src/usr.bin/ssh/packet.c - diff

Return to packet.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/packet.c between version 1.119.2.1 and 1.119.2.2

version 1.119.2.1, 2006/02/03 03:01:56

version 1.119.2.2, 2006/10/06 03:19:32

Line 1

/* $OpenBSD$ */

* Author: Tatu Ylonen <ylo@cs.hut.fi>

Line 36

Line 37

* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

#include "includes.h"

#include <sys/types.h>

RCSID("$OpenBSD$");

#include <sys/queue.h>

#include <sys/socket.h>

#include <sys/time.h>

#include <sys/param.h>

#include <netinet/in_systm.h>

#include <netinet/in.h>

#include <netinet/ip.h>

#include <errno.h>

#include <stdarg.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <unistd.h>

#include <signal.h>

#include "xmalloc.h"

#include "buffer.h"

#include "packet.h"

#include "bufaux.h"

#include "crc32.h"

#include "getput.h"

#include "compress.h"

#include "deattack.h"

#include "channels.h"

#include "compat.h"

#include "ssh1.h"

#include "ssh2.h"

#include "cipher.h"

#include "key.h"

#include "kex.h"

#include "mac.h"

#include "log.h"

Line 258

Line 268

return (cipher_get_keyiv_len(cc));

}

void

packet_set_iv(int mode, u_char *dat)

{

Line 270

Line 281

cipher_set_keyiv(cc, dat);

}

int

packet_get_ssh1_cipher(void)

{

Line 466

Line 478

buffer_append(&outgoing_packet, &ch, 1);

}

void

packet_put_int(u_int value)

{

buffer_put_int(&outgoing_packet, value);

}

void

packet_put_string(const void *buf, u_int len)

{

buffer_put_string(&outgoing_packet, buf, len);

}

void

packet_put_cstring(const char *str)

{

buffer_put_cstring(&outgoing_packet, str);

}

void

packet_put_raw(const void *buf, u_int len)

{

buffer_append(&outgoing_packet, buf, len);

}

void

packet_put_bignum(BIGNUM * value)

{

buffer_put_bignum(&outgoing_packet, value);

}

void

packet_put_bignum2(BIGNUM * value)

{

Line 544

Line 562

/* Add check bytes. */

checksum = ssh_crc32(buffer_ptr(&outgoing_packet),

buffer_len(&outgoing_packet));

PUT_32BIT(buf, checksum);

put_u32(buf, checksum);

buffer_append(&outgoing_packet, buf, 4);

#ifdef PACKET_DEBUG

Line 553

Line 571

#endif

/* Append to output. */

PUT_32BIT(buf, len);

put_u32(buf, len);

buffer_append(&output, buf, 4);

cp = buffer_append_space(&output, buffer_len(&outgoing_packet));

cipher_crypt(&send_context, cp, buffer_ptr(&outgoing_packet),

Line 649

Line 667

* Delayed compression for SSH2 is enabled after authentication:

* This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,

* This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,

* and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received.

static void

Line 756

Line 774

/* packet_length includes payload, padding and padding length field */

packet_length = buffer_len(&outgoing_packet) - 4;

cp = buffer_ptr(&outgoing_packet);

PUT_32BIT(cp, packet_length);

put_u32(cp, packet_length);

cp[4] = padlen;

DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen));

Line 773

Line 791

buffer_len(&outgoing_packet));

/* append unencrypted MAC */

if (mac && mac->enabled)

buffer_append(&output, (char *)macbuf, mac->mac_len);

buffer_append(&output, macbuf, mac->mac_len);

#ifdef PACKET_DEBUG

fprintf(stderr, "encrypted: ");

buffer_dump(&output);

Line 863

Line 881

char buf[8192];

DBG(debug("packet_read()"));

setp = (fd_set *)xmalloc(howmany(connection_in+1, NFDBITS) *

setp = (fd_set *)xcalloc(howmany(connection_in+1, NFDBITS),

sizeof(fd_mask));

/* Since we are blocking, ensure that all written packets have been sent. */

Line 954

Line 972

return SSH_MSG_NONE;

/* Get length of incoming packet. */

cp = buffer_ptr(&input);

len = GET_32BIT(cp);

len = get_u32(cp);

if (len < 1 + 2 + 2 || len > 256 * 1024)

packet_disconnect("Bad packet length %u.", len);

padded_len = (len + 8) & ~7;

Line 973

Line 991

* Ariel Futoransky(futo@core-sdi.com)

if (!receive_context.plaintext &&

if (!receive_context.plaintext) {

detect_attack(buffer_ptr(&input), padded_len, NULL) == DEATTACK_DETECTED)

switch (detect_attack(buffer_ptr(&input), padded_len)) {

packet_disconnect("crc32 compensation attack: network attack detected");

case DEATTACK_DETECTED:

packet_disconnect("crc32 compensation attack: "

"network attack detected");

case DEATTACK_DOS_DETECTED:

packet_disconnect("deattack denial of "

"service detected");

}

/* Decrypt data to incoming_packet. */

buffer_clear(&incoming_packet);

Line 1002

Line 1027

len, buffer_len(&incoming_packet));

cp = (u_char *)buffer_ptr(&incoming_packet) + len - 4;

stored_checksum = GET_32BIT(cp);

stored_checksum = get_u32(cp);

if (checksum != stored_checksum)

packet_disconnect("Corrupted check bytes on input.");

buffer_consume_end(&incoming_packet, 4);

Line 1051

Line 1076

cipher_crypt(&receive_context, cp, buffer_ptr(&input),

block_size);

cp = buffer_ptr(&incoming_packet);

packet_length = GET_32BIT(cp);

packet_length = get_u32(cp);

if (packet_length < 1 + 4 || packet_length > 256 * 1024) {

#ifdef PACKET_DEBUG

buffer_dump(&incoming_packet);

Line 1182

Line 1207

break;

default:

return type;

break;

}

} else {

type = packet_read_poll1();

Line 1205

Line 1229

if (type)

DBG(debug("received packet type %d", type));

return type;

break;

}

Line 1407

Line 1430

{

fd_set *setp;

setp = (fd_set *)xmalloc(howmany(connection_out + 1, NFDBITS) *

setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS),

sizeof(fd_mask));

packet_write_poll();

while (packet_have_data_to_write()) {

Line 1472

Line 1495

/* Only set socket options if using a socket. */

if (!packet_connection_is_on_socket())

return;

if (interactive)

set_nodelay(connection_in);

packet_set_tos(interactive);

}

Line 1534

Line 1556

for (i = 0; i < nbytes; i++) {

if (i % 4 == 0)

rnd = arc4random();

packet_put_char(rnd & 0xff);

packet_put_char((u_char)rnd & 0xff);

rnd >>= 8;

}