From 686e78e66b5f1db67ff7b2687e291fdb2c169e6a Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Wed, 26 Sep 2018 07:39:04 +0100
Subject: [PATCH] Fix log-censoring of incoming SSH-2 session data.

The call to ssh2_censor_packet for incoming packets in ssh2bpp was
passing the wrong starting position in the packet data - in
particular, not the same starting position as the adjacent call to
log_packet - so the censor couldn't parse SSH2_MSG_CHANNEL_DATA to
identify the string of session data that it should be bleeping out.
---
 ssh2bpp.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ssh2bpp.c b/ssh2bpp.c
index 8ddb49f7..c81e0f59 100644
--- a/ssh2bpp.c
+++ b/ssh2bpp.c
@@ -463,13 +463,14 @@ static void ssh2_bpp_handle_input(BinaryPacketProtocol *bpp)
              * SSH_MSG_UNIMPLEMENTED.
              */
             s->pktin->type = SSH_MSG_NO_TYPE_CODE;
+            s->data += 5;
             s->length = 0;
-            BinarySource_INIT(s->pktin, s->data + 5, 0);
         } else {
             s->pktin->type = s->data[5];
+            s->data += 6;
             s->length -= 6;
-            BinarySource_INIT(s->pktin, s->data + 6, s->length);
         }
+        BinarySource_INIT(s->pktin, s->data, s->length);
 
         if (s->bpp.logctx) {
             logblank_t blanks[MAX_BLANKS];
@@ -479,7 +480,7 @@ static void ssh2_bpp_handle_input(BinaryPacketProtocol *bpp)
             log_packet(s->bpp.logctx, PKT_INCOMING, s->pktin->type,
                        ssh2_pkt_type(s->bpp.pls->kctx, s->bpp.pls->actx,
                                      s->pktin->type),
-                       get_ptr(s->pktin), get_avail(s->pktin), nblanks, blanks,
+                       s->data, s->length, nblanks, blanks,
                        &s->pktin->sequence, 0, NULL);
         }