0 },
1.79 markus 95: { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
1.85 djm 96: { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH},
1.83 djm 97: { "OpenSSH_6.5*,"
1.84 djm 98: "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
1.78 markus 99: { "OpenSSH*", SSH_NEW_OPENSSH },
1.55 markus 100: { "*MindTerm*", 0 },
101: { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
1.41 markus 102: SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
1.66 markus 103: SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
104: SSH_BUG_FIRSTKEX },
1.55 markus 105: { "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
1.41 markus 106: SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
1.66 markus 107: SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
108: SSH_BUG_FIRSTKEX },
1.56 deraadt 109: { "2.0.13*,"
110: "2.0.14*,"
111: "2.0.15*,"
112: "2.0.16*,"
113: "2.0.17*,"
114: "2.0.18*,"
1.55 markus 115: "2.0.19*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
1.31 markus 116: SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
1.37 markus 117: SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
1.47 markus 118: SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
1.53 markus 119: SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE|
1.66 markus 120: SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
1.56 deraadt 121: { "2.0.11*,"
1.55 markus 122: "2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
1.49 markus 123: SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
124: SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
125: SSH_BUG_PKAUTH|SSH_BUG_PKOK|
1.53 markus 126: SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
1.66 markus 127: SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
1.55 markus 128: { "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
1.31 markus 129: SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
130: SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
1.41 markus 131: SSH_BUG_PKAUTH|SSH_BUG_PKOK|
1.49 markus 132: SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
1.66 markus 133: SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN|
134: SSH_BUG_FIRSTKEX },
1.55 markus 135: { "2.2.0*,"
136: "2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG|
1.66 markus 137: SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX },
138: { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
139: SSH_BUG_FIRSTKEX },
1.55 markus 140: { "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */
1.77 djm 141: { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX|
142: SSH_BUG_RFWD_ADDR },
1.55 markus 143: { "3.0.*", SSH_BUG_DEBUG },
144: { "3.0 SecureCRT*", SSH_OLD_SESSIONID },
145: { "1.7 SecureFX*", SSH_OLD_SESSIONID },
146: { "1.2.18*,"
147: "1.2.19*,"
148: "1.2.20*,"
149: "1.2.21*,"
1.69 markus 150: "1.2.22*", SSH_BUG_IGNOREMSG },
1.63 markus 151: { "1.3.2*", /* F-Secure */
1.69 markus 152: SSH_BUG_IGNOREMSG },
1.94 ! dtucker 153: { "Cisco-1.*", SSH_BUG_DHGEX_LARGE },
1.55 markus 154: { "*SSH Compatible Server*", /* Netscreen */
1.38 deraadt 155: SSH_BUG_PASSWORDPAD },
1.56 deraadt 156: { "*OSU_0*,"
1.55 markus 157: "OSU_1.0*,"
158: "OSU_1.1*,"
159: "OSU_1.2*,"
160: "OSU_1.3*,"
161: "OSU_1.4*,"
162: "OSU_1.5alpha1*,"
163: "OSU_1.5alpha2*,"
164: "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD },
165: { "*SSH_Version_Mapper*",
1.39 deraadt 166: SSH_BUG_SCANNER },
1.93 dtucker 167: { "PuTTY-Release-0.5*," /* 0.50-0.57, DH-GEX in >=0.52 */
168: "PuTTY_Release_0.5*," /* 0.58-0.59 */
169: "PuTTY_Release_0.60*,"
170: "PuTTY_Release_0.61*,"
171: "PuTTY_Release_0.62*,"
172: "PuTTY_Release_0.63*,"
173: "PuTTY_Release_0.64*",
174: SSH_OLD_DHGEX },
1.65 mickey 175: { "Probe-*",
176: SSH_BUG_PROBE },
1.89 dtucker 177: { "TeraTerm SSH*,"
178: "TTSSH/1.5.*,"
179: "TTSSH/2.1*,"
180: "TTSSH/2.2*,"
181: "TTSSH/2.3*,"
182: "TTSSH/2.4*,"
183: "TTSSH/2.5*,"
184: "TTSSH/2.6*,"
185: "TTSSH/2.70*,"
186: "TTSSH/2.71*,"
187: "TTSSH/2.72*", SSH_BUG_HOSTKEYS },
