From ee22db892c371f4f453c323be71781937387deea Mon Sep 17 00:00:00 2001 From: djm Date: Thu, 22 Jun 2000 11:32:31 +0000 Subject: - OpenBSD CVS Updates: - markus@cvs.openbsd.org 2000/06/18 18:50:11 [auth2.c compat.c compat.h sshconnect2.c] make userauth+pubkey interop with ssh.com-2.2.0 - markus@cvs.openbsd.org 2000/06/18 20:56:17 [dsa.c] mem leak + be more paranoid in dsa_verify. - markus@cvs.openbsd.org 2000/06/18 21:29:50 [key.c] cleanup fingerprinting, less hardcoded sizes - markus@cvs.openbsd.org 2000/06/19 19:39:45 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h] [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h] [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c] [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c] [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h] OpenBSD tag - markus@cvs.openbsd.org 2000/06/21 10:46:10 sshconnect2.c missing free; nuke old comment --- ChangeLog | 23 +++++++++++++++++++++++ atomicio.c | 2 +- auth-options.c | 2 +- auth-passwd.c | 2 +- auth-rh-rsa.c | 2 +- auth-rhosts.c | 2 +- auth-rsa.c | 2 +- auth-skey.c | 2 +- auth2.c | 9 ++++++--- authfd.c | 2 +- authfd.h | 2 +- authfile.c | 2 +- bufaux.c | 2 +- bufaux.h | 2 +- buffer.c | 2 +- buffer.h | 2 +- canohost.c | 2 +- channels.c | 2 +- channels.h | 2 +- cipher.c | 2 +- cipher.h | 2 +- clientloop.c | 2 +- compat.c | 4 ++-- compat.h | 3 ++- compress.c | 2 +- compress.h | 2 +- crc32.c | 2 +- crc32.h | 2 +- deattack.c | 2 +- dispatch.c | 2 +- dsa.c | 17 +++++++++++++---- fingerprint.c | 2 +- fingerprint.h | 2 +- getput.h | 2 +- hmac.c | 2 +- kex.c | 2 +- key.c | 27 ++++++++++++++++----------- log-client.c | 2 +- log-server.c | 2 +- login.c | 2 +- match.c | 2 +- mpaux.c | 2 +- mpaux.h | 2 +- nchan.c | 2 +- nchan.h | 2 +- packet.c | 2 +- packet.h | 2 +- pty.c | 2 +- pty.h | 2 +- readconf.c | 2 +- readconf.h | 2 +- readpass.c | 2 +- rsa.c | 2 +- rsa.h | 2 +- scp.c | 4 ++-- servconf.c | 2 +- servconf.h | 2 +- ssh-add.c | 2 +- ssh-keygen.c | 2 +- ssh.c | 2 +- ssh.h | 2 +- sshconnect2.c | 20 ++++++++++++++------ tildexpand.c | 2 +- ttymodes.c | 2 +- ttymodes.h | 2 +- uidswap.c | 2 +- xmalloc.c | 2 +- xmalloc.h | 2 +- 68 files changed, 138 insertions(+), 89 deletions(-) diff --git a/ChangeLog b/ChangeLog index c35b7366..af56ec53 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,29 @@ - (djm) Automatically generate host key during "make install". Suggested by Gary E. Miller - (djm) Paranoia before kill() system call + - OpenBSD CVS Updates: + - markus@cvs.openbsd.org 2000/06/18 18:50:11 + [auth2.c compat.c compat.h sshconnect2.c] + make userauth+pubkey interop with ssh.com-2.2.0 + - markus@cvs.openbsd.org 2000/06/18 20:56:17 + [dsa.c] + mem leak + be more paranoid in dsa_verify. + - markus@cvs.openbsd.org 2000/06/18 21:29:50 + [key.c] + cleanup fingerprinting, less hardcoded sizes + - markus@cvs.openbsd.org 2000/06/19 19:39:45 + [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] + [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h] + [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] + [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h] + [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c] + [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] + [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] + [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c] + [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h] + OpenBSD tag + - markus@cvs.openbsd.org 2000/06/21 10:46:10 + sshconnect2.c missing free; nuke old comment 20000620 - (djm) Replace use of '-o' and '-a' logical operators in configure tests diff --git a/atomicio.c b/atomicio.c index 3f12344e..7d9f9340 100644 --- a/atomicio.c +++ b/atomicio.