nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

Servers announcing themselves as `Sun_SSH_1.0' apparently cannot

Browse Source 
deal with rekeys at all: they totally ignore mid-session KEXINIT
sent by the client. Hence, a new bug entry so we don't try it.

[originally from svn r5092]
This commit is contained in:
Simon Tatham 2005-01-11 10:37:55 +00:00
parent 378dbbb06b
commit e7b53c3ad5
6 changed files with 68 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config.c
View File

@ -1839,6 +1839,9 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
ctrl_droplist(s, "Misuses the session ID in PK auth", 'n', 20,
HELPCTX(ssh_bugs_pksessid2),
sshbug_handler, I(offsetof(Config,sshbug_pksessid2)));
ctrl_droplist(s, "Ignores key re-exchange completely", 'k', 20,
HELPCTX(ssh_bugs_rekey2),
sshbug_handler, I(offsetof(Config,sshbug_rekey2)));
}
}
}

18
doc/config.but
View File

@ -2662,6 +2662,24 @@ SSH2 public-key authentication will fail.
This is an SSH2-specific bug.
\S{config-ssh-bug-rekey} \q{Ignores key re-exchange completely}
\cfg{winhelp-topic}{ssh.bugs.rekey2}
Some very old SSH servers cannot cope with repeat key exchange at
all, and will ignore attempts by the client to start one. Since
PuTTY pauses the session while performing a repeat key exchange, the
effect of this would be to cause the session to hang after an hour
(unless you have your rekey timeout set differently; see
\k{config-ssh-kex-rekey} for more about rekeys).
If this bug is detected, PuTTY will never initiate a repeat key
exchange. If this bug is enabled when talking to a correct server,
the session should still function, but may be less secure than you
would expect.
This is an SSH2-specific bug.
\H{config-file} Storing configuration in a file
PuTTY does not currently support storing its configuration in a file

2
putty.h
View File

@ -540,7 +540,7 @@ struct config_tag {
/* SSH bug compatibility modes */
int sshbug_ignore1, sshbug_plainpw1, sshbug_rsa1,
sshbug_hmac2, sshbug_derivekey2, sshbug_rsapad2,
sshbug_pksessid2;
sshbug_pksessid2, sshbug_rekey2;
/* Options for pterm. Should split out into platform-dependent part. */
int stamp_utmp;
int login_shell;

1
settings.c
View File

@ -719,6 +719,7 @@ void load_open_settings(void *sesskey, int do_host, Config *cfg)
gppi(sesskey, "BugDeriveKey2", 0, &i); cfg->sshbug_derivekey2 = 2-i;
gppi(sesskey, "BugRSAPad2", 0, &i); cfg->sshbug_rsapad2 = 2-i;
gppi(sesskey, "BugPKSessID2", 0, &i); cfg->sshbug_pksessid2 = 2-i;
gppi(sesskey, "BugRekey2", 0, &i); cfg->sshbug_rekey2 = 2-i;
gppi(sesskey, "StampUtmp", 1, &cfg->stamp_utmp);
gppi(sesskey, "LoginShell", 1, &cfg->login_shell);
gppi(sesskey, "ScrollbarOnLeft", 0, &cfg->scrollbar_on_left);

