===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/packet.c,v
retrieving revision 1.119.2.3
retrieving revision 1.120
diff -u -r1.119.2.3 -r1.120
--- src/usr.bin/ssh/packet.c	2006/11/08 00:44:05	1.119.2.3
+++ src/usr.bin/ssh/packet.c	2005/10/30 08:52:17	1.120
@@ -1,4 +1,3 @@
-/* $OpenBSD: packet.c,v 1.119.2.3 2006/11/08 00:44:05 brad Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -37,36 +36,27 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#include <sys/types.h>
+#include "includes.h"
+RCSID("$OpenBSD: packet.c,v 1.120 2005/10/30 08:52:17 djm Exp $");
+
 #include <sys/queue.h>
-#include <sys/socket.h>
-#include <sys/time.h>
-#include <sys/param.h>
 
-#include <netinet/in_systm.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-
-#include <errno.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <signal.h>
-
 #include "xmalloc.h"
 #include "buffer.h"
 #include "packet.h"
+#include "bufaux.h"
 #include "crc32.h"
+#include "getput.h"
+
 #include "compress.h"
 #include "deattack.h"
 #include "channels.h"
+
 #include "compat.h"
 #include "ssh1.h"
 #include "ssh2.h"
+
 #include "cipher.h"
-#include "key.h"
 #include "kex.h"
 #include "mac.h"
 #include "log.h"
@@ -268,7 +258,6 @@
 
 	return (cipher_get_keyiv_len(cc));
 }
-
 void
 packet_set_iv(int mode, u_char *dat)
 {
@@ -281,7 +270,6 @@
 
 	cipher_set_keyiv(cc, dat);
 }
-
 int
 packet_get_ssh1_cipher(void)
 {
@@ -478,37 +466,31 @@
 
 	buffer_append(&outgoing_packet, &ch, 1);
 }
-
 void
 packet_put_int(u_int value)
 {
 	buffer_put_int(&outgoing_packet, value);
 }
-
 void
 packet_put_string(const void *buf, u_int len)
 {
 	buffer_put_string(&outgoing_packet, buf, len);
 }
-
 void
 packet_put_cstring(const char *str)
 {
 	buffer_put_cstring(&outgoing_packet, str);
 }
-
 void
 packet_put_raw(const void *buf, u_int len)
 {
 	buffer_append(&outgoing_packet, buf, len);
 }
-
 void
 packet_put_bignum(BIGNUM * value)
 {
 	buffer_put_bignum(&outgoing_packet, value);
 }
-
 void
 packet_put_bignum2(BIGNUM * value)
 {
@@ -562,7 +544,7 @@
 	/* Add check bytes. */
 	checksum = ssh_crc32(buffer_ptr(&outgoing_packet),
 	    buffer_len(&outgoing_packet));
-	put_u32(buf, checksum);
+	PUT_32BIT(buf, checksum);
 	buffer_append(&outgoing_packet, buf, 4);
 
 #ifdef PACKET_DEBUG
@@ -571,7 +553,7 @@
 #endif
 
 	/* Append to output. */
-	put_u32(buf, len);
+	PUT_32BIT(buf, len);
 	buffer_append(&output, buf, 4);
 	cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
 	cipher_crypt(&send_context, cp, buffer_ptr(&outgoing_packet),
@@ -667,7 +649,7 @@
 
 /*
  * Delayed compression for SSH2 is enabled after authentication:
- * This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
+ * This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
  * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received.
  */
 static void
@@ -682,9 +664,6 @@
 	 */
 	after_authentication = 1;
 	for (mode = 0; mode < MODE_MAX; mode++) {
-		/* protocol error: USERAUTH_SUCCESS received before NEWKEYS */
-		if (newkeys[mode] == NULL)
-			continue;
 		comp = &newkeys[mode]->comp;
 		if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
 			packet_init_compression();
@@ -777,7 +756,7 @@
 	/* packet_length includes payload, padding and padding length field */
 	packet_length = buffer_len(&outgoing_packet) - 4;
 	cp = buffer_ptr(&outgoing_packet);
-	put_u32(cp, packet_length);
+	PUT_32BIT(cp, packet_length);
 	cp[4] = padlen;
 	DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen));
 