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$Id: atomicio.c,v 1.11 2000/04/16 02:31:49 damien Exp $"); +RCSID("$OpenBSD: atomicio.c,v 1.4 2000/06/20 01:39:37 markus Exp $"); #include "xmalloc.h" #include "ssh.h" diff --git a/auth-options.c b/auth-options.c index 7ebbb766..55ccc851 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,5 +1,5 @@ #include "includes.h" -RCSID("$Id: auth-options.c,v 1.1 2000/06/18 04:50:44 djm Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.2 2000/06/20 01:39:38 markus Exp $"); #include "ssh.h" #include "packet.h" diff --git a/auth-passwd.c b/auth-passwd.c index b27c5bae..d722122c 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -11,7 +11,7 @@ #ifndef USE_PAM -RCSID("$Id: auth-passwd.c,v 1.20 2000/05/20 05:03:00 damien Exp $"); +RCSID("$OpenBSD: auth-passwd.c,v 1.16 2000/06/20 01:39:38 markus Exp $"); #include "packet.h" #include "ssh.h" diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 1073ecc1..4386758d 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$Id: auth-rh-rsa.c,v 1.11 2000/04/16 02:31:49 damien Exp $"); +RCSID("$OpenBSD: auth-rh-rsa.c,v 1.14 2000/06/20 01:39:38 markus Exp $"); #include "packet.h" #include "ssh.h" diff --git a/auth-rhosts.c b/auth-rhosts.c index 6a5c13e4..f670276b 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$Id: auth-rhosts.c,v 1.8 2000/04/16 01:18:39 damien Exp $"); +RCSID("$OpenBSD: auth-rhosts.c,v 1.14 2000/06/20 01:39:38 markus Exp $"); #include "packet.h" #include "ssh.h" diff --git a/auth-rsa.c b/auth-rsa.c index 546e1d84..1a246f7f 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$Id: auth-rsa.c,v 1.21 2000/06/18 04:50:44 djm Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.26 2000/06/20 01:39:38 markus Exp $"); #include "rsa.h" #include "packet.h" diff --git a/auth-skey.c b/auth-skey.c index 7eb32e8f..d66d84e7 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -1,6 +1,6 @@ #include "includes.h" #ifdef SKEY -RCSID("$Id: auth-skey.c,v 1.6 2000/04/14 10:30:29 markus Exp $"); +RCSID("$OpenBSD: auth-skey.c,v 1.7 2000/06/20 01:39:38 markus Exp $"); #include "ssh.h" #include "packet.h" diff --git a/auth2.c b/auth2.c index c7dcf195..a3d4ab60 100644 --- a/auth2.c +++ b/auth2.c @@ -27,7 +27,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.10 2000/06/18 04:05:02 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.11 2000/06/19 00:50:11 markus Exp $"); #include #include @@ -302,8 +302,11 @@ ssh2_auth_pubkey(struct passwd *pw, char *service) sig = packet_get_string(&slen); packet_done(); buffer_init(&b); - buffer_append(&b, session_id2, session_id2_len); - + if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) { + buffer_put_string(&b, session_id2, session_id2_len); + } else { + buffer_append(&b, session_id2, session_id2_len); + } /* reconstruct packet */ buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); buffer_put_cstring(&b, pw->pw_name); diff --git a/authfd.c b/authfd.c index 36b4d6ce..69d77d7d 100644 --- a/authfd.c +++ b/authfd.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: authfd.c,v 1.14 2000/04/30 00:00:53 damien Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.20 2000/06/20 01:39:38 markus Exp $"); #include "ssh.h" #include "rsa.h" diff --git a/authfd.h b/authfd.h index 420f592b..d7ff4be2 100644 --- a/authfd.h +++ b/authfd.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: authfd.