- markus@cvs.openbsd.org 2001/03/23 14:28:32

[openssh.git] / sshd.c

diff --git a/sshd.c b/sshd.c
index fcb06e0d5e9e1ed55ca2265ffe022e15b921c413..0ac78cbafa8e34975ce7b964004b20231307308e 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.173 2001/03/05 17:17:21 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.178 2001/03/23 14:28:32 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -149,7 +149,7 @@ char *server_version_string = NULL;
  * not very useful.  Currently, memory locking is not implemented.
  */
 struct {
-       Key     *server_key;            /* empheral server key */
+       Key     *server_key;            /* ephemeral server key */
        Key     *ssh1_host_key;         /* ssh1 host key */
        Key     **host_keys;            /* all private host keys */
        int     have_ssh1_key;
@@ -273,7 +273,7 @@ grace_alarm_handler(int sig)
  * problems.
  */
 void
-generate_empheral_server_key(void)
+generate_ephemeral_server_key(void)
 {
        u_int32_t rand = 0;
        int i;
@@ -344,8 +344,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
                                fatal_cleanup();
                        }
                        if (buf[i] == '\r') {
-                               buf[i] = '\n';
-                               buf[i + 1] = 0;
+                               buf[i] = 0;
                                /* Kludge for F-Secure Macintosh < 1.0.2 */
                                if (i == 12 &&
                                    strncmp(buf, "SSH-1.5-W1.0", 12) == 0)
@@ -353,8 +352,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
                                continue;
                        }
                        if (buf[i] == '\n') {
-                               /* buf[i] == '\n' */
-                               buf[i + 1] = 0;
+                               buf[i] = 0;
                                break;
                        }
                }
@@ -381,6 +379,12 @@ sshd_exchange_identification(int sock_in, int sock_out)
 
        compat_datafellows(remote_version);
 
+       if (datafellows & SSH_BUG_SCANNER) {
+               log("scanned from %s with %s.  Don't panic.",
+                   get_remote_ipaddr(), client_version_string);
+               fatal_cleanup();
+       }
+
        mismatch = 0;
        switch(remote_major) {
        case 1:
@@ -414,7 +418,6 @@ sshd_exchange_identification(int sock_in, int sock_out)
                break;
        }
        chop(server_version_string);
-       chop(client_version_string);
        debug("Local version string %.200s", server_version_string);
 
        if (mismatch) {
@@ -687,6 +690,8 @@ main(int ac, char **av)
            options.log_facility == -1 ? SYSLOG_FACILITY_AUTH : options.log_facility,
            !inetd_flag);
 
+       seed_rng();
+
        /* Read server configuration options from the configuration file. */
        read_server_config(&options, config_file_name);
 
@@ -804,6 +809,9 @@ main(int ac, char **av)
        /* Chdir to the root directory so that the current disk can be
           unmounted if desired. */
        chdir("/");
+       
+       /* ignore SIGPIPE */
+       signal(SIGPIPE, SIG_IGN);
 
        /* Start listening for a socket, unless started from inetd. */
        if (inetd_flag) {
@@ -820,7 +828,7 @@ main(int ac, char **av)
                 */
                debug("inetd sockets after dupping: %d, %d", sock_in, sock_out);
                if (options.protocol & SSH_PROTO_1)
-                       generate_empheral_server_key();
+                       generate_ephemeral_server_key();
        } else {
                for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
                        if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
@@ -898,7 +906,7 @@ main(int ac, char **av)
                        }
                }
                if (options.protocol & SSH_PROTO_1)
-                       generate_empheral_server_key();
+                       generate_ephemeral_server_key();
 
                /* Arrange to restart on SIGHUP.  The handler needs listen_sock. */
                signal(SIGHUP, sighup_handler);
@@ -944,7 +952,7 @@ main(int ac, char **av)
                        if (ret < 0 && errno != EINTR)
                                error("select: %.100s", strerror(errno));
                        if (key_used && key_do_regen) {
-                               generate_empheral_server_key();
+                               generate_ephemeral_server_key();
                                key_used = 0;
                                key_do_regen = 0;
                        }
@@ -1445,6 +1453,9 @@ do_ssh2_kex(void)
        }
        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
 
+       myproposal[PROPOSAL_ENC_ALGS_STOC] =
+           compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
+
        server_kexinit = kex_init(myproposal);
        client_kexinit = xmalloc(sizeof(*client_kexinit));
        buffer_init(client_kexinit);