1.92 dtucker 188: { "WinSCP*", SSH_OLD_DHGEX },
1.25 markus 189: { NULL, 0 }
1.6 markus 190: };
1.55 markus 191:
1.21 markus 192: /* process table, return first match */
1.24 markus 193: for (i = 0; check[i].pat; i++) {
1.91 djm 194: if (match_pattern_list(version, check[i].pat, 0) == 1) {
1.82 djm 195: debug("match: %s pat %s compat 0x%08x",
1.87 markus 196: version, check[i].pat, check[i].bugs);
197: datafellows = check[i].bugs; /* XXX for now */
198: return check[i].bugs;
1.6 markus 199: }
200: }
1.24 markus 201: debug("no match: %s", version);
1.87 markus 202: return 0;
1.10 markus 203: }
204:
205: #define SEP ","
206: int
207: proto_spec(const char *spec)
208: {
1.18 provos 209: char *s, *p, *q;
1.10 markus 210: int ret = SSH_PROTO_UNKNOWN;
211:
1.14 markus 212: if (spec == NULL)
213: return ret;
1.87 markus 214: q = s = strdup(spec);
215: if (s == NULL)
216: return ret;
1.19 ho 217: for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) {
1.54 deraadt 218: switch (atoi(p)) {
1.10 markus 219: case 1:
1.88 djm 220: #ifdef WITH_SSH1
1.10 markus 221: if (ret == SSH_PROTO_UNKNOWN)
222: ret |= SSH_PROTO_1_PREFERRED;
223: ret |= SSH_PROTO_1;
1.88 djm 224: #endif
1.10 markus 225: break;
226: case 2:
227: ret |= SSH_PROTO_2;
228: break;
229: default:
1.67 itojun 230: logit("ignoring bad proto spec: '%s'.", p);
1.10 markus 231: break;
232: }
233: }
1.81 djm 234: free(s);
1.10 markus 235: return ret;
1.40 djm 236: }
237:
1.82 djm 238: /*
239: * Filters a proposal string, excluding any algorithm matching the 'filter'
240: * pattern list.
241: */
242: static char *
243: filter_proposal(char *proposal, const char *filter)
1.40 djm 244: {
1.57 markus 245: Buffer b;
1.82 djm 246: char *orig_prop, *fix_prop;
1.40 djm 247: char *cp, *tmp;
248:
1.57 markus 249: buffer_init(&b);
1.82 djm 250: tmp = orig_prop = xstrdup(proposal);
1.54 deraadt 251: while ((cp = strsep(&tmp, ",")) != NULL) {
1.91 djm 252: if (match_pattern_list(cp, filter, 0) != 1) {
1.57 markus 253: if (buffer_len(&b) > 0)
254: buffer_append(&b, ",", 1);
255: buffer_append(&b, cp, strlen(cp));
1.82 djm 256: } else
257: debug2("Compat: skipping algorithm \"%s\"", cp);
1.40 djm 258: }
1.57 markus 259: buffer_append(&b, "\0", 1);
1.86 djm 260: fix_prop = xstrdup((char *)buffer_ptr(&b));
1.57 markus 261: buffer_free(&b);
1.81 djm 262: free(orig_prop);
1.40 djm 263:
1.82 djm 264: return fix_prop;
1.1 markus 265: }
1.82 djm 266:
267: char *
268: compat_cipher_proposal(char *cipher_prop)
269: {
270: if (!(datafellows & SSH_BUG_BIGENDIANAES))
271: return cipher_prop;
272: debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
273: cipher_prop = filter_proposal(cipher_prop, "aes*");
274: debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
275: if (*cipher_prop == '\0')
276: fatal("No supported ciphers found");
277: return cipher_prop;
278: }
279:
280: char *
281: compat_pkalg_proposal(char *pkalg_prop)
282: {
283: if (!(datafellows & SSH_BUG_RSASIGMD5))
284: return pkalg_prop;
285: debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
286: pkalg_prop = filter_proposal(pkalg_prop, "ssh-rsa");
287: debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
288: if (*pkalg_prop == '\0')
289: fatal("No supported PK algorithms found");
290: return pkalg_prop;
1.83 djm 291: }
292:
293: char *
1.90 djm 294: compat_kex_proposal(char *p)
1.83 djm 295: {
1.90 djm 296: if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
297: return p;
298: debug2("%s: original KEX proposal: %s", __func__, p);
299: if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)
300: p = filter_proposal(p, "curve25519-sha256@libssh.org");
301: if ((datafellows & SSH_OLD_DHGEX) != 0) {
302: p = filter_proposal(p, "diffie-hellman-group-exchange-sha256");
303: p = filter_proposal(p, "diffie-hellman-group-exchange-sha1");
304: }
305: debug2("%s: compat KEX proposal: %s", __func__, p);
306: if (*p == '\0')
1.83 djm 307: fatal("No supported key exchange algorithms found");
1.90 djm 308: return p;
1.82 djm 309: }
310: