Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/ssh OpenSSH 3.0.2 as of 2001/12/06. fixes envir...
details: https://anonhg.NetBSD.org/src/rev/0d2d01c61095
branches: trunk
changeset: 518814:0d2d01c61095
user: itojun <itojun%NetBSD.org@localhost>
date: Thu Dec 06 03:46:04 2001 +0000
description:
OpenSSH 3.0.2 as of 2001/12/06. fixes environment variable passing in UseLogin=yes
diffstat:
crypto/dist/ssh/auth-rsa.c | 10 ++-
crypto/dist/ssh/bufaux.c | 6 +-
crypto/dist/ssh/compat.c | 110 ++++++++++++++++++++++++--------------------
crypto/dist/ssh/match.c | 28 ++++++++--
crypto/dist/ssh/match.h | 9 ++-
5 files changed, 96 insertions(+), 67 deletions(-)
diffs (truncated from 343 to 300 lines):
diff -r 71a46fe8ec66 -r 0d2d01c61095 crypto/dist/ssh/auth-rsa.c
--- a/crypto/dist/ssh/auth-rsa.c Thu Dec 06 02:07:03 2001 +0000
+++ b/crypto/dist/ssh/auth-rsa.c Thu Dec 06 03:46:04 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-rsa.c,v 1.1.1.7 2001/09/27 02:00:36 itojun Exp $ */
+/* $NetBSD: auth-rsa.c,v 1.1.1.8 2001/12/06 03:46:04 itojun Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -15,7 +15,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.44 2001/07/23 18:14:58 stevesk Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.45 2001/11/29 22:08:48 markus Exp $");
#include <openssl/rsa.h>
#include <openssl/md5.h>
@@ -241,7 +241,11 @@
/* Wrong response. */
verbose("Wrong response to RSA authentication challenge.");
packet_send_debug("Wrong response to RSA authentication challenge.");
- continue;
+ /*
+ * Break out of the loop. Otherwise we might send
+ * another challenge and break the protocol.
+ */
+ break;
}
/*
* Correct response. The client has been successfully
diff -r 71a46fe8ec66 -r 0d2d01c61095 crypto/dist/ssh/bufaux.c
--- a/crypto/dist/ssh/bufaux.c Thu Dec 06 02:07:03 2001 +0000
+++ b/crypto/dist/ssh/bufaux.c Thu Dec 06 03:46:04 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: bufaux.c,v 1.1.1.4 2001/04/10 07:13:51 itojun Exp $ */
+/* $NetBSD: bufaux.c,v 1.1.1.5 2001/12/06 03:46:06 itojun Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -38,7 +38,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.17 2001/01/21 19:05:45 markus Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.18 2001/12/05 10:06:12 deraadt Exp $");
#include <openssl/bn.h>
#include "bufaux.h"
@@ -122,7 +122,7 @@
log("negativ!");
for(i = bytes-1, carry = 1; i>=0; i--) {
uc[i] ^= 0xff;
- if(carry)
+ if (carry)
carry = !++uc[i];
}
}
diff -r 71a46fe8ec66 -r 0d2d01c61095 crypto/dist/ssh/compat.c
--- a/crypto/dist/ssh/compat.c Thu Dec 06 02:07:03 2001 +0000
+++ b/crypto/dist/ssh/compat.c Thu Dec 06 03:46:04 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: compat.c,v 1.1.1.8 2001/09/27 02:00:42 itojun Exp $ */
+/* $NetBSD: compat.c,v 1.1.1.9 2001/12/06 03:46:13 itojun Exp $ */
/*
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
*
@@ -24,14 +24,13 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.53 2001/09/20 13:50:40 markus Exp $");
-
-#include <regex.h>
+RCSID("$OpenBSD: compat.c,v 1.55 2001/12/05 16:54:51 markus Exp $");
#include "packet.h"
#include "xmalloc.h"
#include "compat.h"
#include "log.h"
+#include "match.h"
int compat13 = 0;
int compat20 = 0;
@@ -53,86 +52,97 @@
