nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-02-03 21:52:24 +00:00
Code Issues Projects Releases Wiki Activity

ssh2kex-client.c: get rid of s->fingerprint.

Browse Source 
There's actually never any need to store a host key fingerprint in the
coroutine state. The only time we pass it outside the coroutine is
when it goes to verify_ssh_manual_host_key, which returns
synchronously without keeping a copy, and when it goes to
seat_verify_ssh_host_key. And in fact all current implementations of
the latter will keep their own copy of the fingerprint, even if
they're going to be asynchronous. So it's safe to free our copy
immediately seat_verify_ssh_host_key returns, even if it's launched an
async dialog box.

The corresponding code in SSH-1 was already working this way. Storing
the fingerprint in the SSH-2 coroutine state was overcautious all
along.
This commit is contained in:
Simon Tatham 2021-03-13 10:35:07 +00:00
parent 7cadad4cec
commit 46b23c581a
3 changed files with 20 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
ssh2kex-client.c
View File

@ -256,7 +256,6 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
s->init_token_sent = false; s->init_token_sent = false;
s->complete_rcvd = false; s->complete_rcvd = false;
s->hkey = NULL; s->hkey = NULL;
s->fingerprint = NULL;
s->keystr = NULL; s->keystr = NULL;
/* /*
@ -721,11 +720,12 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
* host key, store it. * host key, store it.
*/ */
if (s->hkey) { if (s->hkey) {
s->fingerprint = ssh2_fingerprint(s->hkey, SSH_FPTYPE_DEFAULT); char *fingerprint = ssh2_fingerprint(
s->hkey, SSH_FPTYPE_DEFAULT);
ppl_logevent("GSS kex provided fallback host key:"); ppl_logevent("GSS kex provided fallback host key:");
ppl_logevent("%s", s->fingerprint); ppl_logevent("%s", fingerprint);
sfree(s->fingerprint); sfree(fingerprint);
s->fingerprint = NULL;
ssh_transient_hostkey_cache_add(s->thc, s->hkey); ssh_transient_hostkey_cache_add(s->thc, s->hkey);
} else if (!ssh_transient_hostkey_cache_non_empty(s->thc)) { } else if (!ssh_transient_hostkey_cache_non_empty(s->thc)) {
/* /*
@ -779,25 +779,25 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
* triggered on purpose to populate the transient cache. * triggered on purpose to populate the transient cache.
*/ */
assert(s->hkey); /* only KEXTYPE_GSS lets this be null */ assert(s->hkey); /* only KEXTYPE_GSS lets this be null */
s->fingerprint = ssh2_fingerprint(s->hkey, SSH_FPTYPE_DEFAULT); char *fingerprint = ssh2_fingerprint(s->hkey, SSH_FPTYPE_DEFAULT);
if (s->need_gss_transient_hostkey) { if (s->need_gss_transient_hostkey) {
ppl_logevent("Post-GSS rekey provided fallback host key:"); ppl_logevent("Post-GSS rekey provided fallback host key:");
ppl_logevent("%s", s->fingerprint); ppl_logevent("%s", fingerprint);
ssh_transient_hostkey_cache_add(s->thc, s->hkey); ssh_transient_hostkey_cache_add(s->thc, s->hkey);
s->need_gss_transient_hostkey = false; s->need_gss_transient_hostkey = false;
} else if (!ssh_transient_hostkey_cache_verify(s->thc, s->hkey)) { } else if (!ssh_transient_hostkey_cache_verify(s->thc, s->hkey)) {
ppl_logevent("Non-GSS rekey after initial GSS kex " ppl_logevent("Non-GSS rekey after initial GSS kex "
"used host key:"); "used host key:");
ppl_logevent("%s", s->fingerprint); ppl_logevent("%s", fingerprint);
sfree(fingerprint);
ssh_sw_abort(s->ppl.ssh, "Server's host key did not match any " ssh_sw_abort(s->ppl.ssh, "Server's host key did not match any "
"used in previous GSS kex"); "used in previous GSS kex");
*aborted = true; *aborted = true;
return; return;
} }
sfree(s->fingerprint); sfree(fingerprint);
s->fingerprint = NULL;
} }
} else } else
#endif /* NO_GSSAPI */ #endif /* NO_GSSAPI */
@ -843,12 +843,12 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
* Authenticate remote host: verify host key. (We've already * Authenticate remote host: verify host key. (We've already
* checked the signature of the exchange hash.) * checked the signature of the exchange hash.)
*/ */
s->fingerprint = ssh2_fingerprint(s->hkey, SSH_FPTYPE_DEFAULT); char *fingerprint = ssh2_fingerprint(s->hkey, SSH_FPTYPE_DEFAULT);
ppl_logevent("Host key fingerprint is:"); ppl_logevent("Host key fingerprint is:");
ppl_logevent("%s", s->fingerprint); ppl_logevent("%s", fingerprint);
/* First check against manually configured host keys. */ /* First check against manually configured host keys. */
s->dlgret = verify_ssh_manual_host_key( s->dlgret = verify_ssh_manual_host_key(
s->conf, s->fingerprint, s->hkey); s->conf, fingerprint, s->hkey);
if (s->dlgret == 0) { /* did not match */ if (s->dlgret == 0) { /* did not match */
ssh_sw_abort(s->ppl.ssh, "Host key did not appear in manually " ssh_sw_abort(s->ppl.ssh, "Host key did not appear in manually "
"configured list"); "configured list");
@ -857,8 +857,9 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
} else if (s->dlgret < 0) { /* none configured; use standard handling */ } else if (s->dlgret < 0) { /* none configured; use standard handling */
s->dlgret = seat_verify_ssh_host_key( s->dlgret = seat_verify_ssh_host_key(
s->ppl.seat, s->savedhost, s->savedport, s->ppl.seat, s->savedhost, s->savedport,
ssh_key_cache_id(s->hkey), s->keystr, s->fingerprint, ssh_key_cache_id(s->hkey), s->keystr, fingerprint,
ssh2_transport_dialog_callback, s); ssh2_transport_dialog_callback, s);
sfree(fingerprint);
#ifdef FUZZING #ifdef FUZZING
s->dlgret = 1; s->dlgret = 1;
#endif #endif
@ -870,8 +871,6 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
return; return;
} }
} }
sfree(s->fingerprint);
s->fingerprint = NULL;
/* /*
* Save this host key, to check against the one presented in * Save this host key, to check against the one presented in
* subsequent rekeys. * subsequent rekeys.
@ -882,11 +881,11 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
assert(s->hkey); assert(s->hkey);
assert(ssh_key_alg(s->hkey) == s->cross_certifying); assert(ssh_key_alg(s->hkey) == s->cross_certifying);
s->fingerprint = ssh2_fingerprint(s->hkey, SSH_FPTYPE_DEFAULT); char *fingerprint = ssh2_fingerprint(s->hkey, SSH_FPTYPE_DEFAULT);
ppl_logevent("Storing additional host key for this host:"); ppl_logevent("Storing additional host key for this host:");
ppl_logevent("%s", s->fingerprint); ppl_logevent("%s", fingerprint);
sfree(s->fingerprint); sfree(fingerprint);
s->fingerprint = NULL;
store_host_key(s->savedhost, s->savedport, store_host_key(s->savedhost, s->savedport,
ssh_key_cache_id(s->hkey), s->keystr); ssh_key_cache_id(s->hkey), s->keystr);
/* /*

