version 1.180, 2023/08/21 21:16:18 |
version 1.181, 2023/08/28 03:28:43 |
|
|
return SSH_ERR_ALLOC_FAIL; |
return SSH_ERR_ALLOC_FAIL; |
/* XXX filter algs list by allowed pubkey/hostbased types */ |
/* XXX filter algs list by allowed pubkey/hostbased types */ |
if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || |
if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || |
(r = sshpkt_put_u32(ssh, 2)) != 0 || |
(r = sshpkt_put_u32(ssh, 3)) != 0 || |
(r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 || |
(r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 || |
(r = sshpkt_put_cstring(ssh, algs)) != 0 || |
(r = sshpkt_put_cstring(ssh, algs)) != 0 || |
(r = sshpkt_put_cstring(ssh, |
(r = sshpkt_put_cstring(ssh, |
"publickey-hostbound@openssh.com")) != 0 || |
"publickey-hostbound@openssh.com")) != 0 || |
(r = sshpkt_put_cstring(ssh, "0")) != 0 || |
(r = sshpkt_put_cstring(ssh, "0")) != 0 || |
|
(r = sshpkt_put_cstring(ssh, "ping@openssh.com")) != 0 || |
|
(r = sshpkt_put_cstring(ssh, "0")) != 0 || |
(r = sshpkt_send(ssh)) != 0) { |
(r = sshpkt_send(ssh)) != 0) { |
error_fr(r, "compose"); |
error_fr(r, "compose"); |
goto out; |
goto out; |
|
|
return 0; |
return 0; |
} |
} |
|
|
|
/* Check whether an ext_info value contains the expected version string */ |
|
static int |
|
kex_ext_info_check_ver(struct kex *kex, const char *name, |
|
const u_char *val, size_t len, const char *want_ver, u_int flag) |
|
{ |
|
if (memchr(val, '\0', len) != NULL) { |
|
error("SSH2_MSG_EXT_INFO: %s value contains nul byte", name); |
|
return SSH_ERR_INVALID_FORMAT; |
|
} |
|
debug_f("%s=<%s>", name, val); |
|
if (strcmp(val, want_ver) == 0) |
|
kex->flags |= flag; |
|
else |
|
debug_f("unsupported version of %s extension", name); |
|
return 0; |
|
} |
|
|
int |
int |
kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh) |
kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh) |
{ |
{ |
|
|
/* Ensure no \0 lurking in value */ |
/* Ensure no \0 lurking in value */ |
if (memchr(val, '\0', vlen) != NULL) { |
if (memchr(val, '\0', vlen) != NULL) { |
error_f("nul byte in %s", name); |
error_f("nul byte in %s", name); |
|
free(name); |
|
free(val); |
return SSH_ERR_INVALID_FORMAT; |
return SSH_ERR_INVALID_FORMAT; |
} |
} |
debug_f("%s=<%s>", name, val); |
debug_f("%s=<%s>", name, val); |
|
|
val = NULL; |
val = NULL; |
} else if (strcmp(name, |
} else if (strcmp(name, |
"publickey-hostbound@openssh.com") == 0) { |
"publickey-hostbound@openssh.com") == 0) { |
/* XXX refactor */ |
if ((r = kex_ext_info_check_ver(kex, name, val, vlen, |
/* Ensure no \0 lurking in value */ |
"0", KEX_HAS_PUBKEY_HOSTBOUND)) != 0) { |
if (memchr(val, '\0', vlen) != NULL) { |
free(name); |
error_f("nul byte in %s", name); |
free(val); |
return SSH_ERR_INVALID_FORMAT; |
return r; |
} |
} |
debug_f("%s=<%s>", name, val); |
} else if (strcmp(name, "ping@openssh.com") == 0) { |
if (strcmp(val, "0") == 0) |
if ((r = kex_ext_info_check_ver(kex, name, val, vlen, |
kex->flags |= KEX_HAS_PUBKEY_HOSTBOUND; |
"0", KEX_HAS_PING)) != 0) { |
else { |
free(name); |
debug_f("unsupported version of %s extension", |
free(val); |
name); |
return r; |
} |
} |
} else |
} else |
debug_f("%s (unrecognised)", name); |
debug_f("%s (unrecognised)", name); |