void
compat_datafellows(const char *version)
{
- int i, ret;
- char ebuf[1024];
- regex_t reg;
+ int i;
static struct {
char *pat;
int bugs;
} check[] = {
- { "^OpenSSH[-_]2\\.[012]",
- SSH_OLD_SESSIONID|SSH_BUG_BANNER|
+ { "OpenSSH-2.0*,"
+ "OpenSSH-2.1*,"
+ "OpenSSH_2.1*,"
+ "OpenSSH_2.2*", SSH_OLD_SESSIONID|SSH_BUG_BANNER|
SSH_OLD_DHGEX|SSH_BUG_NOREKEY },
- { "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES|
+ { "OpenSSH_2.3.0*", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES|
SSH_OLD_DHGEX|SSH_BUG_NOREKEY},
- { "^OpenSSH_2\\.3\\.", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX|
+ { "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX|
SSH_BUG_NOREKEY},
- { "^OpenSSH_2\\.5\\.[01]p1",
+ { "OpenSSH_2.5.0p1*,"
+ "OpenSSH_2.5.1p1*",
SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX|
SSH_BUG_NOREKEY },
- { "^OpenSSH_2\\.5\\.[012]",
- SSH_OLD_DHGEX|SSH_BUG_NOREKEY },
- { "^OpenSSH_2\\.5\\.3",
+ { "OpenSSH_2.5.0*,"
+ "OpenSSH_2.5.1*,"
+ "OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY },
+ { "OpenSSH_2.5.3*",
SSH_BUG_NOREKEY },
- { "^OpenSSH", 0 },
- { "MindTerm", 0 },
- { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+ { "OpenSSH*", 0 },
+ { "*MindTerm*", 0 },
+ { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE },
- { "^2\\.1 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+ { "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE },
- { "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+ { "2.0.13*,"
+ "2.0.14*,"
+ "2.0.15*,"
+ "2.0.16*,"
+ "2.0.17*,"
+ "2.0.18*,"
+ "2.0.19*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE|
SSH_BUG_DUMMYCHAN },
- { "^2\\.0\\.1[1-2]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+ { "2.0.11*,"
+ "2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKAUTH|SSH_BUG_PKOK|
SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
SSH_BUG_DUMMYCHAN },
- { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+ { "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKAUTH|SSH_BUG_PKOK|
SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN },
- { "^2\\.[23]\\.0", SSH_BUG_HMAC|SSH_BUG_DEBUG|
+ { "2.2.0*,"
+ "2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG|
SSH_BUG_RSASIGMD5 },
- { "^2\\.3\\.", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5 },
- { "^2\\.[2-9]\\.", SSH_BUG_DEBUG },
- { "^3\\.0\\.", SSH_BUG_DEBUG },
- { "^2\\.4$", SSH_OLD_SESSIONID }, /* Van Dyke */
- { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID },
- { "^1\\.7 SecureFX", SSH_OLD_SESSIONID },
- { "^1\\.2\\.1[89]", SSH_BUG_IGNOREMSG },
- { "^1\\.2\\.2[012]", SSH_BUG_IGNOREMSG },
- { "^1\\.3\\.2", SSH_BUG_IGNOREMSG }, /* f-secure */
- { "^SSH Compatible Server", /* Netscreen */
+ { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5 },
+ { "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */
+ { "2.*", SSH_BUG_DEBUG },
+ { "3.0.*", SSH_BUG_DEBUG },
+ { "3.0 SecureCRT*", SSH_OLD_SESSIONID },
+ { "1.7 SecureFX*", SSH_OLD_SESSIONID },
+ { "1.2.18*,"
+ "1.2.19*,"
+ "1.2.20*,"
+ "1.2.21*,"
+ "1.2.22*", SSH_BUG_IGNOREMSG },
+ { "1.3.2*", SSH_BUG_IGNOREMSG }, /* f-secure */
+ { "*SSH Compatible Server*", /* Netscreen */
SSH_BUG_PASSWORDPAD },
- { "^OSU_0", SSH_BUG_PASSWORDPAD },
- { "^OSU_1\\.[0-4]", SSH_BUG_PASSWORDPAD },
