diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2018-05-06 12:27:04 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2018-05-06 12:27:04 +0000 |
| commit | c8a2bf14627149859c5fed86cf127096c4fa2870 (patch) | |
| tree | ef199c6473bfba3c2e54c54f70d991ccedcb1e3d /clientloop.c | |
| parent | 20adc8f2a99cd37b64a80ef63dfc5ba6627d4dfb (diff) | |
| download | src-029f451de2a587c0a16d9cf890d8923e1d242830.tar.gz src-029f451de2a587c0a16d9cf890d8923e1d242830.zip | |
Vendor import of OpenSSH 7.7p1.vendor/openssh/7.7p1
Diffstat (limited to 'clientloop.c')
| -rw-r--r-- | clientloop.c | 57 |
1 files changed, 24 insertions, 33 deletions
diff --git a/clientloop.c b/clientloop.c index 791d336e359e..7bcf22e38692 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.305 2017/09/19 04:24:22 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.311 2018/02/11 21:16:56 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -210,7 +210,6 @@ static void window_change_handler(int sig) { received_window_change_signal = 1; - signal(SIGWINCH, window_change_handler); } /* @@ -226,19 +225,6 @@ signal_handler(int sig) } /* - * Returns current time in seconds from Jan 1, 1970 with the maximum - * available resolution. - */ - -static double -get_current_time(void) -{ - struct timeval tv; - gettimeofday(&tv, NULL); - return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0; -} - -/* * Sets control_persist_exit_time to the absolute time when the * backgrounded control master should exit due to expiry of the * ControlPersist timeout. Sets it to 0 if we are not a backgrounded @@ -1256,7 +1242,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, fatal("%s pledge(): %s", __func__, strerror(errno)); } - start_time = get_current_time(); + start_time = monotime_double(); /* Initialize variables. */ last_was_cr = 1; @@ -1445,7 +1431,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, buffer_free(&stderr_buffer); /* Report bytes transferred, and transfer rates. */ - total_time = get_current_time() - start_time; + total_time = monotime_double() - start_time; packet_get_bytes(&ibytes, &obytes); verbose("Transferred: sent %llu, received %llu bytes, in %.1f seconds", (unsigned long long)obytes, (unsigned long long)ibytes, total_time); @@ -1554,12 +1540,7 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan) return NULL; } originator = packet_get_string(NULL); - if (datafellows & SSH_BUG_X11FWD) { - debug2("buggy server: x11 request w/o originator_port"); - originator_port = 0; - } else { - originator_port = packet_get_int(); - } + originator_port = packet_get_int(); packet_check_eom(); /* XXX check permission */ debug("client_request_x11: request from %s %d", originator, @@ -1601,12 +1582,13 @@ client_request_agent(struct ssh *ssh, const char *request_type, int rchan) return c; } -int +char * client_request_tun_fwd(struct ssh *ssh, int tun_mode, int local_tun, int remote_tun) { Channel *c; int fd; + char *ifname = NULL; if (tun_mode == SSH_TUNMODE_NO) return 0; @@ -1614,10 +1596,11 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode, debug("Requesting tun unit %d in mode %d", local_tun, tun_mode); /* Open local tunnel device */ - if ((fd = tun_open(local_tun, tun_mode)) == -1) { + if ((fd = tun_open(local_tun, tun_mode, &ifname)) == -1) { error("Tunnel device open failed."); - return -1; + return NULL; } + debug("Tunnel forwarding using interface %s", ifname); c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING, fd, fd, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); @@ -1638,7 +1621,7 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode, packet_put_int(remote_tun); packet_send(); - return 0; + return ifname; } /* XXXX move to generic input handler */ @@ -1689,10 +1672,8 @@ client_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(rchan); packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED); - if (!(datafellows & SSH_BUG_OPENFAILURE)) { - packet_put_cstring("open failed"); - packet_put_cstring(""); - } + packet_put_cstring("open failed"); + packet_put_cstring(""); packet_send(); } free(ctype); @@ -1904,7 +1885,7 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx; size_t i, ndone; struct sshbuf *signdata; - int r; + int r, kexsigtype, use_kexsigtype; const u_char *sig; size_t siglen; @@ -1916,6 +1897,9 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, hostkeys_update_ctx_free(ctx); return; } + kexsigtype = sshkey_type_plain( + sshkey_type_from_name(ssh->kex->hostkey_alg)); + if ((signdata = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); /* Don't want to accidentally accept an unbound signature */ @@ -1944,8 +1928,15 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, __func__, ssh_err(r)); goto out; } + /* + * For RSA keys, prefer to use the signature type negotiated + * during KEX to the default (SHA1). + */ + use_kexsigtype = kexsigtype == KEY_RSA && + sshkey_type_plain(ctx->keys[i]->type) == KEY_RSA; if ((r = sshkey_verify(ctx->keys[i], sig, siglen, - sshbuf_ptr(signdata), sshbuf_len(signdata), 0)) != 0) { + sshbuf_ptr(signdata), sshbuf_len(signdata), + use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0)) != 0) { error("%s: server gave bad signature for %s key %zu", __func__, sshkey_type(ctx->keys[i]), i); goto out; |