60
ssh.c
View File

@ -163,7 +163,7 @@ static const char *const ssh2_disconnect_reasons[] = {
#define BUG_CHOKES_ON_RSA 8
#define BUG_SSH2_RSA_PADDING 16
#define BUG_SSH2_DERIVEKEY 32
/* 64 was BUG_SSH2_DH_GEX, now spare */
#define BUG_SSH2_REKEY 64
#define BUG_SSH2_PK_SESSIONID 128
#define translate(x) if (type == x) return #x
@ -1739,8 +1739,7 @@ static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
if (!ssh->kex_in_progress &&
ssh->max_data_size != 0 &&
ssh->outgoing_data_size > ssh->max_data_size)
do_ssh2_transport(ssh, "Initiating key re-exchange "
"(too much data sent)", -1, NULL);
do_ssh2_transport(ssh, "too much data sent", -1, NULL);
ssh_free_packet(pkt);
}
@ -1830,8 +1829,7 @@ static void ssh_pkt_defersend(Ssh ssh)
if (!ssh->kex_in_progress &&
ssh->max_data_size != 0 &&
ssh->outgoing_data_size > ssh->max_data_size)
do_ssh2_transport(ssh, "Initiating key re-exchange "
"(too much data sent)", -1, NULL);
do_ssh2_transport(ssh, "too much data sent", -1, NULL);
ssh->deferred_data_size = 0;
}
@ -2138,6 +2136,16 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
logevent("We believe remote version has SSH2 public-key-session-ID bug");
}
if (ssh->cfg.sshbug_rekey2 == FORCE_ON ||
(ssh->cfg.sshbug_rekey2 == AUTO &&
wc_match("Sun_SSH_1.0", imp))) {
/*
* These versions have the SSH2 ignore-rekey bug.
*/
ssh->remote_bugs |= BUG_SSH2_REKEY;
logevent("We believe remote version has SSH2 ignore-rekey bug");
}
}
/*
@ -5307,12 +5315,35 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen,
*/
while (!((pktin && pktin->type == SSH2_MSG_KEXINIT) ||
(!pktin && inlen == -1))) {
wait_for_rekey:
crReturn(1);
}
if (pktin) {
logevent("Server initiated key re-exchange");
} else {
logevent((char *)in);
/*
* Special case: if the server bug is set that doesn't
* allow rekeying, we give a different log message and
* continue waiting. (If such a server _initiates_ a rekey,
* we process it anyway!)
*/
if ((ssh->remote_bugs & BUG_SSH2_REKEY)) {
logeventf(ssh, "Server bug prevents key re-exchange (%s)",
(char *)in);
/* Reset the counters, so that at least this message doesn't
* hit the event log _too_ often. */
ssh->outgoing_data_size = 0;
ssh->incoming_data_size = 0;
if (ssh->cfg.ssh_rekey_time != 0) {
ssh->next_rekey =
schedule_timer(ssh->cfg.ssh_rekey_time*60*TICKSPERSEC,
ssh2_timer, ssh);
}
goto wait_for_rekey; /* this is utterly horrid */
} else {
logeventf(ssh, "Initiating key re-exchange (%s)", (char *)in);
logevent((char *)in);
}
}
goto begin_key_exchange;
@ -7286,8 +7317,7 @@ static void ssh2_timer(void *ctx, long now)
if (!ssh->kex_in_progress && ssh->cfg.ssh_rekey_time != 0 &&
now - ssh->next_rekey >= 0) {
do_ssh2_transport(ssh, "Initiating key re-exchange (timeout)",
-1, NULL);
do_ssh2_transport(ssh, "timeout", -1, NULL);
}
}
@ -7302,8 +7332,7 @@ static void ssh2_protocol(Ssh ssh, unsigned char *in, int inlen,
if (!ssh->kex_in_progress &&
ssh->max_data_size != 0 &&
ssh->incoming_data_size > ssh->max_data_size)
do_ssh2_transport(ssh, "Initiating key re-exchange "
"(too much data received)", -1, NULL);
do_ssh2_transport(ssh, "too much data received", -1, NULL);
}
if (pktin && ssh->packet_dispatch[pktin->type]) {
@ -7544,7 +7573,7 @@ static void ssh_reconfig(void *handle, Config *cfg)
long now = GETTICKCOUNT();
if (new_next - now < 0) {
rekeying = "Initiating key re-exchange (timeout shortened)";
rekeying = "timeout shortened";
} else {
ssh->next_rekey = schedule_timer(new_next - now, ssh2_timer, ssh);
}
@ -7556,18 +7585,18 @@ static void ssh_reconfig(void *handle, Config *cfg)
ssh->max_data_size != 0) {
if (ssh->outgoing_data_size > ssh->max_data_size ||
ssh->incoming_data_size > ssh->max_data_size)
rekeying = "Initiating key re-exchange (data limit lowered)";
rekeying = "data limit lowered";
}
if (ssh->cfg.compression != cfg->compression) {
rekeying = "Initiating key re-exchange (compression setting changed)";
rekeying = "compression setting changed";
rekey_mandatory = TRUE;
}
if (ssh->cfg.ssh2_des_cbc != cfg->ssh2_des_cbc ||
memcmp(ssh->cfg.ssh_cipherlist, cfg->ssh_cipherlist,
sizeof(ssh->cfg.ssh_cipherlist))) {
rekeying = "Initiating key re-exchange (cipher settings changed)";
rekeying = "cipher settings changed";
rekey_mandatory = TRUE;
}
@ -7780,8 +7809,7 @@ static void ssh_special(void *handle, Telnet_Special code)
}
} else if (code == TS_REKEY) {
if (!ssh->kex_in_progress && ssh->version == 2) {
do_ssh2_transport(ssh, "Initiating key re-exchange at"
" user request", -1, NULL);
do_ssh2_transport(ssh, "at user request", -1, NULL);
}
} else if (code == TS_BRK) {
if (ssh->state == SSH_STATE_CLOSED

1
windows/winhelp.h
View File

@ -121,3 +121,4 @@
#define WINHELP_CTX_ssh_bugs_derivekey2 "ssh.bugs.derivekey2"
#define WINHELP_CTX_ssh_bugs_rsapad2 "ssh.bugs.rsapad2"
#define WINHELP_CTX_ssh_bugs_pksessid2 "ssh.bugs.pksessid2"
#define WINHELP_CTX_ssh_bugs_rekey2 "ssh.bugs.rekey2"