mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-24 08:42:25 +00:00
751a989091
A great many BinarySource_BARE_INIT calls are passing the two halves of a ptrlen as separate arguments. It saves a lot of call-site faff to have a variant of the init function that just takes the whole ptrlen in one go.
108 lines
3.9 KiB
C
108 lines
3.9 KiB
C
/*
|
|
* Packet-censoring code for SSH-2, used to identify sensitive fields
|
|
* like passwords so that the logging system can avoid writing them
|
|
* into log files.
|
|
*/
|
|
|
|
#include <assert.h>
|
|
|
|
#include "putty.h"
|
|
#include "ssh.h"
|
|
|
|
int ssh2_censor_packet(
|
|
const PacketLogSettings *pls, int type, bool sender_is_client,
|
|
ptrlen pkt, logblank_t *blanks)
|
|
{
|
|
int nblanks = 0;
|
|
ptrlen str;
|
|
BinarySource src[1];
|
|
|
|
BinarySource_BARE_INIT_PL(src, pkt);
|
|
|
|
if (pls->omit_data &&
|
|
(type == SSH2_MSG_CHANNEL_DATA ||
|
|
type == SSH2_MSG_CHANNEL_EXTENDED_DATA)) {
|
|
/* "Session data" packets - omit the data string. */
|
|
get_uint32(src); /* skip channel id */
|
|
if (type == SSH2_MSG_CHANNEL_EXTENDED_DATA)
|
|
get_uint32(src); /* skip extended data type */
|
|
str = get_string(src);
|
|
if (!get_err(src)) {
|
|
assert(nblanks < MAX_BLANKS);
|
|
blanks[nblanks].offset = src->pos - str.len;
|
|
blanks[nblanks].type = PKTLOG_OMIT;
|
|
blanks[nblanks].len = str.len;
|
|
nblanks++;
|
|
}
|
|
}
|
|
|
|
if (sender_is_client && pls->omit_passwords) {
|
|
if (type == SSH2_MSG_USERAUTH_REQUEST) {
|
|
/* If this is a password packet, blank the password(s). */
|
|
get_string(src); /* username */
|
|
get_string(src); /* service name */
|
|
str = get_string(src); /* auth method */
|
|
if (ptrlen_eq_string(str, "password")) {
|
|
get_bool(src);
|
|
/* Blank the password field. */
|
|
str = get_string(src);
|
|
if (!get_err(src)) {
|
|
assert(nblanks < MAX_BLANKS);
|
|
blanks[nblanks].offset = src->pos - str.len;
|
|
blanks[nblanks].type = PKTLOG_BLANK;
|
|
blanks[nblanks].len = str.len;
|
|
nblanks++;
|
|
/* If there's another password field beyond it
|
|
* (change of password), blank that too. */
|
|
str = get_string(src);
|
|
if (!get_err(src))
|
|
blanks[nblanks-1].len =
|
|
src->pos - blanks[nblanks].offset;
|
|
}
|
|
}
|
|
} else if (pls->actx == SSH2_PKTCTX_KBDINTER &&
|
|
type == SSH2_MSG_USERAUTH_INFO_RESPONSE) {
|
|
/* If this is a keyboard-interactive response packet,
|
|
* blank the responses. */
|
|
get_uint32(src);
|
|
assert(nblanks < MAX_BLANKS);
|
|
blanks[nblanks].offset = src->pos;
|
|
blanks[nblanks].type = PKTLOG_BLANK;
|
|
do {
|
|
str = get_string(src);
|
|
} while (!get_err(src));
|
|
blanks[nblanks].len = src->pos - blanks[nblanks].offset;
|
|
nblanks++;
|
|
} else if (type == SSH2_MSG_CHANNEL_REQUEST) {
|
|
/*
|
|
* If this is an X forwarding request packet, blank the
|
|
* fake auth data.
|
|
*
|
|
* Note that while we blank the X authentication data
|
|
* here, we don't take any special action to blank the
|
|
* start of an X11 channel, so using MIT-MAGIC-COOKIE-1
|
|
* and actually opening an X connection without having
|
|
* session blanking enabled is likely to leak your cookie
|
|
* into the log.
|
|
*/
|
|
get_uint32(src);
|
|
str = get_string(src);
|
|
if (ptrlen_eq_string(str, "x11-req")) {
|
|
get_bool(src);
|
|
get_bool(src);
|
|
get_string(src);
|
|
str = get_string(src);
|
|
if (!get_err(src)) {
|
|
assert(nblanks < MAX_BLANKS);
|
|
blanks[nblanks].offset = src->pos - str.len;
|
|
blanks[nblanks].type = PKTLOG_BLANK;
|
|
blanks[nblanks].len = str.len;
|
|
nblanks++;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return nblanks;
|
|
}
|