]>
Commit | Line | Data |
---|---|---|
aa3378df | 1 | /* |
a96070d4 | 2 | * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. |
aa3378df | 3 | * |
4 | * Redistribution and use in source and binary forms, with or without | |
5 | * modification, are permitted provided that the following conditions | |
6 | * are met: | |
7 | * 1. Redistributions of source code must retain the above copyright | |
8 | * notice, this list of conditions and the following disclaimer. | |
9 | * 2. Redistributions in binary form must reproduce the above copyright | |
10 | * notice, this list of conditions and the following disclaimer in the | |
11 | * documentation and/or other materials provided with the distribution. | |
aa3378df | 12 | * |
13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
23 | */ | |
24 | ||
8efc0c15 | 25 | #include "includes.h" |
b6761a3e | 26 | RCSID("$OpenBSD: compat.c,v 1.52 2001/09/17 21:09:47 markus Exp $"); |
8efc0c15 | 27 | |
66d6c27e | 28 | #ifdef HAVE_LIBPCRE |
29 | # include <pcreposix.h> | |
d8f1edd5 | 30 | #else /* Use native regex libraries */ |
47af6577 | 31 | # ifdef HAVE_REGEX_H |
32 | # include <regex.h> | |
33 | # else | |
7411201c | 34 | # include "openbsd-compat/fake-regex.h" |
47af6577 | 35 | # endif |
bc6bf501 | 36 | #endif /* HAVE_LIBPCRE */ |
8efc0c15 | 37 | |
42f11eb2 | 38 | #include "packet.h" |
39 | #include "xmalloc.h" | |
40 | #include "compat.h" | |
41 | #include "log.h" | |
42 | ||
5260325f | 43 | int compat13 = 0; |
7e7327a1 | 44 | int compat20 = 0; |
45 | int datafellows = 0; | |
5260325f | 46 | |
6ae2364d | 47 | void |
7e7327a1 | 48 | enable_compat20(void) |
49 | { | |
8ce64345 | 50 | verbose("Enabling compatibility mode for protocol 2.0"); |
51 | compat20 = 1; | |
7e7327a1 | 52 | } |
6ae2364d | 53 | void |
5260325f | 54 | enable_compat13(void) |
55 | { | |
56 | verbose("Enabling compatibility mode for protocol 1.3"); | |
57 | compat13 = 1; | |
8efc0c15 | 58 | } |
7e7327a1 | 59 | /* datafellows bug compatibility */ |
60 | void | |
61 | compat_datafellows(const char *version) | |
62 | { | |
94ec8c6b | 63 | int i, ret; |
64 | char ebuf[1024]; | |
65 | regex_t reg; | |
66 | static struct { | |
67 | char *pat; | |
d0c832f3 | 68 | int bugs; |
69 | } check[] = { | |
eea39c02 | 70 | { "^OpenSSH[-_]2\\.[012]", |
db1cd2f3 | 71 | SSH_OLD_SESSIONID|SSH_BUG_BANNER| |
255cfda1 | 72 | SSH_OLD_DHGEX|SSH_BUG_NOREKEY }, |
db1cd2f3 | 73 | { "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES| |
255cfda1 | 74 | SSH_OLD_DHGEX|SSH_BUG_NOREKEY}, |
75 | { "^OpenSSH_2\\.3\\.", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| | |
76 | SSH_BUG_NOREKEY}, | |
80cd07ae | 77 | { "^OpenSSH_2\\.5\\.[01]p1", |
255cfda1 | 78 | SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| |
79 | SSH_BUG_NOREKEY }, | |
db1cd2f3 | 80 | { "^OpenSSH_2\\.5\\.[012]", |
255cfda1 | 81 | SSH_OLD_DHGEX|SSH_BUG_NOREKEY }, |
82 | { "^OpenSSH_2\\.5\\.3", | |
83 | SSH_BUG_NOREKEY }, | |
eea39c02 | 84 | { "^OpenSSH", 0 }, |
33de75a3 | 85 | { "MindTerm", 0 }, |
cbc5abf9 | 86 | { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
a4da628b | 87 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
8002af61 | 88 | SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, |
1b5dfeb2 | 89 | { "^2\\.1 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
a4da628b | 90 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
8002af61 | 91 | SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, |
cbc5abf9 | 92 | { "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
f72fc97f | 93 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
fee56204 | 94 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
8dddf799 | 95 | SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| |
fbe90f7b | 96 | SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE }, |
ec430473 | 97 | { "^2\\.0\\.1[1-2]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
f72fc97f | 98 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
