From 2d86a6cc81c8e45b5bca972bbd12f4ebade8d545 Mon Sep 17 00:00:00 2001
From: damien <damien>
Date: Wed, 8 Dec 1999 23:31:37 +0000
Subject: [PATCH]  - OpenBSD CVS updates:    - [readpass.c]      avoid stdio;
 based on work by markus, millert, and I    - [sshd.c]      make sure the
 client selects a supported cipher    - [sshd.c]      fix sighup handling. 
 accept would just restart and daemon handled      sighup only after the next
 connection was accepted. use poll on      listen sock now.    - [sshd.c]     
 make that a fatal

---
 ChangeLog  |  11 ++++
 readpass.c | 165 +++++++++++++++++++++++------------------------------
 sshd.c     |  21 ++++++-
 3 files changed, 100 insertions(+), 97 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 39304e24..c51d2121 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,17 @@
    - "uninstall" rule for Makefile
    - utmpx support
    - Should fix PAM problems on Solaris
+ - OpenBSD CVS updates:
+   - [readpass.c]
+     avoid stdio; based on work by markus, millert, and I
+   - [sshd.c]
+     make sure the client selects a supported cipher
+   - [sshd.c]
+     fix sighup handling.  accept would just restart and daemon handled 
+     sighup only after the next connection was accepted. use poll on 
+     listen sock now.
+   - [sshd.c]
+     make that a fatal
 
 19991208
  - Compile fix for Solaris with /dev/ptmx from 
diff --git a/readpass.c b/readpass.c
index b23959cd..b8f53734 100644
--- a/readpass.c
+++ b/readpass.c
@@ -1,16 +1,34 @@
 /*
- * 
- * readpass.c
- * 
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
- * 
- * Created: Mon Jul 10 22:08:59 1995 ylo
- * 
- * Functions for reading passphrases and passwords.
- * 
+ * Copyright (c) 1988, 1993
+ *      The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the University of
+ *      California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
  */
 
 #include "includes.h"
@@ -19,101 +37,58 @@ RCSID("$Id$");
 #include "xmalloc.h"
 #include "ssh.h"
 
-/* Saved old terminal mode for read_passphrase. */
-static struct termios saved_tio;
-
-/* Old interrupt signal handler for read_passphrase. */
-static void (*old_handler) (int sig) = NULL;
-
-/* Interrupt signal handler for read_passphrase. */
-
-void 
-intr_handler(int sig)
-{
-	/* Restore terminal modes. */
-	tcsetattr(fileno(stdin), TCSANOW, &saved_tio);
-	/* Restore the old signal handler. */
-	signal(sig, old_handler);
-	/* Resend the signal, with the old handler. */
-	kill(getpid(), sig);
-}
-
 /*
  * Reads a passphrase from /dev/tty with echo turned off.  Returns the
- * passphrase (allocated with xmalloc).  Exits if EOF is encountered. The
- * passphrase if read from stdin if from_stdin is true (as is the case with
- * ssh-keygen).
+ * passphrase (allocated with xmalloc), being very careful to ensure that
+ * no other userland buffer is storing the password.
  */
-
 char *
 read_passphrase(const char *prompt, int from_stdin)
 {
-	char buf[1024], *cp;
-	struct termios tio;
-	FILE *f;
+	char buf[1024], *p, ch;
+	struct termios tio, saved_tio;
+	sigset_t oset, nset;
+	int input, output, echo = 0;
+  
+	if (from_stdin) {
+		input = STDIN_FILENO;
+		output = STDERR_FILENO;
+	} else
+		input = output = open("/dev/tty", O_RDWR);
+
+	if (input == -1)
+		fatal("You have no controlling tty.  Cannot read passphrase.\n");
 
-	if (from_stdin)
-		f = stdin;
-	else {
-		/*
-		 * Read the passphrase from /dev/tty to make it possible to
-		 * ask it even when stdin has been redirected.
-		 */
-		f = fopen("/dev/tty", "r");
-		if (!f) {
-			/* No controlling terminal and no DISPLAY.  Nowhere to read. */
-			fprintf(stderr, "You have no controlling tty and no DISPLAY.  Cannot read passphrase.\n");
-			exit(1);
-		}
+	/* block signals, get terminal modes and turn off echo */
+	sigemptyset(&nset);
+	sigaddset(&nset, SIGINT);
+	sigaddset(&nset, SIGTSTP);
+	(void) sigprocmask(SIG_BLOCK, &nset, &oset);
+
+	if (tcgetattr(input, &tio) == 0 && (tio.c_lflag & ECHO)) {
+		echo = 1;
+		saved_tio = tio;
+		tio.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
+		(void) tcsetattr(input, TCSANOW, &tio);
 	}
 