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */ +/* RCSID("$OpenBSD: authfd.h,v 1.8 2000/06/20 01:39:38 markus Exp $"); */ #ifndef AUTHFD_H #define AUTHFD_H diff --git a/authfile.c b/authfile.c index f93c9d47..71c4a5d8 100644 --- a/authfile.c +++ b/authfile.c @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$Id: authfile.c,v 1.12 2000/04/29 13:57:10 damien Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.17 2000/06/20 01:39:38 markus Exp $"); #include #include diff --git a/bufaux.c b/bufaux.c index 9ae5e9e6..ecf529ff 100644 --- a/bufaux.c +++ b/bufaux.c @@ -17,7 +17,7 @@ */ #include "includes.h" -RCSID("$Id: bufaux.c,v 1.12 2000/04/16 02:31:50 damien Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.12 2000/06/20 01:39:39 markus Exp $"); #include "ssh.h" #include diff --git a/bufaux.h b/bufaux.h index 80bad6ea..42df4639 100644 --- a/bufaux.h +++ b/bufaux.h @@ -11,7 +11,7 @@ * */ -/* RCSID("$Id: bufaux.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */ +/* RCSID("$OpenBSD: bufaux.h,v 1.7 2000/06/20 01:39:39 markus Exp $"); */ #ifndef BUFAUX_H #define BUFAUX_H diff --git a/buffer.c b/buffer.c index 83a63e6f..db5ae0a2 100644 --- a/buffer.c +++ b/buffer.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: buffer.c,v 1.5 2000/04/16 01:18:40 damien Exp $"); +RCSID("$OpenBSD: buffer.c,v 1.7 2000/06/20 01:39:39 markus Exp $"); #include "xmalloc.h" #include "buffer.h" diff --git a/buffer.h b/buffer.h index f33e6f72..a2b4efff 100644 --- a/buffer.h +++ b/buffer.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: buffer.h,v 1.4 2000/04/16 02:31:50 damien Exp $"); */ +/* RCSID("$OpenBSD: buffer.h,v 1.5 2000/06/20 01:39:39 markus Exp $"); */ #ifndef BUFFER_H #define BUFFER_H diff --git a/canohost.c b/canohost.c index 1b579092..7ded0e3b 100644 --- a/canohost.c +++ b/canohost.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: canohost.c,v 1.9 2000/04/16 01:18:40 damien Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.13 2000/06/20 01:39:39 markus Exp $"); #include "packet.h" #include "xmalloc.h" diff --git a/channels.c b/channels.c index 9da9db47..038670da 100644 --- a/channels.c +++ b/channels.c @@ -17,7 +17,7 @@ */ #include "includes.h" -RCSID("$Id: channels.c,v 1.33 2000/06/18 04:50:44 djm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.62 2000/06/20 01:39:39 markus Exp $"); #include "ssh.h" #include "packet.h" diff --git a/channels.h b/channels.h index 922c5d0a..9629124b 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* RCSID("$Id: channels.h,v 1.10 2000/06/07 09:55:44 djm Exp $"); */ +/* RCSID("$OpenBSD: channels.h,v 1.14 2000/06/20 01:39:40 markus Exp $"); */ #ifndef CHANNELS_H #define CHANNELS_H diff --git a/cipher.c b/cipher.c index 4117cb77..97cbd38c 100644 --- a/cipher.c +++ b/cipher.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$Id: cipher.c,v 1.21 2000/05/30 03:44:52 damien Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.28 2000/06/20 01:39:40 markus Exp $"); #include "ssh.h" #include "cipher.h" diff --git a/cipher.h b/cipher.h index b7410fbc..a1379907 100644 --- a/cipher.h +++ b/cipher.h @@ -11,7 +11,7 @@ * */ -/* RCSID("$Id: cipher.h,v 1.13 2000/05/09 01:03:00 damien Exp $"); */ +/* RCSID("$OpenBSD: cipher.h,v 1.18 2000/06/20 01:39:40 markus Exp $"); */ #ifndef CIPHER_H #define CIPHER_H diff --git a/clientloop.c b/clientloop.c index 82d1d27d..5df584ab 100644 --- a/clientloop.c +++ b/clientloop.c @@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$Id: clientloop.c,v 1.16 2000/05/09 01:03:00 damien Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.27 2000/06/20 01:39:40 markus Exp $"); #include "xmalloc.h" #include "ssh.h" diff --git a/compat.c b/compat.c index 8e77fd79..e3410d49 100644 --- a/compat.c +++ b/compat.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: compat.c,v 1.12 2000/06/18 04:50:44 djm Exp $"); +RCSID("$OpenBSD: compat.c,v 1.17 2000/06/20 01:39:40 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -61,7 +61,7 @@ compat_datafellows(const char *version) char *version; int bugs; } check[] = { - {"2.2.0", SSH_BUG_HMAC}, + {"2.2.0", SSH_BUG_HMAC|SSH_COMPAT_SESSIONID_ENCODING}, {"2.1.