Make the SSH2 traffic analysis defence robust in the face of Zlib

compression. This involves introducing an option to disable Zlib compression (that is, continue to work within the Zlib format but output an uncompressed block) for the duration of a single packet. [originally from svn r982]
2025-07-05 21:42:47 -05:00 · 2001-03-05 16:38:42 +00:00
parent a1d5dab580
commit aaeecbb4ea
3 changed files with 177 additions and 46 deletions
--- a/ssh.c
+++ b/ssh.c
@ -3224,15 +3224,29 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 		 * reason, we don't do this trick at all because we gain
 		 * nothing by it.
 		 */
-		if (cscipher) {
-		    int i, j;
+                if (cscipher) {
+                    int stringlen, i;
+
+                    stringlen = (256 - deferred_len);
+                    stringlen += cscipher->blksize - 1;
+                    stringlen -= (stringlen % cscipher->blksize);
+                    if (cscomp) {
+                        /*
+                         * Temporarily disable actual compression,
+                         * so we can guarantee to get this string
+                         * exactly the length we want it. The
+                         * compression-disabling routine should
+                         * return an integer indicating how many
+                         * bytes we should adjust our string length
+                         * by.
+                         */
+                        stringlen -= cscomp->disable_compression();
+                    }
 		    ssh2_pkt_init(SSH2_MSG_IGNORE);
 		    ssh2_pkt_addstring_start();
-		    for (i = deferred_len; i <= 256; i += cscipher->blksize) {
-			for (j = 0; j < cscipher->blksize; j++) {
-			    char c = (char)random_byte();
-			    ssh2_pkt_addstring_data(&c, 1);
-			}
+		    for (i = 0; i < stringlen; i++) {
+                        char c = (char)random_byte();
+                        ssh2_pkt_addstring_data(&c, 1);
 		    }
 		    ssh2_pkt_defer();
 		}