- { "^OSU_1\\.5alpha[1-3]",
- SSH_BUG_PASSWORDPAD },
- { "^SSH_Version_Mapper",
+ { "*OSU_0*,"
+ "OSU_1.0*,"
+ "OSU_1.1*,"
+ "OSU_1.2*,"
+ "OSU_1.3*,"
+ "OSU_1.4*,"
+ "OSU_1.5alpha1*,"
+ "OSU_1.5alpha2*,"
+ "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD },
+ { "*SSH_Version_Mapper*",
SSH_BUG_SCANNER },
{ NULL, 0 }
};
+
/* process table, return first match */
for (i = 0; check[i].pat; i++) {
- ret = regcomp(®, check[i].pat, REG_EXTENDED|REG_NOSUB);
- if (ret != 0) {
- regerror(ret, ®, ebuf, sizeof(ebuf));
- ebuf[sizeof(ebuf)-1] = '\0';
- error("regerror: %s", ebuf);
- continue;
- }
- ret = regexec(®, version, 0, NULL, 0);
- regfree(®);
- if (ret == 0) {
+ if (match_pattern_list(version, check[i].pat,
+ strlen(check[i].pat), 0) == 1) {
debug("match: %s pat %s", version, check[i].pat);
datafellows = check[i].bugs;
return;
@@ -152,7 +162,7 @@
return ret;
q = s = xstrdup(spec);
for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) {
- switch(atoi(p)) {
+ switch (atoi(p)) {
case 1:
if (ret == SSH_PROTO_UNKNOWN)
ret |= SSH_PROTO_1_PREFERRED;
@@ -184,7 +194,7 @@
fix_ciphers = xmalloc(len);
*fix_ciphers = '\0';
tmp = orig_prop = xstrdup(cipher_prop);
- while((cp = strsep(&tmp, ",")) != NULL) {
+ while ((cp = strsep(&tmp, ",")) != NULL) {
if (strncmp(cp, "aes", 3) && strncmp(cp, "rijndael", 8)) {
if (*fix_ciphers)
strlcat(fix_ciphers, ",", len);
diff -r 71a46fe8ec66 -r 0d2d01c61095 crypto/dist/ssh/match.c
--- a/crypto/dist/ssh/match.c Thu Dec 06 02:07:03 2001 +0000
+++ b/crypto/dist/ssh/match.c Thu Dec 06 03:46:04 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: match.c,v 1.1.1.6 2001/09/27 02:00:44 itojun Exp $ */
+/* $NetBSD: match.c,v 1.1.1.7 2001/12/06 03:46:18 itojun Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -36,7 +36,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: match.c,v 1.14 2001/06/27 04:48:53 markus Exp $");
+RCSID("$OpenBSD: match.c,v 1.15 2001/12/05 16:54:51 markus Exp $");
#include "match.h"
#include "xmalloc.h"
@@ -105,14 +105,15 @@
}
/*
- * Tries to match the host name (which must be in all lowercase) against the
+ * Tries to match the string against the
* comma-separated sequence of subpatterns (each possibly preceded by ! to
* indicate negation). Returns -1 if negation matches, 1 if there is
* a positive match, 0 if there is no match at all.
*/
int
-match_hostname(const char *host, const char *pattern, u_int len)
+match_pattern_list(const char *string, const char *pattern, u_int len,
+ int dolower)
{
char sub[1024];
int negated;
@@ -135,7 +136,8 @@
for (subi = 0;
i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
subi++, i++)
- sub[subi] = isupper(pattern[i]) ? tolower(pattern[i]) : pattern[i];
+ sub[subi] = dolower && isupper(pattern[i]) ?
+ tolower(pattern[i]) : pattern[i];
/* If subpattern too long, return failure (no match). */
if (subi >= sizeof(sub) - 1)
return 0;
@@ -147,8 +149,8 @@
/* Null-terminate the subpattern. */
sub[subi] = '\0';
- /* Try to match the subpattern against the host name. */
- if (match_pattern(host, sub)) {
+ /* Try to match the subpattern against the string. */
+ if (match_pattern(string, sub)) {
if (negated)
return -1; /* Negative */
Home |
Main Index |
Thread Index |
Old Index