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC}, {"2.0.1", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD}, {NULL, 0} diff --git a/compat.h b/compat.h index cd7c190c..2060a39f 100644 --- a/compat.h +++ b/compat.h @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$Id: compat.h,v 1.6 2000/05/09 01:03:00 damien Exp $"); */ +/* RCSID("$OpenBSD: compat.h,v 1.9 2000/06/20 01:39:40 markus Exp $"); */ #ifndef COMPAT_H #define COMPAT_H @@ -40,6 +40,7 @@ #define SSH_BUG_PUBKEYAUTH 0x02 #define SSH_BUG_HMAC 0x04 #define SSH_BUG_X11FWD 0x08 +#define SSH_COMPAT_SESSIONID_ENCODING 0x10 void enable_compat13(void); void enable_compat20(void); diff --git a/compress.c b/compress.c index 610aaf7e..4ec20104 100644 --- a/compress.c +++ b/compress.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: compress.c,v 1.6 2000/04/16 01:18:42 damien Exp $"); +RCSID("$OpenBSD: compress.c,v 1.8 2000/06/20 01:39:40 markus Exp $"); #include "ssh.h" #include "buffer.h" diff --git a/compress.h b/compress.h index f1318332..ce7d7fab 100644 --- a/compress.h +++ b/compress.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: compress.h,v 1.4 2000/04/16 01:18:42 damien Exp $"); */ +/* RCSID("$OpenBSD: compress.h,v 1.5 2000/06/20 01:39:40 markus Exp $"); */ #ifndef COMPRESS_H #define COMPRESS_H diff --git a/crc32.c b/crc32.c index 2d3867d0..05a1af7b 100644 --- a/crc32.c +++ b/crc32.c @@ -6,7 +6,7 @@ */ #include "includes.h" -RCSID("$Id: crc32.c,v 1.2 1999/11/24 13:26:22 damien Exp $"); +RCSID("$OpenBSD: crc32.c,v 1.5 2000/06/20 01:39:40 markus Exp $"); #include "crc32.h" diff --git a/crc32.h b/crc32.h index 15ac2999..45495b42 100644 --- a/crc32.h +++ b/crc32.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: crc32.h,v 1.4 2000/04/16 01:18:42 damien Exp $"); */ +/* RCSID("$OpenBSD: crc32.h,v 1.6 2000/06/20 01:39:40 markus Exp $"); */ #ifndef CRC32_H #define CRC32_H diff --git a/deattack.c b/deattack.c index 81b1c8ef..7f95eca3 100644 --- a/deattack.c +++ b/deattack.c @@ -1,5 +1,5 @@ /* - * $Id: deattack.c,v 1.3 1999/11/24 13:26:22 damien Exp $ + * $OpenBSD: deattack.c,v 1.7 2000/06/20 01:39:41 markus Exp $ * Cryptographic attack detector for ssh - source code * * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina. diff --git a/dispatch.c b/dispatch.c index 50f11f3c..8df08b17 100644 --- a/dispatch.c +++ b/dispatch.c @@ -27,7 +27,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$Id: dispatch.c,v 1.3 2000/04/16 01:18:42 damien Exp $"); +RCSID("$OpenBSD: dispatch.c,v 1.3 2000/06/20 01:39:41 markus Exp $"); #include "ssh.h" #include "dispatch.h" #include "packet.h" diff --git a/dsa.c b/dsa.c index 51d7ff28..c1c37bce 100644 --- a/dsa.c +++ b/dsa.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: dsa.c,v 1.7 2000/05/08 17:42:24 markus Exp $"); +RCSID("$OpenBSD: dsa.c,v 1.9 2000/06/20 01:39:41 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -72,7 +72,7 @@ dsa_key_from_blob( buffer_append(&b, blob, blen); ktype = buffer_get_string(&b, NULL); if (strcmp(KEX_DSS, ktype) != 0) { - error("dsa_key_from_blob: cannot handle type %s", ktype); + error("dsa_key_from_blob: cannot handle type %s", ktype); key_free(key); return NULL; } @@ -197,7 +197,6 @@ dsa_verify( DSA_SIG *sig; EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; - char *ktype; unsigned char *sigblob; char *txt; unsigned int len; @@ -227,14 +226,24 @@ dsa_verify( len = signaturelen; } else { /* ietf-drafts */ + char *ktype; buffer_init(&b); buffer_append(&b, (char *) signature, signaturelen); ktype = buffer_get_string(&b, NULL); + if (strcmp(KEX_DSS, ktype) != 0) { + error("dsa_verify: cannot handle type %s", ktype); + buffer_free(&b); + return -1; + } sigblob = (unsigned char *)buffer_get_string(&b, &len); rlen = buffer_len(&b); - if(rlen != 0) + if(rlen != 0) { error("remaining bytes in signature %d", rlen); + buffer_free(&b); + return -1; + } buffer_free(&b); + xfree(ktype); } if (len != SIGBLOB_LEN) { diff --git a/fingerprint.c b/fingerprint.c index 4b0966d9..801f6a6e 100644 --- a/fingerprint.c +++ b/fingerprint.