SSH back end should now be tolerant of garbage appearing in the data

stream after the actual SSH connection is finished. Some firewalls add this for no good reason. [originally from svn r1271]
2025-01-25 01:02:24 +00:00 · 2001-09-18 18:16:56 +00:00 · 2001-09-18 18:16:56 +00:00 · 2e4480d6b6
commit 2e4480d6b6
parent 3d3ef9b8a4
1 changed files with 10 additions and 11 deletions
--- a/ssh.c
+++ b/ssh.c
@ -607,12 +607,6 @@ static int ssh1_rdpkt(unsigned char **data, int *datalen)
 	(*data)++, (*datalen)--;
    }

-#ifdef FWHACK
-    if (st->len == 0x52656d6f) {       /* "Remo"te server has closed ... */
-	st->len = 0x300;	       /* big enough to carry to end */
-    }
-#endif
-
    st->pad = 8 - (st->len % 8);
    st->biglen = st->len + st->pad;
    pktin.length = st->len - 5;
@ -770,11 +764,7 @@ static int ssh2_rdpkt(unsigned char **data, int *datalen)
 	pktin.data[st->i] = *(*data)++;
 	(*datalen)--;
    }
-#ifdef FWHACK
-    if (!memcmp(pktin.data, "Remo", 4)) {	/* "Remo"te server has closed ... */
-	/* FIXME */
-    }
-#endif
+
    if (sccipher)
 	sccipher->decrypt(pktin.data, st->cipherblk);

@ -3005,6 +2995,15 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt)
 		 * if no pty is available or in other odd cases. Ignore */
 	    } else if (pktin.type == SSH1_SMSG_EXIT_STATUS) {
 		send_packet(SSH1_CMSG_EXIT_CONFIRMATION, PKT_END);
+                /*
+                 * In case `helpful' firewalls or proxies tack
+                 * extra human-readable text on the end of the
+                 * session which we might mistake for another
+                 * encrypted packet, we close the session once
+                 * we've sent EXIT_CONFIRMATION.
+                 */
+                ssh_state = SSH_STATE_CLOSED;
+                crReturnV;
 	    } else {
 		bombout(("Strange packet received: type %d", pktin.type));
 		crReturnV;