[channels.c nchan.c nchan.h]
make sure remote stderr does not get truncated.
remove closed fd's from the select mask.
+ - markus@cvs.openbsd.org 2001/02/28 09:57:07
+ [packet.c packet.h sshconnect2.c]
+ in ssh protocol v2 use ignore messages for padding (instead of
+ trailing \0).
20010304
- (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.872 2001/03/05 06:16:11 mouring Exp $
+$Id: ChangeLog,v 1.873 2001/03/05 06:17:49 mouring Exp $
*/
#include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.52 2001/02/27 10:35:27 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.53 2001/02/28 09:57:06 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
max_packet_size = s;
return s;
}
+
+/*
+ * 9.2. Ignored Data Message
+ *
+ * byte SSH_MSG_IGNORE
+ * string data
+ *
+ * All implementations MUST understand (and ignore) this message at any
+ * time (after receiving the protocol version). No implementation is
+ * required to send them. This message can be used as an additional
+ * protection measure against advanced traffic analysis techniques.
+ */
+/* size of current + ignore message should be n*sumlen bytes (w/o mac) */
+void
+packet_inject_ignore(int sumlen)
+{
+ u_int32_t rand = 0;
+ int i, blocksize, padlen, have, need, nb, mini, nbytes;
+ Enc *enc = NULL;
+
+ if (use_ssh2_packet_format == 0)
+ return;
+
+ have = buffer_len(&outgoing_packet);
+ debug2("packet_inject_ignore: current %d", have);
+ if (kex != NULL)
+ enc = &kex->enc[MODE_OUT];
+ blocksize = enc ? enc->cipher->block_size : 8;
+ padlen = blocksize - (have % blocksize);
+ if (padlen < 4)
+ padlen += blocksize;
+ have += padlen;
+ have /= blocksize; /* # of blocks for current message */
+
+ nb = roundup(sumlen, blocksize) / blocksize; /* blocks for both */
+ mini = roundup(5+1+4+4, blocksize) / blocksize; /* minsize ignore msg */
+ need = nb - (have % nb); /* blocks for ignore */
+ if (need <= mini)
+ need += nb;
+ nbytes = (need - mini) * blocksize; /* size of ignore payload */
+ debug2("packet_inject_ignore: block %d have %d nb %d mini %d need %d",
+ blocksize, have, nb, mini, need);
+
+ /* enqueue current message and append a ignore message */
+ packet_send();
+ packet_start(SSH2_MSG_IGNORE);
+ packet_put_int(nbytes);
+ for(i = 0; i < nbytes; i++) {
+ if (i % 4 == 0)
+ rand = arc4random();
+ packet_put_char(rand & 0xff);
+ rand >>= 8;
+ }
+}
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: packet.h,v 1.19 2001/01/13 18:32:50 markus Exp $"); */
+/* RCSID("$OpenBSD: packet.h,v 1.20 2001/02/28 09:57:07 markus Exp $"); */
#ifndef PACKET_H
#define PACKET_H
/* returns remaining payload bytes */
int packet_remaining(void);
+/* append an ignore message */
+void packet_inject_ignore(int sumlen);
+
#endif /* PACKET_H */
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.48 2001/02/15 23:19:59 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.49 2001/02/28 09:57:07 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
packet_put_cstring(authctxt->service);
packet_put_cstring(authctxt->method->name);
packet_put_char(0);
- ssh_put_password(password);
+ packet_put_cstring(password);
memset(password, 0, strlen(password));
xfree(password);
+ packet_inject_ignore(64);
packet_send();
packet_write_wait();
return 1;
response = cli_prompt(prompt, echo);
- ssh_put_password(response);
+ packet_put_cstring(response);
memset(response, 0, strlen(response));
xfree(response);
xfree(prompt);
}
packet_done(); /* done with parsing incoming message. */
+ packet_inject_ignore(64);
packet_send();
packet_write_wait();
}
projects / thirdparty / openssh-portable.git / commitdiff