@@ -794,7 +773,7 @@
 	    buffer_len(&outgoing_packet));
 	/* append unencrypted MAC */
 	if (mac && mac->enabled)
-		buffer_append(&output, macbuf, mac->mac_len);
+		buffer_append(&output, (char *)macbuf, mac->mac_len);
 #ifdef PACKET_DEBUG
 	fprintf(stderr, "encrypted: ");
 	buffer_dump(&output);
@@ -884,7 +863,7 @@
 	char buf[8192];
 	DBG(debug("packet_read()"));
 
-	setp = (fd_set *)xcalloc(howmany(connection_in+1, NFDBITS),
+	setp = (fd_set *)xmalloc(howmany(connection_in+1, NFDBITS) *
 	    sizeof(fd_mask));
 
 	/* Since we are blocking, ensure that all written packets have been sent. */
@@ -975,7 +954,7 @@
 		return SSH_MSG_NONE;
 	/* Get length of incoming packet. */
 	cp = buffer_ptr(&input);
-	len = get_u32(cp);
+	len = GET_32BIT(cp);
 	if (len < 1 + 2 + 2 || len > 256 * 1024)
 		packet_disconnect("Bad packet length %u.", len);
 	padded_len = (len + 8) & ~7;
@@ -994,16 +973,9 @@
 	 * (C)1998 CORE-SDI, Buenos Aires Argentina
 	 * Ariel Futoransky(futo@core-sdi.com)
 	 */
-	if (!receive_context.plaintext) {
-		switch (detect_attack(buffer_ptr(&input), padded_len)) {
-		case DEATTACK_DETECTED:
-			packet_disconnect("crc32 compensation attack: "
-			    "network attack detected");
-		case DEATTACK_DOS_DETECTED:
-			packet_disconnect("deattack denial of "
-			    "service detected");
-		}
-	}
+	if (!receive_context.plaintext &&
+	    detect_attack(buffer_ptr(&input), padded_len, NULL) == DEATTACK_DETECTED)
+		packet_disconnect("crc32 compensation attack: network attack detected");
 
 	/* Decrypt data to incoming_packet. */
 	buffer_clear(&incoming_packet);
@@ -1030,7 +1002,7 @@
 		    len, buffer_len(&incoming_packet));
 
 	cp = (u_char *)buffer_ptr(&incoming_packet) + len - 4;
-	stored_checksum = get_u32(cp);
+	stored_checksum = GET_32BIT(cp);
 	if (checksum != stored_checksum)
 		packet_disconnect("Corrupted check bytes on input.");
 	buffer_consume_end(&incoming_packet, 4);
@@ -1079,7 +1051,7 @@
 		cipher_crypt(&receive_context, cp, buffer_ptr(&input),
 		    block_size);
 		cp = buffer_ptr(&incoming_packet);
-		packet_length = get_u32(cp);
+		packet_length = GET_32BIT(cp);
 		if (packet_length < 1 + 4 || packet_length > 256 * 1024) {
 #ifdef PACKET_DEBUG
 			buffer_dump(&incoming_packet);
@@ -1210,6 +1182,7 @@
 				break;
 			default:
 				return type;
+				break;
 			}
 		} else {
 			type = packet_read_poll1();
@@ -1232,6 +1205,7 @@
 				if (type)
 					DBG(debug("received packet type %d", type));
 				return type;
+				break;
 			}
 		}
 	}
@@ -1433,7 +1407,7 @@
 {
 	fd_set *setp;
 
-	setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS),
+	setp = (fd_set *)xmalloc(howmany(connection_out + 1, NFDBITS) *
 	    sizeof(fd_mask));
 	packet_write_poll();
 	while (packet_have_data_to_write()) {
@@ -1498,7 +1472,8 @@
 	/* Only set socket options if using a socket.  */
 	if (!packet_connection_is_on_socket())
 		return;
-	set_nodelay(connection_in);
+	if (interactive)
+		set_nodelay(connection_in);
 	packet_set_tos(interactive);
 }
 
@@ -1559,7 +1534,7 @@
 	for (i = 0; i < nbytes; i++) {
 		if (i % 4 == 0)
 			rnd = arc4random();
-		packet_put_char((u_char)rnd & 0xff);
+		packet_put_char(rnd & 0xff);
 		rnd >>= 8;
 	}
 }