1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00

Also blank X authentication data when using SSH-1, and add a comment explaining

why this may not be sufficient to hide it.

[originally from svn r5720]
This commit is contained in:
Ben Harris 2005-04-30 17:08:48 +00:00
parent 162d04d360
commit df913d0036

20
ssh.c
View File

@ -4632,14 +4632,23 @@ static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
ssh->x11auth = x11_invent_auth(proto, sizeof(proto),
data, sizeof(data), ssh->cfg.x11_auth);
x11_get_real_auth(ssh->x11auth, ssh->cfg.x11_display);
/*
* Note that while we blank the X authentication data here, we don't
* take any special action to blank the start of an X11 channel,
* so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
* without having session blanking enabled is likely to leak your
* cookie into the log.
*/
if (ssh->v1_local_protoflags & SSH1_PROTOFLAG_SCREEN_NUMBER) {
send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
PKT_STR, proto, PKT_STR, data,
PKT_STR, proto,
PKTT_PASSWORD, PKT_STR, data, PKTT_OTHER,
PKT_INT, x11_get_screen_number(ssh->cfg.x11_display),
PKT_END);
} else {
send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
PKT_STR, proto, PKT_STR, data, PKT_END);
PKT_STR, proto,
PKTT_PASSWORD, PKT_STR, data, PKTT_OTHER, PKT_END);
}
do {
crReturnV;
@ -7314,6 +7323,13 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
ssh2_pkt_addbool(s->pktout, 1); /* want reply */
ssh2_pkt_addbool(s->pktout, 0); /* many connections */
ssh2_pkt_addstring(s->pktout, proto);
/*
* Note that while we blank the X authentication data here, we don't
* take any special action to blank the start of an X11 channel,
* so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
* without having session blanking enabled is likely to leak your
* cookie into the log.
*/
dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
ssh2_pkt_addstring(s->pktout, data);
end_log_omission(ssh, s->pktout);