1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00

Fix mishandling of refusal to compress in SSH-1.

I've just noticed that we call ssh1_bpp_start_compression even if the
server responded to our compression request with SSH1_SMSG_FAILURE!

Also, while I'm here, there's a potential race condition if the server
were to send an unrelated message (such as SSH1_MSG_IGNORE)
immediately after the SSH1_SMSG_SUCCESS that indicates compression
being enabled - the BPP would try to decode the compressed IGNORE
message before the SUCCESS got to the higher layer that would tell the
BPP it should have enabled compression. Fixed that by changing the
method by which we tell the BPP what's going on.
This commit is contained in:
Simon Tatham 2018-09-21 18:00:07 +01:00
parent a19faa4527
commit 562cdd4df1
3 changed files with 26 additions and 10 deletions

7
ssh.c
View File

@ -3200,6 +3200,7 @@ static void do_ssh1_connection(void *vctx)
pkt = ssh_bpp_new_pktout(ssh->bpp, SSH1_CMSG_REQUEST_COMPRESSION); pkt = ssh_bpp_new_pktout(ssh->bpp, SSH1_CMSG_REQUEST_COMPRESSION);
put_uint32(pkt, 6); /* gzip compression level */ put_uint32(pkt, 6); /* gzip compression level */
ssh_pkt_write(ssh, pkt); ssh_pkt_write(ssh, pkt);
ssh1_bpp_requested_compression(ssh->bpp);
crMaybeWaitUntilV((pktin = pq_pop(&ssh->pq_ssh1_connection)) != NULL); crMaybeWaitUntilV((pktin = pq_pop(&ssh->pq_ssh1_connection)) != NULL);
if (pktin->type != SSH1_SMSG_SUCCESS if (pktin->type != SSH1_SMSG_SUCCESS
&& pktin->type != SSH1_SMSG_FAILURE) { && pktin->type != SSH1_SMSG_FAILURE) {
@ -3207,9 +3208,9 @@ static void do_ssh1_connection(void *vctx)
crStopV; crStopV;
} else if (pktin->type == SSH1_SMSG_FAILURE) { } else if (pktin->type == SSH1_SMSG_FAILURE) {
c_write_str(ssh, "Server refused to compress\r\n"); c_write_str(ssh, "Server refused to compress\r\n");
} } else {
logevent("Started zlib (RFC1950) compression"); logevent("Started zlib (RFC1950) compression");
ssh1_bpp_start_compression(ssh->bpp); }
} }
/* /*

View File

@ -21,6 +21,7 @@ struct ssh1_bpp_state {
struct crcda_ctx *crcda_ctx; struct crcda_ctx *crcda_ctx;
int pending_compression_request;
ssh_compressor *compctx; ssh_compressor *compctx;
ssh_decompressor *decompctx; ssh_decompressor *decompctx;
@ -82,17 +83,13 @@ void ssh1_bpp_new_cipher(BinaryPacketProtocol *bpp,
} }
} }
void ssh1_bpp_start_compression(BinaryPacketProtocol *bpp) void ssh1_bpp_requested_compression(BinaryPacketProtocol *bpp)
{ {
struct ssh1_bpp_state *s; struct ssh1_bpp_state *s;
assert(bpp->vt == &ssh1_bpp_vtable); assert(bpp->vt == &ssh1_bpp_vtable);
s = FROMFIELD(bpp, struct ssh1_bpp_state, bpp); s = FROMFIELD(bpp, struct ssh1_bpp_state, bpp);
assert(!s->compctx); s->pending_compression_request = TRUE;
assert(!s->decompctx);
s->compctx = ssh_compressor_new(&ssh_zlib);
s->decompctx = ssh_decompressor_new(&ssh_zlib);
} }
static void ssh1_bpp_handle_input(BinaryPacketProtocol *bpp) static void ssh1_bpp_handle_input(BinaryPacketProtocol *bpp)
@ -210,6 +207,20 @@ static void ssh1_bpp_handle_input(BinaryPacketProtocol *bpp)
if (type == SSH1_MSG_DISCONNECT) if (type == SSH1_MSG_DISCONNECT)
s->bpp.seen_disconnect = TRUE; s->bpp.seen_disconnect = TRUE;
if (type == SSH1_SMSG_SUCCESS && s->pending_compression_request) {
assert(!s->compctx);
assert(!s->decompctx);
s->compctx = ssh_compressor_new(&ssh_zlib);
s->decompctx = ssh_decompressor_new(&ssh_zlib);
s->pending_compression_request = FALSE;
}
if (type == SSH1_SMSG_FAILURE && s->pending_compression_request) {
s->pending_compression_request = FALSE;
}
} }
} }
crFinishV; crFinishV;

View File

@ -34,7 +34,11 @@ BinaryPacketProtocol *ssh1_bpp_new(void);
void ssh1_bpp_new_cipher(BinaryPacketProtocol *bpp, void ssh1_bpp_new_cipher(BinaryPacketProtocol *bpp,
const struct ssh1_cipheralg *cipher, const struct ssh1_cipheralg *cipher,
const void *session_key); const void *session_key);
void ssh1_bpp_start_compression(BinaryPacketProtocol *bpp); /* requested_compression() notifies the SSH-1 BPP that we've just sent
* a request to enable compression, which means that on receiving the
* next SSH1_SMSG_SUCCESS or SSH1_SMSG_FAILURE message, it should set
* up zlib compression if it was SUCCESS. */
void ssh1_bpp_requested_compression(BinaryPacketProtocol *bpp);
/* /*
* Structure that tracks how much data is sent and received, for * Structure that tracks how much data is sent and received, for