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: fingerprint.c,v 1.6 2000/04/12 09:39:10 markus Exp $"); +RCSID("$OpenBSD: fingerprint.c,v 1.7 2000/06/20 01:39:41 markus Exp $"); #include "ssh.h" #include "xmalloc.h" diff --git a/fingerprint.h b/fingerprint.h index fbb0d4c4..3d7bcb32 100644 --- a/fingerprint.h +++ b/fingerprint.h @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$Id: fingerprint.h,v 1.3 1999/11/24 16:15:25 markus Exp $"); */ +/* RCSID("$OpenBSD: fingerprint.h,v 1.4 2000/06/20 01:39:41 markus Exp $"); */ #ifndef FINGERPRINT_H #define FINGERPRINT_H diff --git a/getput.h b/getput.h index 22235f5d..5f6b1411 100644 --- a/getput.h +++ b/getput.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: getput.h,v 1.3 2000/04/16 01:18:42 damien Exp $"); */ +/* RCSID("$OpenBSD: getput.h,v 1.4 2000/06/20 01:39:41 markus Exp $"); */ #ifndef GETPUT_H #define GETPUT_H diff --git a/hmac.c b/hmac.c index fe53aa47..27590ec8 100644 --- a/hmac.c +++ b/hmac.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: hmac.c,v 1.2 2000/04/12 09:39:10 markus Exp $"); +RCSID("$OpenBSD: hmac.c,v 1.3 2000/06/20 01:39:41 markus Exp $"); #include "xmalloc.h" #include "ssh.h" diff --git a/kex.c b/kex.c index 199e0426..b0d47b5b 100644 --- a/kex.c +++ b/kex.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: kex.c,v 1.9 2000/05/30 03:44:53 damien Exp $"); +RCSID("$OpenBSD: kex.c,v 1.8 2000/06/20 01:39:41 markus Exp $"); #include "ssh.h" #include "ssh2.h" diff --git a/key.c b/key.c index d474f85c..be38a88f 100644 --- a/key.c +++ b/key.c @@ -121,8 +121,6 @@ key_equal(Key *a, Key *b) return 0; } -#define FPRINT "%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x" - /* * Generate key fingerprint in ascii format. * Based on ideas and code from Bjoern Groenvall @@ -130,7 +128,7 @@ key_equal(Key *a, Key *b) char * key_fingerprint(Key *k) { - static char retval[80]; + static char retval[(EVP_MAX_MD_SIZE+1)*3]; unsigned char *blob = NULL; int len = 0; int nlen, elen; @@ -151,15 +149,22 @@ key_fingerprint(Key *k) fatal("key_fingerprint: bad key type %d", k->type); break; } + retval[0] = '\0'; + if (blob != NULL) { - unsigned char d[16]; - EVP_MD_CTX md; - EVP_DigestInit(&md, EVP_md5()); - EVP_DigestUpdate(&md, blob, len); - EVP_DigestFinal(&md, d, NULL); - snprintf(retval, sizeof(retval), FPRINT, - d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], - d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]); + int i; + unsigned char digest[EVP_MAX_MD_SIZE]; + EVP_MD *md = EVP_md5(); + EVP_MD_CTX ctx; + EVP_DigestInit(&ctx, md); + EVP_DigestUpdate(&ctx, blob, len); + EVP_DigestFinal(&ctx, digest, NULL); + for(i = 0; i < md->md_size; i++) { + char hex[4]; + snprintf(hex, sizeof(hex), "%02x:", digest[i]); + strlcat(retval, hex, sizeof(retval)); + } + retval[strlen(retval) - 1] = '\0'; memset(blob, 0, len); xfree(blob); } diff --git a/log-client.c b/log-client.c index e86a2e33..7e9fd61e 100644 --- a/log-client.c +++ b/log-client.c @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$Id: log-client.c,v 1.6 2000/04/16 01:18:43 damien Exp $"); +RCSID("$OpenBSD: log-client.c,v 1.9 2000/06/20 01:39:42 markus