1
ssh2transport.c
View File

@ -216,7 +216,6 @@ static void ssh2_transport_free(PacketProtocolLayer *ppl)
sfree(s->keystr); sfree(s->keystr);
sfree(s->hostkey_str); sfree(s->hostkey_str);
strbuf_free(s->hostkeyblob); strbuf_free(s->hostkeyblob);
sfree(s->fingerprint);
if (s->hkey && !s->hostkeys) { if (s->hkey && !s->hostkeys) {
ssh_key_free(s->hkey); ssh_key_free(s->hkey);
s->hkey = NULL; s->hkey = NULL;

2
ssh2transport.h
View File

@ -174,7 +174,7 @@ struct ssh2_transport_state {
transport_direction in, out, *cstrans, *sctrans; transport_direction in, out, *cstrans, *sctrans;
ptrlen hostkeydata, sigdata; ptrlen hostkeydata, sigdata;
strbuf *hostkeyblob; strbuf *hostkeyblob;
char *keystr, *fingerprint; char *keystr;
ssh_key *hkey; /* actual host key */ ssh_key *hkey; /* actual host key */
unsigned hkflags; /* signing flags, used in server */ unsigned hkflags; /* signing flags, used in server */
RSAKey *rsa_kex_key; /* for RSA kex */ RSAKey *rsa_kex_key; /* for RSA kex */