upstream: Log errors in kex_exchange_identification() with level

verbose instead of error to reduce preauth log spam. All of those get logged
with a more generic error message by sshpkt_fatal().

feedback from sthen@
ok djm@

OpenBSD-Commit-ID: bd47dab4695b134a44c379f0e9a39eed33047809

diff --git a/kex.c b/kex.c
index fd04bb0b5c10a9ce6f0758a4b31cf2462fa5a502..502da12ed539b10dc0cb24e489b5bafe8a6e07d4 100644 (file)
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.179 2023/08/18 01:37:41 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.180 2023/08/21 21:16:18 tobhe Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -1353,7 +1353,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
                        len = atomicio(read, ssh_packet_get_connection_in(ssh),
                            &c, 1);
                        if (len != 1 && errno == EPIPE) {
-                               error_f("Connection closed by remote host");
+                               verbose_f("Connection closed by remote host");
                                r = SSH_ERR_CONN_CLOSED;
                                goto out;
                        } else if (len != 1) {
@@ -1369,7 +1369,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
                        if (c == '\n')
                                break;
                        if (c == '\0' || expect_nl) {
-                               error_f("banner line contains invalid "
+                               verbose_f("banner line contains invalid "
                                    "characters");
                                goto invalid;
                        }
@@ -1379,7 +1379,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
                                goto out;
                        }
                        if (sshbuf_len(peer_version) > SSH_MAX_BANNER_LEN) {
-                               error_f("banner line too long");
+                               verbose_f("banner line too long");
                                goto invalid;
                        }
                }
@@ -1395,7 +1395,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
                }
                /* Do not accept lines before the SSH ident from a client */
                if (ssh->kex->server) {
-                       error_f("client sent invalid protocol identifier "
+                       verbose_f("client sent invalid protocol identifier "
                            "\"%.256s\"", cp);
                        free(cp);
                        goto invalid;