-	/* Display the prompt (on stderr because stdout might be redirected). */
 	fflush(stdout);
-	fprintf(stderr, "%s", prompt);
-	fflush(stderr);
 
-	/* Get terminal modes. */
-	tcgetattr(fileno(f), &tio);
-	saved_tio = tio;
-	/* Save signal handler and set the new handler. */
-	old_handler = signal(SIGINT, intr_handler);
+	(void)write(output, prompt, strlen(prompt));
+	for (p = buf; read(input, &ch, 1) == 1 && ch != '\n';)
+		if (p < buf + sizeof(buf) - 1)
+			*p++ = ch;
+	*p = '\0';
+	(void)write(output, "\n", 1);
 
-	/* Set new terminal modes disabling all echo. */
-	tio.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
-	tcsetattr(fileno(f), TCSANOW, &tio);
+	/* restore terminal modes and allow signals */
+	if (echo)
+		tcsetattr(input, TCSANOW, &saved_tio);
+	(void) sigprocmask(SIG_SETMASK, &oset, NULL);
 
-	/* Read the passphrase from the terminal. */
-	if (fgets(buf, sizeof(buf), f) == NULL) {
-		/* Got EOF.  Just exit. */
-		/* Restore terminal modes. */
-		tcsetattr(fileno(f), TCSANOW, &saved_tio);
-		/* Restore the signal handler. */
-		signal(SIGINT, old_handler);
-		/* Print a newline (the prompt probably didn\'t have one). */
-		fprintf(stderr, "\n");
-		/* Close the file. */
-		if (f != stdin)
-			fclose(f);
-		exit(1);
-	}
-	/* Restore terminal modes. */
-	tcsetattr(fileno(f), TCSANOW, &saved_tio);
-	/* Restore the signal handler. */
-	(void) signal(SIGINT, old_handler);
-	/* Remove newline from the passphrase. */
-	if (strchr(buf, '\n'))
-		*strchr(buf, '\n') = 0;
-	/* Allocate a copy of the passphrase. */
-	cp = xstrdup(buf);
-	/*
-	 * Clear the buffer so we don\'t leave copies of the passphrase
-	 * laying around.
-	 */
+	if (!from_stdin)
+		(void)close(input);
+	p = xstrdup(buf);
 	memset(buf, 0, sizeof(buf));
-	/* Print a newline since the prompt probably didn\'t have one. */
-	fprintf(stderr, "\n");
-	/* Close the file. */
-	if (f != stdin)
-		fclose(f);
-	return cp;
+	return (p);
 }
diff --git a/sshd.c b/sshd.c
index 3b4dcd45..d50f7fd7 100644
--- a/sshd.c
+++ b/sshd.c
@@ -13,6 +13,8 @@
 #include "includes.h"
 RCSID("$Id$");
 
+#include <poll.h>
+
 #include "xmalloc.h"
 #include "rsa.h"
 #include "ssh.h"
@@ -419,6 +421,7 @@ main(int ac, char **av)
 	int opt, aux, sock_in, sock_out, newsock, i, pid, on = 1;
 	int remote_major, remote_minor;
 	int silentrsa = 0;
+	struct pollfd fds;
 	struct sockaddr_in sin;
 	char buf[100];			/* Must not be larger than remote_version. */
 	char remote_version[100];	/* Must be at least as big as buf. */
@@ -688,7 +691,18 @@ main(int ac, char **av)
 		for (;;) {
 			if (received_sighup)
 				sighup_restart();
-			/* Wait in accept until there is a connection. */
+			/* Wait in poll until there is a connection. */
+			memset(&fds, 0, sizeof(fds));
+			fds.fd = listen_sock;
+			fds.events = POLLIN;
+			if (poll(&fds, 1, -1) == -1) {
+				if (errno == EINTR)
+					continue;
+				fatal("poll: %.100s", strerror(errno));
+				/*NOTREACHED*/
+			}
+			if (fds.revents == 0)
+				continue;
 			aux = sizeof(sin);
 			newsock = accept(listen_sock, (struct sockaddr *) & sin, &aux);
 			if (received_sighup)
@@ -1026,9 +1040,12 @@ do_connection()
 	/* Read clients reply (cipher type and session key). */
 	packet_read_expect(&plen, SSH_CMSG_SESSION_KEY);
 
-	/* Get cipher type. */
+	/* Get cipher type and check whether we accept this. */
 	cipher_type = packet_get_char();
 
+        if (!(cipher_mask() & (1 << cipher_type)))
+		packet_disconnect("Warning: client selects unsupported cipher.");
+
 	/* Get check bytes from the packet.  These must match those we
 	   sent earlier with the public key packet. */
 	for (i = 0; i < 8; i++)
-- 
2.45.2