X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/51e7a01216be5a8198599b468bb7cc987aad9917..d837615aa540e1d403bd3eaff7b62027cb3097f6:/packet.c diff --git a/packet.c b/packet.c index ea0a82e2..f82a63c4 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.131 2006/03/30 09:58:16 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.148 2007/06/07 19:37:34 pvalchev Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -39,25 +39,38 @@ #include "includes.h" +#include #include "openbsd-compat/sys-queue.h" -#include +#include +#include +#ifdef HAVE_SYS_TIME_H +# include +#endif + +#include #include +#include + +#include +#include +#include +#include +#include +#include +#include #include "xmalloc.h" #include "buffer.h" #include "packet.h" -#include "bufaux.h" #include "crc32.h" - #include "compress.h" #include "deattack.h" #include "channels.h" - #include "compat.h" #include "ssh1.h" #include "ssh2.h" - #include "cipher.h" +#include "key.h" #include "kex.h" #include "mac.h" #include "log.h" @@ -616,7 +629,7 @@ set_newkeys(int mode) enc = &newkeys[mode]->enc; mac = &newkeys[mode]->mac; comp = &newkeys[mode]->comp; - memset(mac->key, 0, mac->key_len); + mac_clear(mac); xfree(enc->name); xfree(enc->iv); xfree(enc->key); @@ -631,14 +644,15 @@ set_newkeys(int mode) enc = &newkeys[mode]->enc; mac = &newkeys[mode]->mac; comp = &newkeys[mode]->comp; - if (mac->md != NULL) + if (mac_init(mac) == 0) mac->enabled = 1; DBG(debug("cipher_init_context: %d", mode)); cipher_init(cc, enc->cipher, enc->key, enc->key_len, enc->iv, enc->block_size, crypt_type); /* Deleting the keys does not gain extra security */ /* memset(enc->iv, 0, enc->block_size); - memset(enc->key, 0, enc->key_len); */ + memset(enc->key, 0, enc->key_len); + memset(mac->key, 0, mac->key_len); */ if ((comp->type == COMP_ZLIB || (comp->type == COMP_DELAYED && after_authentication)) && comp->enabled == 0) { @@ -663,7 +677,7 @@ set_newkeys(int mode) /* * Delayed compression for SSH2 is enabled after authentication: - * This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent, + * This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent, * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received. */ static void @@ -678,6 +692,9 @@ packet_enable_delayed_compress(void) */ after_authentication = 1; for (mode = 0; mode < MODE_MAX; mode++) { + /* protocol error: USERAUTH_SUCCESS received before NEWKEYS */ + if (newkeys[mode] == NULL) + continue; comp = &newkeys[mode]->comp; if (comp && !comp->enabled && comp->type == COMP_DELAYED) { packet_init_compression(); @@ -987,9 +1004,16 @@ packet_read_poll1(void) * (C)1998 CORE-SDI, Buenos Aires Argentina * Ariel Futoransky(futo@core-sdi.com) */ - if (!receive_context.plaintext && - detect_attack(buffer_ptr(&input), padded_len) == DEATTACK_DETECTED) - packet_disconnect("crc32 compensation attack: network attack detected"); + if (!receive_context.plaintext) { + switch (detect_attack(buffer_ptr(&input), padded_len)) { + case DEATTACK_DETECTED: + packet_disconnect("crc32 compensation attack: " + "network attack detected"); + case DEATTACK_DOS_DETECTED: + packet_disconnect("deattack denial of " + "service detected"); + } + } /* Decrypt data to incoming_packet. */ buffer_clear(&incoming_packet); @@ -1212,7 +1236,6 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) logit("Received disconnect from %s: %.400s", get_remote_ipaddr(), msg); cleanup_exit(255); - xfree(msg); break; default: if (type)