nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 09:27:59 +00:00
Code Issues Projects Releases Wiki Activity

ssh2kex-client.c: get rid of s->fingerprint.

Browse Source 
There's actually never any need to store a host key fingerprint in the
coroutine state. The only time we pass it outside the coroutine is
when it goes to verify_ssh_manual_host_key, which returns
synchronously without keeping a copy, and when it goes to
seat_verify_ssh_host_key. And in fact all current implementations of
the latter will keep their own copy of the fingerprint, even if
they're going to be asynchronous. So it's safe to free our copy
immediately seat_verify_ssh_host_key returns, even if it's launched an
async dialog box.

The corresponding code in SSH-1 was already working this way. Storing
the fingerprint in the SSH-2 coroutine state was overcautious all
along.
This commit is contained in:
Simon Tatham 2021-03-13 10:35:07 +00:00
parent 7cadad4cec
commit 46b23c581a
3 changed files with 20 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
ssh2kex-client.c
View File

@ -256,7 +256,6 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
s->init_token_sent = false;
s->complete_rcvd = false;
s->hkey = NULL;
s->fingerprint = NULL;
s->keystr = NULL;
/*
@ -721,11 +720,12 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
* host key, store it.
*/
if (s->hkey) {
s->fingerprint = ssh2_fingerprint(s->hkey, SSH_FPTYPE_DEFAULT);
char *fingerprint = ssh2_fingerprint(
s->hkey, SSH_FPTYPE_DEFAULT);
ppl_logevent("GSS kex provided fallback host key:");
ppl_logevent("%s", s->fingerprint);
sfree(s->fingerprint);
s->fingerprint = NULL;
ppl_logevent("%s", fingerprint);
sfree(fingerprint);
ssh_transient_hostkey_cache_add(s->thc, s->hkey);
} else if (!ssh_transient_hostkey_cache_non_empty(s->thc)) {
/*
@ -779,25 +779,25 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
* triggered on purpose to populate the transient cache.
*/
assert(s->hkey); /* only KEXTYPE_GSS lets this be null */
s->fingerprint = ssh2_fingerprint(s->hkey, SSH_FPTYPE_DEFAULT);
char *fingerprint = ssh2_fingerprint(s->hkey, SSH_FPTYPE_DEFAULT);
if (s->need_gss_transient_hostkey) {
ppl_logevent("Post-GSS rekey provided fallback host key:");
ppl_logevent("%s", s->fingerprint);
ppl_logevent("%s", fingerprint);
ssh_transient_hostkey_cache_add(s->thc, s->hkey);
s->need_gss_transient_hostkey = false;
} else if (!ssh_transient_hostkey_cache_verify(s->thc, s->hkey)) {
ppl_logevent("Non-GSS rekey after initial GSS kex "
"used host key:");
ppl_logevent("%s", s->fingerprint);
ppl_logevent("%s", fingerprint);
sfree(fingerprint);
ssh_sw_abort(s->ppl.ssh, "Server's host key did not match any "
"used in previous GSS kex");
*aborted = true;
return;
}
sfree(s->fingerprint);
s->fingerprint = NULL;
sfree(fingerprint);
}
} else
#endif /* NO_GSSAPI */
@ -843,12 +843,12 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
* Authenticate remote host: verify host key. (We've already
* checked the signature of the exchange hash.)
*/
s->fingerprint = ssh2_fingerprint(s->hkey, SSH_FPTYPE_DEFAULT);
char *fingerprint = ssh2_fingerprint(s->hkey, SSH_FPTYPE_DEFAULT);
ppl_logevent("Host key fingerprint is:");
ppl_logevent("%s", s->fingerprint);
ppl_logevent("%s", fingerprint);
/* First check against manually configured host keys. */
s->dlgret = verify_ssh_manual_host_key(
s->conf, s->fingerprint, s->hkey);
s->conf, fingerprint, s->hkey);
if (s->dlgret == 0) { /* did not match */
ssh_sw_abort(s->ppl.ssh, "Host key did not appear in manually "
"configured list");
@ -857,8 +857,9 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
} else if (s->dlgret < 0) { /* none configured; use standard handling */
s->dlgret = seat_verify_ssh_host_key(
s->ppl.seat, s->savedhost, s->savedport,
ssh_key_cache_id(s->hkey), s->keystr, s->fingerprint,
ssh_key_cache_id(s->hkey), s->keystr, fingerprint,
ssh2_transport_dialog_callback, s);
sfree(fingerprint);
#ifdef FUZZING
s->dlgret = 1;
#endif
@ -870,8 +871,6 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
return;
}
}
sfree(s->fingerprint);
s->fingerprint = NULL;
/*
* Save this host key, to check against the one presented in
* subsequent rekeys.
@ -882,11 +881,11 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
assert(s->hkey);
assert(ssh_key_alg(s->hkey) == s->cross_certifying);
s->fingerprint = ssh2_fingerprint(s->hkey, SSH_FPTYPE_DEFAULT);
char *fingerprint = ssh2_fingerprint(s->hkey, SSH_FPTYPE_DEFAULT);
ppl_logevent("Storing additional host key for this host:");
ppl_logevent("%s", s->fingerprint);
sfree(s->fingerprint);
s->fingerprint = NULL;
ppl_logevent("%s", fingerprint);
sfree(fingerprint);
store_host_key(s->savedhost, s->savedport,
ssh_key_cache_id(s->hkey), s->keystr);
/*

1
ssh2transport.c
View File

@ -216,7 +216,6 @@ static void ssh2_transport_free(PacketProtocolLayer *ppl)
sfree(s->keystr);
sfree(s->hostkey_str);
strbuf_free(s->hostkeyblob);
sfree(s->fingerprint);
if (s->hkey && !s->hostkeys) {
ssh_key_free(s->hkey);
s->hkey = NULL;

2
ssh2transport.h
View File

@ -174,7 +174,7 @@ struct ssh2_transport_state {
transport_direction in, out, *cstrans, *sctrans;
ptrlen hostkeydata, sigdata;
strbuf *hostkeyblob;
char *keystr, *fingerprint;
char *keystr;
ssh_key *hkey; /* actual host key */
unsigned hkflags; /* signing flags, used in server */
RSAKey *rsa_kex_key; /* for RSA kex */