Exp $"); #include "xmalloc.h" #include "ssh.h" diff --git a/log-server.c b/log-server.c index 57c7b371..9db77d9e 100644 --- a/log-server.c +++ b/log-server.c @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$Id: log-server.c,v 1.10 2000/05/01 23:56:42 damien Exp $"); +RCSID("$OpenBSD: log-server.c,v 1.15 2000/06/20 01:39:42 markus Exp $"); #include #include "packet.h" diff --git a/login.c b/login.c index eb320178..c5072182 100644 --- a/login.c +++ b/login.c @@ -18,7 +18,7 @@ */ #include "includes.h" -RCSID("$Id: login.c,v 1.32 2000/06/04 17:07:49 andre Exp $"); +RCSID("$OpenBSD: login.c,v 1.14 2000/06/20 01:39:42 markus Exp $"); #include "loginrec.h" diff --git a/match.c b/match.c index 1551ed57..c4f54b2c 100644 --- a/match.c +++ b/match.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: match.c,v 1.6 2000/06/07 09:55:44 djm Exp $"); +RCSID("$OpenBSD: match.c,v 1.8 2000/06/20 01:39:42 markus Exp $"); #include "ssh.h" diff --git a/mpaux.c b/mpaux.c index 2384c826..6caae64d 100644 --- a/mpaux.c +++ b/mpaux.c @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$Id: mpaux.c,v 1.12 2000/04/16 02:31:51 damien Exp $"); +RCSID("$OpenBSD: mpaux.c,v 1.13 2000/06/20 01:39:42 markus Exp $"); #include #include "getput.h" diff --git a/mpaux.h b/mpaux.h index d3e24cfd..b05c14bf 100644 --- a/mpaux.h +++ b/mpaux.h @@ -13,7 +13,7 @@ * precision integers. */ -/* RCSID("$Id: mpaux.h,v 1.5 2000/04/16 01:18:43 damien Exp $"); */ +/* RCSID("$OpenBSD: mpaux.h,v 1.7 2000/06/20 01:39:42 markus Exp $"); */ #ifndef MPAUX_H #define MPAUX_H diff --git a/nchan.c b/nchan.c index 0ea88da3..cef56497 100644 --- a/nchan.c +++ b/nchan.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: nchan.c,v 1.10 2000/05/09 01:03:01 damien Exp $"); +RCSID("$OpenBSD: nchan.c,v 1.18 2000/06/20 01:39:42 markus Exp $"); #include "ssh.h" diff --git a/nchan.h b/nchan.h index ae2b7061..38205cfa 100644 --- a/nchan.h +++ b/nchan.h @@ -27,7 +27,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$Id: nchan.h,v 1.5 2000/04/04 04:39:02 damien Exp $"); */ +/* RCSID("$OpenBSD: nchan.h,v 1.8 2000/06/20 01:39:43 markus Exp $"); */ #ifndef NCHAN_H #define NCHAN_H diff --git a/packet.c b/packet.c index fd7a3225..137d0181 100644 --- a/packet.c +++ b/packet.c @@ -17,7 +17,7 @@ */ #include "includes.h" -RCSID("$Id: packet.c,v 1.23 2000/05/17 12:53:35 damien Exp $"); +RCSID("$OpenBSD: packet.c,v 1.33 2000/06/20 01:39:43 markus Exp $"); #include "xmalloc.h" #include "buffer.h" diff --git a/packet.h b/packet.h index b5fc196e..015d9ec8 100644 --- a/packet.h +++ b/packet.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: packet.h,v 1.15 2000/04/16 02:31:51 damien Exp $"); */ +/* RCSID("$OpenBSD: packet.h,v 1.16 2000/06/20 01:39:43 markus Exp $"); */ #ifndef PACKET_H #define PACKET_H diff --git a/pty.c b/pty.c index 21ddab5c..a6c238bd 100644 --- a/pty.c +++ b/pty.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: pty.c,v 1.19 2000/04/20 13:12:59 damien Exp $"); +RCSID("$OpenBSD: pty.c,v 1.14 2000/06/20 01:39:43 markus Exp $"); #ifdef HAVE_UTIL_H # include diff --git a/pty.h b/pty.h index a9bdeaee..28419681 100644 --- a/pty.h +++ b/pty.h @@ -13,7 +13,7 @@ * tty. */ -/* RCSID("$Id: pty.h,v 1.8 2000/04/16 01:18:44 damien Exp $"); */ +/* RCSID("$OpenBSD: pty.h,v 1.7 2000/06/20 01:39:43 markus Exp $"); */ #ifndef PTY_H #define PTY_H diff --git a/readconf.c b/readconf.c index c6d6f67d..6d015a20 100644 --- a/readconf.c +++ b/readconf.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: readconf.c,v 1.17 2000/06/18 04:50:44 djm Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.37 2000/06/20 01:39:43 markus Exp $"); #include "ssh.h" #include "cipher.h" diff --git a/readconf.h b/readconf.h index aeaf39a1..e33cebce 100644 --- a/readconf.h +++ b/readconf.