99 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| | |
a4da628b | 100 | SSH_BUG_PKAUTH|SSH_BUG_PKOK| |
fbe90f7b | 101 | SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE }, |
eef7adcb | 102 | { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
103 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | |
104 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| | |
105 | SSH_BUG_PKAUTH|SSH_BUG_PKOK| | |
106 | SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| | |
107 | SSH_BUG_DERIVEKEY }, | |
b6761a3e | 108 | { "^2\\.[23]\\.0", SSH_BUG_HMAC|SSH_BUG_DEBUG| |
109 | SSH_BUG_RSASIGMD5 }, | |
110 | { "^2\\.3\\.", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5 }, | |
111 | { "^2\\.[2-9]\\.", SSH_BUG_DEBUG }, | |
112 | { "^3\\.0\\.", SSH_BUG_DEBUG }, | |
99c415db | 113 | { "^2\\.4$", SSH_OLD_SESSIONID }, /* Van Dyke */ |
114 | { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID }, | |
115 | { "^1\\.7 SecureFX", SSH_OLD_SESSIONID }, | |
116 | { "^1\\.2\\.1[89]", SSH_BUG_IGNOREMSG }, | |
117 | { "^1\\.2\\.2[012]", SSH_BUG_IGNOREMSG }, | |
5adb303f | 118 | { "^1\\.3\\.2", SSH_BUG_IGNOREMSG }, /* f-secure */ |
99c415db | 119 | { "^SSH Compatible Server", /* Netscreen */ |
120 | SSH_BUG_PASSWORDPAD }, | |
121 | { "^OSU_0", SSH_BUG_PASSWORDPAD }, | |
122 | { "^OSU_1\\.[0-4]", SSH_BUG_PASSWORDPAD }, | |
123 | { "^OSU_1\\.5alpha[1-3]", | |
124 | SSH_BUG_PASSWORDPAD }, | |
3a1c54d4 | 125 | { "^SSH_Version_Mapper", |
126 | SSH_BUG_SCANNER }, | |
33de75a3 | 127 | { NULL, 0 } |
7e7327a1 | 128 | }; |
14a9a859 | 129 | /* process table, return first match */ |
94ec8c6b | 130 | for (i = 0; check[i].pat; i++) { |
131 | ret = regcomp(®, check[i].pat, REG_EXTENDED|REG_NOSUB); | |
132 | if (ret != 0) { | |
133 | regerror(ret, ®, ebuf, sizeof(ebuf)); | |
134 | ebuf[sizeof(ebuf)-1] = '\0'; | |
135 | error("regerror: %s", ebuf); | |
136 | continue; | |
137 | } | |
138 | ret = regexec(®, version, 0, NULL, 0); | |
139 | regfree(®); | |
140 | if (ret == 0) { | |
13af0aa2 | 141 | debug("match: %s pat %s", version, check[i].pat); |
d0c832f3 | 142 | datafellows = check[i].bugs; |
7e7327a1 | 143 | return; |
144 | } | |
145 | } | |
94ec8c6b | 146 | debug("no match: %s", version); |
7e7327a1 | 147 | } |
a8be9f80 | 148 | |
149 | #define SEP "," | |
150 | int | |
151 | proto_spec(const char *spec) | |
152 | { | |
089fbbd2 | 153 | char *s, *p, *q; |
a8be9f80 | 154 | int ret = SSH_PROTO_UNKNOWN; |
155 | ||
71276795 | 156 | if (spec == NULL) |
157 | return ret; | |
089fbbd2 | 158 | q = s = xstrdup(spec); |
159 | for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) { | |
a8be9f80 | 160 | switch(atoi(p)) { |
161 | case 1: | |
162 | if (ret == SSH_PROTO_UNKNOWN) | |
163 | ret |= SSH_PROTO_1_PREFERRED; | |
164 | ret |= SSH_PROTO_1; | |
165 | break; | |
166 | case 2: | |
167 | ret |= SSH_PROTO_2; | |
168 | break; | |
169 | default: | |
170 | log("ignoring bad proto spec: '%s'.", p); | |
171 | break; | |
172 | } | |
173 | } | |
174 | xfree(s); | |
175 | return ret; | |
176 | } | |
80cd07ae | 177 | |
178 | char * | |
179 | compat_cipher_proposal(char *cipher_prop) | |
180 | { | |
181 | char *orig_prop, *fix_ciphers; | |
182 | char *cp, *tmp; | |
183 | size_t len; | |
184 | ||
185 | if (!(datafellows & SSH_BUG_BIGENDIANAES)) | |
186 | return(cipher_prop); | |
187 | ||
188 | len = strlen(cipher_prop) + 1; | |
189 | fix_ciphers = xmalloc(len); | |
190 | *fix_ciphers = '\0'; | |
191 | tmp = orig_prop = xstrdup(cipher_prop); | |
192 | while((cp = strsep(&tmp, ",")) != NULL) { | |
193 | if (strncmp(cp, "aes", 3) && strncmp(cp, "rijndael", 8)) { | |
194 | if (*fix_ciphers) | |
195 | strlcat(fix_ciphers, ",", len); | |
196 | strlcat(fix_ciphers, cp, len); | |
197 | } | |
198 | } | |
199 | xfree(orig_prop); | |
200 | debug2("Original cipher proposal: %s", cipher_prop); | |
201 | debug2("Compat cipher proposal: %s", fix_ciphers); | |
202 | if (!*fix_ciphers) | |
203 | fatal("No available ciphers found."); | |
204 | ||
205 | return(fix_ciphers); | |
206 | } |