| | 1 | /* |
| | 2 | * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. |
| | 3 | * |
| | 4 | * Redistribution and use in source and binary forms, with or without |
| | 5 | * modification, are permitted provided that the following conditions |
| | 6 | * are met: |
| | 7 | * 1. Redistributions of source code must retain the above copyright |
| | 8 | * notice, this list of conditions and the following disclaimer. |
| | 9 | * 2. Redistributions in binary form must reproduce the above copyright |
| | 10 | * notice, this list of conditions and the following disclaimer in the |
| | 11 | * documentation and/or other materials provided with the distribution. |
| | 12 | * |
| | 13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| | 14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| | 15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| | 16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| | 17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| | 18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| | 19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| | 20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| | 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| | 23 | */ |
| | 24 | |
| | 25 | #include "includes.h" |
| | 26 | RCSID("$OpenBSD: compat.c,v 1.52 2001/09/17 21:09:47 markus Exp $"); |
| | 27 | |
| | 28 | #ifdef HAVE_LIBPCRE |
| | 29 | # include <pcreposix.h> |
| | 30 | #else /* Use native regex libraries */ |
| | 31 | # ifdef HAVE_REGEX_H |
| | 32 | # include <regex.h> |
| | 33 | # else |
| | 34 | # include "openbsd-compat/fake-regex.h" |
| | 35 | # endif |
| | 36 | #endif /* HAVE_LIBPCRE */ |
| | 37 | |
| | 38 | #include "packet.h" |
| | 39 | #include "xmalloc.h" |
| | 40 | #include "compat.h" |
| | 41 | #include "log.h" |
| | 42 | |
| | 43 | int compat13 = 0; |
| | 44 | int compat20 = 0; |
| | 45 | int datafellows = 0; |
| | 46 | |
| | 47 | void |
| | 48 | enable_compat20(void) |
| | 49 | { |
| | 50 | verbose("Enabling compatibility mode for protocol 2.0"); |
| | 51 | compat20 = 1; |
| | 52 | } |
| | 53 | void |
| | 54 | enable_compat13(void) |
| | 55 | { |
| | 56 | verbose("Enabling compatibility mode for protocol 1.3"); |
| | 57 | compat13 = 1; |
| | 58 | } |
| | 59 | /* datafellows bug compatibility */ |
| | 60 | void |
| | 61 | compat_datafellows(const char *version) |
| | 62 | { |
| | 63 | int i, ret; |
| | 64 | char ebuf[1024]; |
| | 65 | regex_t reg; |
| | 66 | static struct { |
| | 67 | char *pat; |
| | 68 | int bugs; |
| | 69 | } check[] = { |
| | 70 | { "^OpenSSH[-_]2\\.[012]", |
| | 71 | SSH_OLD_SESSIONID|SSH_BUG_BANNER| |
| | 72 | SSH_OLD_DHGEX|SSH_BUG_NOREKEY }, |
| | 73 | { "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES| |
| | 74 | SSH_OLD_DHGEX|SSH_BUG_NOREKEY}, |
| | 75 | { "^OpenSSH_2\\.3\\.", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| |
| | 76 | SSH_BUG_NOREKEY}, |
| | 77 | { "^OpenSSH_2\\.5\\.[01]p1", |
| | 78 | SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| |
| | 79 | SSH_BUG_NOREKEY }, |
| | 80 | { "^OpenSSH_2\\.5\\.[012]", |
| | 81 | SSH_OLD_DHGEX|SSH_BUG_NOREKEY }, |
| | 82 | { "^OpenSSH_2\\.5\\.3", |
| | 83 | SSH_BUG_NOREKEY }, |
| | 84 | { "^OpenSSH", 0 }, |
| | 85 | { "MindTerm", 0 }, |
| | 86 | { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
| | 87 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
| | 88 | SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, |
| | 89 | { "^2\\.1 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
| | 90 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
| | 91 | SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, |
| | 92 | { "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
| | 93 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
| | 94 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
| | 95 | SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| |
| | 96 | SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE }, |
| | 97 | { "^2\\.0\\.1[1-2]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
| | 98 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