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: readconf.h,v 1.12 2000/06/07 09:55:44 djm Exp $"); */ +/* RCSID("$OpenBSD: readconf.h,v 1.20 2000/06/20 01:39:43 markus Exp $"); */ #ifndef READCONF_H #define READCONF_H diff --git a/readpass.c b/readpass.c index e3402b48..c38292f1 100644 --- a/readpass.c +++ b/readpass.c @@ -32,7 +32,7 @@ */ #include "includes.h" -RCSID("$Id: readpass.c,v 1.6 2000/04/16 01:18:44 damien Exp $"); +RCSID("$OpenBSD: readpass.c,v 1.11 2000/06/20 01:39:44 markus Exp $"); #include "xmalloc.h" #include "ssh.h" diff --git a/rsa.c b/rsa.c index 1e8c434f..46ad6b6e 100644 --- a/rsa.c +++ b/rsa.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$Id: rsa.c,v 1.14 2000/04/16 01:18:45 damien Exp $"); +RCSID("$OpenBSD: rsa.c,v 1.15 2000/06/20 01:39:44 markus Exp $"); #include "rsa.h" #include "ssh.h" diff --git a/rsa.h b/rsa.h index 672f20d4..dfbf6f48 100644 --- a/rsa.h +++ b/rsa.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: rsa.h,v 1.9 2000/04/16 02:31:51 damien Exp $"); */ +/* RCSID("$OpenBSD: rsa.h,v 1.7 2000/06/20 01:39:44 markus Exp $"); */ #ifndef RSA_H #define RSA_H diff --git a/scp.c b/scp.c index 773a4f59..0a89985d 100644 --- a/scp.c +++ b/scp.c @@ -45,7 +45,7 @@ */ #include "includes.h" -RCSID("$Id: scp.c,v 1.24 2000/06/18 04:50:44 djm Exp $"); +RCSID("$OpenBSD: scp.c,v 1.32 2000/06/20 01:39:44 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -1007,7 +1007,7 @@ run_err(const char *fmt,...) * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: scp.c,v 1.24 2000/06/18 04:50:44 djm Exp $ + * $OpenBSD: scp.c,v 1.32 2000/06/20 01:39:44 markus Exp $ */ char * diff --git a/servconf.c b/servconf.c index 0e323231..12cc1526 100644 --- a/servconf.c +++ b/servconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$Id: servconf.c,v 1.19 2000/06/18 04:50:44 djm Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.45 2000/06/20 01:39:44 markus Exp $"); #include "ssh.h" #include "servconf.h" diff --git a/servconf.h b/servconf.h index 6c647c2e..c698bc74 100644 --- a/servconf.h +++ b/servconf.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: servconf.h,v 1.13 2000/06/18 04:50:44 djm Exp $"); */ +/* RCSID("$OpenBSD: servconf.h,v 1.25 2000/06/20 01:39:44 markus Exp $"); */ #ifndef SERVCONF_H #define SERVCONF_H diff --git a/ssh-add.c b/ssh-add.c index ad942397..661e1ffa 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$Id: ssh-add.c,v 1.18 2000/05/01 10:59:50 damien Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.17 2000/06/20 01:39:44 markus Exp $"); #include #include diff --git a/ssh-keygen.c b/ssh-keygen.c index 621b9c14..4b89c15e 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$Id: ssh-keygen.c,v 1.19 2000/06/07 09:55:44 djm Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.27 2000/06/20 01:39:44 markus Exp $"); #include #include diff --git a/ssh.c b/ssh.c index a5c1ac6b..f9742dc8 100644 --- a/ssh.c +++ b/ssh.c @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.34 2000/06/07 09:55:44 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.56 2000/06/20 01:39:44 markus Exp $"); #include #include diff --git a/ssh.h b/ssh.h index ed124cec..213f73de 100644 --- a/ssh.h +++ b/ssh.