- markus@cvs.openbsd.org 2003/04/01 10:31:26

     [compat.c compat.h kex.c]
     bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@;
     tested by ho@ and myself

diff --git a/ChangeLog b/ChangeLog
index fbef1ca01495e9715cc71cb8bd32149e084bb31b..cb34400cbf2a96116b8b3596d45d47d8aab11213 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -24,6 +24,10 @@
      [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
      [readconf.h serverloop.c sshconnect2.c]
      backout rekeying changes (for 3.6.1)
+   - markus@cvs.openbsd.org 2003/04/01 10:31:26
+     [compat.c compat.h kex.c]
+     bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@; 
+     tested by ho@ and myself
 
 20030326
  - (djm) OpenBSD CVS Sync

diff --git a/compat.c b/compat.c
index 757b0e679c41f6eeaebff6497b4a2d0ba6f79375..5e1774ab63d5fa1eb50740a5c9217d0dab36a208 100644 (file)
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.65 2002/09/27 10:42:09 mickey Exp $");
+RCSID("$OpenBSD: compat.c,v 1.66 2003/04/01 10:31:26 markus Exp $");
 
 #include "buffer.h"
 #include "packet.h"
@@ -85,10 +85,12 @@ compat_datafellows(const char *version)
                { "*MindTerm*",         0 },
                { "2.1.0*",             SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
                                        SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
-                                       SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE },
+                                       SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
+                                       SSH_BUG_FIRSTKEX },
                { "2.1 *",              SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
                                        SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
-                                       SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE },
+                                       SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
+                                       SSH_BUG_FIRSTKEX },
                { "2.0.13*,"
                  "2.0.14*,"
                  "2.0.15*,"
@@ -100,26 +102,28 @@ compat_datafellows(const char *version)
                                        SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
                                        SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
                                        SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE|
-                                       SSH_BUG_DUMMYCHAN },
+                                       SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
                { "2.0.11*,"
                  "2.0.12*",            SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
                                        SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
                                        SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
                                        SSH_BUG_PKAUTH|SSH_BUG_PKOK|
                                        SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
-                                       SSH_BUG_DUMMYCHAN },
+                                       SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
                { "2.0.*",              SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
                                        SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
                                        SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
                                        SSH_BUG_PKAUTH|SSH_BUG_PKOK|
                                        SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
-                                       SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN },
+                                       SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN|
+                                       SSH_BUG_FIRSTKEX },
                { "2.2.0*,"
                  "2.3.0*",             SSH_BUG_HMAC|SSH_BUG_DEBUG|
-                                       SSH_BUG_RSASIGMD5 },
-               { "2.3.*",              SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5 },
+                                       SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX },
+               { "2.3.*",              SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
+                                       SSH_BUG_FIRSTKEX },
                { "2.4",                SSH_OLD_SESSIONID },    /* Van Dyke */
-               { "2.*",                SSH_BUG_DEBUG },
+               { "2.*",                SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX },
                { "3.0.*",              SSH_BUG_DEBUG },
                { "3.0 SecureCRT*",     SSH_OLD_SESSIONID },
                { "1.7 SecureFX*",      SSH_OLD_SESSIONID },

diff --git a/compat.h b/compat.h
index 9299805af87b991875ac43478097c8eca2cf6f33..881e450d39ea34682198a0ca1294e2612bc18f4e 100644 (file)
--- a/compat.h
+++ b/compat.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: compat.h,v 1.33 2002/09/27 10:42:09 mickey Exp $      */
+/*     $OpenBSD: compat.h,v 1.34 2003/04/01 10:31:26 markus Exp $      */
 
 /*
  * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.
@@ -55,6 +55,7 @@
 #define SSH_BUG_EXTEOF         0x00200000
 #define SSH_BUG_K5USER         0x00400000
 #define SSH_BUG_PROBE          0x00800000
+#define SSH_BUG_FIRSTKEX       0x01000000
 
 void     enable_compat13(void);
 void     enable_compat20(void);

diff --git a/kex.c b/kex.c
index 2c1cacfec83056ee338aad7c722d84bc6f8b0baf..b070ccf42eb2fb66402d6d511c19ec5e14628b4f 100644 (file)
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.54 2003/02/16 17:09:57 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.55 2003/04/01 10:31:26 markus Exp $");
 
 #include <openssl/crypto.h>
 
@@ -392,7 +392,8 @@ kex_choose_conf(Kex *kex)
        kex->we_need = need;
 
        /* ignore the next message if the proposals do not match */
-       if (first_kex_follows && !proposals_match(my, peer)) {
+       if (first_kex_follows && !proposals_match(my, peer) && 
+          !(datafellows & SSH_BUG_FIRSTKEX)) {
                type = packet_read();
                debug2("skipping next packet (type %u)", type);
        }