| | 99 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
| | 100 | SSH_BUG_PKAUTH|SSH_BUG_PKOK| |
| | 101 | SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE }, |
| | 102 | { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
| | 103 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
| | 104 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
| | 105 | SSH_BUG_PKAUTH|SSH_BUG_PKOK| |
| | 106 | SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| |
| | 107 | SSH_BUG_DERIVEKEY }, |
| | 108 | { "^2\\.[23]\\.0", SSH_BUG_HMAC|SSH_BUG_DEBUG| |
| | 109 | SSH_BUG_RSASIGMD5 }, |
| | 110 | { "^2\\.3\\.", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5 }, |
| | 111 | { "^2\\.[2-9]\\.", SSH_BUG_DEBUG }, |
| | 112 | { "^3\\.0\\.", SSH_BUG_DEBUG }, |
| | 113 | { "^2\\.4$", SSH_OLD_SESSIONID }, /* Van Dyke */ |
| | 114 | { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID }, |
| | 115 | { "^1\\.7 SecureFX", SSH_OLD_SESSIONID }, |
| | 116 | { "^1\\.2\\.1[89]", SSH_BUG_IGNOREMSG }, |
| | 117 | { "^1\\.2\\.2[012]", SSH_BUG_IGNOREMSG }, |
| | 118 | { "^1\\.3\\.2", SSH_BUG_IGNOREMSG }, /* f-secure */ |
| | 119 | { "^SSH Compatible Server", /* Netscreen */ |
| | 120 | SSH_BUG_PASSWORDPAD }, |
| | 121 | { "^OSU_0", SSH_BUG_PASSWORDPAD }, |
| | 122 | { "^OSU_1\\.[0-4]", SSH_BUG_PASSWORDPAD }, |
| | 123 | { "^OSU_1\\.5alpha[1-3]", |
| | 124 | SSH_BUG_PASSWORDPAD }, |
| | 125 | { "^SSH_Version_Mapper", |
| | 126 | SSH_BUG_SCANNER }, |
| | 127 | { NULL, 0 } |
| | 128 | }; |
| | 129 | /* process table, return first match */ |
| | 130 | for (i = 0; check[i].pat; i++) { |
| | 131 | ret = regcomp(®, check[i].pat, REG_EXTENDED|REG_NOSUB); |
| | 132 | if (ret != 0) { |
| | 133 | regerror(ret, ®, ebuf, sizeof(ebuf)); |
| | 134 | ebuf[sizeof(ebuf)-1] = '\0'; |
| | 135 | error("regerror: %s", ebuf); |
| | 136 | continue; |
| | 137 | } |
| | 138 | ret = regexec(®, version, 0, NULL, 0); |
| | 139 | regfree(®); |
| | 140 | if (ret == 0) { |
| | 141 | debug("match: %s pat %s", version, check[i].pat); |
| | 142 | datafellows = check[i].bugs; |
| | 143 | return; |
| | 144 | } |
| | 145 | } |
| | 146 | debug("no match: %s", version); |
| | 147 | } |
| | 148 | |
| | 149 | #define SEP "," |
| | 150 | int |
| | 151 | proto_spec(const char *spec) |
| | 152 | { |
| | 153 | char *s, *p, *q; |
| | 154 | int ret = SSH_PROTO_UNKNOWN; |
| | 155 | |
| | 156 | if (spec == NULL) |
| | 157 | return ret; |
| | 158 | q = s = xstrdup(spec); |
| | 159 | for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) { |
| | 160 | switch(atoi(p)) { |
| | 161 | case 1: |
| | 162 | if (ret == SSH_PROTO_UNKNOWN) |
| | 163 | ret |= SSH_PROTO_1_PREFERRED; |
| | 164 | ret |= SSH_PROTO_1; |
| | 165 | break; |
| | 166 | case 2: |
| | 167 | ret |= SSH_PROTO_2; |
| | 168 | break; |
| | 169 | default: |
| | 170 | log("ignoring bad proto spec: '%s'.", p); |
| | 171 | break; |
| | 172 | } |
| | 173 | } |
| | 174 | xfree(s); |
| | 175 | return ret; |
| | 176 | } |
| | 177 | |
| | 178 | char * |
| | 179 | compat_cipher_proposal(char *cipher_prop) |
| | 180 | { |
| | 181 | char *orig_prop, *fix_ciphers; |
| | 182 | char *cp, *tmp; |
| | 183 | size_t len; |
| | 184 | |
| | 185 | if (!(datafellows & SSH_BUG_BIGENDIANAES)) |
| | 186 | return(cipher_prop); |
| | 187 | |
| | 188 | len = strlen(cipher_prop) + 1; |
| | 189 | fix_ciphers = xmalloc(len); |
| | 190 | *fix_ciphers = '\0'; |
| | 191 | tmp = orig_prop = xstrdup(cipher_prop); |
| | 192 | while((cp = strsep(&tmp, ",")) != NULL) { |
| | 193 | if (strncmp(cp, "aes", 3) && strncmp(cp, "rijndael", 8)) { |
| | 194 | if (*fix_ciphers) |
| | 195 | strlcat(fix_ciphers, ",", len); |
| | 196 | strlcat(fix_ciphers, cp, len); |
| | 197 | } |
| | 198 | } |
| | 199 | xfree(orig_prop); |
| | 200 | debug2("Original cipher proposal: %s", cipher_prop); |
| | 201 | debug2("Compat cipher proposal: %s", fix_ciphers); |
| | 202 | if (!*fix_ciphers) |
| | 203 | fatal("No available ciphers found."); |
| | 204 | |
| | 205 | return(fix_ciphers); |
| | 206 | } |
andersk / openssh.git / blame_incremental