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: ssh.h,v 1.40 2000/05/17 12:34:24 damien Exp $"); */ +/* RCSID("$OpenBSD: ssh.h,v 1.47 2000/06/20 01:39:45 markus Exp $"); */ #ifndef SSH_H #define SSH_H diff --git a/sshconnect2.c b/sshconnect2.c index 77b8652e..ae96d534 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.13 2000/06/02 02:00:19 todd Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.15 2000/06/21 16:46:10 markus Exp $"); #include #include @@ -295,6 +295,7 @@ ssh2_try_pubkey(char *filename, unsigned char *blob, *signature; int bloblen, slen; struct stat st; + int skip = 0; if (stat(filename, &st) != 0) { debug("key does not exist: %s", filename); @@ -314,14 +315,22 @@ ssh2_try_pubkey(char *filename, success = load_private_key(filename, passphrase, k, NULL); memset(passphrase, 0, strlen(passphrase)); xfree(passphrase); - if (!success) + if (!success) { + key_free(k); return 0; + } } dsa_make_key_blob(k, &blob, &bloblen); /* data to be signed */ buffer_init(&b); - buffer_append(&b, session_id2, session_id2_len); + if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) { + buffer_put_string(&b, session_id2, session_id2_len); + skip = buffer_len(&b); + } else { + buffer_append(&b, session_id2, session_id2_len); + skip = session_id2_len; + } buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); buffer_put_cstring(&b, server_user); buffer_put_cstring(&b, @@ -340,7 +349,6 @@ ssh2_try_pubkey(char *filename, buffer_dump(&b); #endif if (datafellows & SSH_BUG_PUBKEYAUTH) { - /* e.g. ssh-2.0.13: data-to-be-signed != data-on-the-wire */ buffer_clear(&b); buffer_append(&b, session_id2, session_id2_len); buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); @@ -357,9 +365,9 @@ ssh2_try_pubkey(char *filename, xfree(signature); /* skip session id and packet type */ - if (buffer_len(&b) < session_id2_len + 1) + if (buffer_len(&b) < skip + 1) fatal("ssh2_try_pubkey: internal error"); - buffer_consume(&b, session_id2_len + 1); + buffer_consume(&b, skip + 1); /* put remaining data from buffer into packet */ packet_start(SSH2_MSG_USERAUTH_REQUEST); diff --git a/tildexpand.c b/tildexpand.c index f615362f..d10ea005 100644 --- a/tildexpand.c +++ b/tildexpand.c @@ -6,7 +6,7 @@ */ #include "includes.h" -RCSID("$Id: tildexpand.c,v 1.4 1999/12/07 04:38:32 damien Exp $"); +RCSID("$OpenBSD: tildexpand.c,v 1.7 2000/06/20 01:39:45 markus Exp $"); #include "xmalloc.h" #include "ssh.h" diff --git a/ttymodes.c b/ttymodes.c index 647c6603..f4b7af58 100644 --- a/ttymodes.c +++ b/ttymodes.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$Id: ttymodes.c,v 1.4 2000/04/16 01:18:49 damien Exp $"); +RCSID("$OpenBSD: ttymodes.c,v 1.7 2000/06/20 01:39:45 markus Exp $"); #include "packet.h" #include "ssh.h" diff --git a/ttymodes.h b/ttymodes.h index 41aad79d..b0ef2476 100644 --- a/ttymodes.h +++ b/ttymodes.h @@ -12,7 +12,7 @@ * */ -/* RCSID("$Id: ttymodes.h,v 1.4 2000/04/16 01:18:49 damien Exp $"); */ +/* RCSID("$OpenBSD: ttymodes.h,v 1.8 2000/06/20 01:39:45 markus Exp $"); */ /* The tty mode description is a stream of bytes. The stream consists of * opcode-arguments pairs. It is terminated by opcode TTY_OP_END (0). diff --git a/uidswap.c b/uidswap.c index e57be3a3..4213d34e 100644 --- a/uidswap.c +++ b/uidswap.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$Id: uidswap.c,v 1.5 2000/04/16 01:18:49 damien Exp $"); +RCSID("$OpenBSD: uidswap.c,v 1.7 2000/06/20 01:39:45 markus Exp $"); #include "ssh.h" #include "uidswap.h" diff --git a/xmalloc.c b/xmalloc.c index fb29a62e..ec62c580 100644 --- a/xmalloc.c +++ b/xmalloc.c @@ -8,7 +8,7 @@ */ #include "includes.h" -RCSID("$Id: xmalloc.c,v 1.3 2000/04/16 01:18:49 damien Exp $"); +RCSID("$OpenBSD: xmalloc.c,v 1.7 2000/06/20 01:39:45 markus Exp $"); #include "ssh.h" diff --git a/xmalloc.h b/xmalloc.h index a5603522..b11b49cb 100644 --- a/xmalloc.h +++ b/xmalloc.h @@ -14,7 +14,7 @@ * */ -/* RCSID("$Id: xmalloc.h,v 1.3 2000/04/16 01:18:49 damien Exp $"); */ +/* RCSID("$OpenBSD: xmalloc.h,v 1.4 2000/06/20 01:39:45 markus Exp $"); */ #ifndef XMALLOC_H #define XMALLOC_H -- cgit v1.2.1