/*
- * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
+ * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
*/
#include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.56 2001/12/19 07:18:56 deraadt Exp $");
+RCSID("$OpenBSD: compat.c,v 1.71 2005/03/01 10:09:52 djm Exp $");
+#include "buffer.h"
#include "packet.h"
#include "xmalloc.h"
#include "compat.h"
void
enable_compat20(void)
{
- verbose("Enabling compatibility mode for protocol 2.0");
+ debug("Enabling compatibility mode for protocol 2.0");
compat20 = 1;
}
void
enable_compat13(void)
{
- verbose("Enabling compatibility mode for protocol 1.3");
+ debug("Enabling compatibility mode for protocol 1.3");
compat13 = 1;
}
/* datafellows bug compatibility */
"OpenSSH-2.1*,"
"OpenSSH_2.1*,"
"OpenSSH_2.2*", SSH_OLD_SESSIONID|SSH_BUG_BANNER|
- SSH_OLD_DHGEX|SSH_BUG_NOREKEY },
+ SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
+ SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
{ "OpenSSH_2.3.0*", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES|
- SSH_OLD_DHGEX|SSH_BUG_NOREKEY},
+ SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
+ SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
{ "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX|
- SSH_BUG_NOREKEY},
+ SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
+ SSH_OLD_FORWARD_ADDR},
{ "OpenSSH_2.5.0p1*,"
"OpenSSH_2.5.1p1*",
SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX|
- SSH_BUG_NOREKEY },
+ SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
+ SSH_OLD_FORWARD_ADDR},
{ "OpenSSH_2.5.0*,"
"OpenSSH_2.5.1*,"
- "OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY },
- { "OpenSSH_2.5.3*",
- SSH_BUG_NOREKEY },
+ "OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
+ SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
+ { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
+ SSH_OLD_FORWARD_ADDR},
+ { "OpenSSH_2.*,"
+ "OpenSSH_3.0*,"
+ "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
+ { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR },
+ { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
{ "OpenSSH*", 0 },
{ "*MindTerm*", 0 },
{ "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
- SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE },
+ SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
+ SSH_BUG_FIRSTKEX },
{ "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
- SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE },
+ SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
+ SSH_BUG_FIRSTKEX },
{ "2.0.13*,"
"2.0.14*,"
"2.0.15*,"
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE|
- SSH_BUG_DUMMYCHAN },
+ SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
{ "2.0.11*,"
"2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKAUTH|SSH_BUG_PKOK|
SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
- SSH_BUG_DUMMYCHAN },
+ SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
{ "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKAUTH|SSH_BUG_PKOK|
SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
- SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN },
+ SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN|
+ SSH_BUG_FIRSTKEX },
{ "2.2.0*,"
"2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG|
- SSH_BUG_RSASIGMD5 },
- { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5 },
+ SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX },
+ { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
+ SSH_BUG_FIRSTKEX },
{ "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */
- { "2.*", SSH_BUG_DEBUG },
+ { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX },
{ "3.0.*", SSH_BUG_DEBUG },
{ "3.0 SecureCRT*", SSH_OLD_SESSIONID },
{ "1.7 SecureFX*", SSH_OLD_SESSIONID },
"1.2.20*,"
"1.2.21*,"
"1.2.22*", SSH_BUG_IGNOREMSG },
- { "1.3.2*", SSH_BUG_IGNOREMSG }, /* f-secure */
+ { "1.3.2*", /* F-Secure */
+ SSH_BUG_IGNOREMSG },
{ "*SSH Compatible Server*", /* Netscreen */
SSH_BUG_PASSWORDPAD },
{ "*OSU_0*,"
"OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD },
{ "*SSH_Version_Mapper*",
SSH_BUG_SCANNER },
+ { "Probe-*",
+ SSH_BUG_PROBE },
{ NULL, 0 }
};
ret |= SSH_PROTO_2;
break;
default:
- log("ignoring bad proto spec: '%s'.", p);
+ logit("ignoring bad proto spec: '%s'.", p);
break;
}
}
char *
compat_cipher_proposal(char *cipher_prop)
{
+ Buffer b;
char *orig_prop, *fix_ciphers;
char *cp, *tmp;
- size_t len;
if (!(datafellows & SSH_BUG_BIGENDIANAES))
return(cipher_prop);
- len = strlen(cipher_prop) + 1;
- fix_ciphers = xmalloc(len);
- *fix_ciphers = '\0';
+ buffer_init(&b);
tmp = orig_prop = xstrdup(cipher_prop);
while ((cp = strsep(&tmp, ",")) != NULL) {
- if (strncmp(cp, "aes", 3) && strncmp(cp, "rijndael", 8)) {
- if (*fix_ciphers)
- strlcat(fix_ciphers, ",", len);
- strlcat(fix_ciphers, cp, len);
+ if (strncmp(cp, "aes", 3) != 0) {
+ if (buffer_len(&b) > 0)
+ buffer_append(&b, ",", 1);
+ buffer_append(&b, cp, strlen(cp));
}
}
+ buffer_append(&b, "\0", 1);
+ fix_ciphers = xstrdup(buffer_ptr(&b));
+ buffer_free(&b);
xfree(orig_prop);
debug2("Original cipher proposal: %s", cipher_prop);
debug2("Compat cipher proposal: %s", fix_ciphers);