Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | #include "includes.h" | - |
27 | | - |
28 | #include <sys/types.h> | - |
29 | | - |
30 | #include <stdlib.h> | - |
31 | #include <string.h> | - |
32 | #include <stdarg.h> | - |
33 | | - |
34 | #include "xmalloc.h" | - |
35 | #include "packet.h" | - |
36 | #include "compat.h" | - |
37 | #include "log.h" | - |
38 | #include "match.h" | - |
39 | #include "kex.h" | - |
40 | | - |
41 | int datafellows = 0; | - |
42 | | - |
43 | | - |
44 | u_int | - |
45 | compat_datafellows(const char *version) | - |
46 | { | - |
47 | int i; | - |
48 | static struct { | - |
49 | char *pat; | - |
50 | int bugs; | - |
51 | } check[] = { | - |
52 | { "OpenSSH_2.*," | - |
53 | "OpenSSH_3.0*," | - |
54 | "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR| | - |
55 | SSH_BUG_SIGTYPE}, | - |
56 | { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR|SSH_BUG_SIGTYPE }, | - |
57 | { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| | - |
58 | SSH_BUG_SIGTYPE}, | - |
59 | { "OpenSSH_2*," | - |
60 | "OpenSSH_3*," | - |
61 | "OpenSSH_4*", SSH_BUG_SIGTYPE }, | - |
62 | { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT| | - |
63 | SSH_BUG_SIGTYPE}, | - |
64 | { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE}, | - |
65 | { "OpenSSH_6.5*," | - |
66 | "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD| | - |
67 | SSH_BUG_SIGTYPE}, | - |
68 | { "OpenSSH_7.0*," | - |
69 | "OpenSSH_7.1*," | - |
70 | "OpenSSH_7.2*," | - |
71 | "OpenSSH_7.3*," | - |
72 | "OpenSSH_7.4*," | - |
73 | "OpenSSH_7.5*," | - |
74 | "OpenSSH_7.6*," | - |
75 | "OpenSSH_7.7*", SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE}, | - |
76 | { "OpenSSH*", SSH_NEW_OPENSSH }, | - |
77 | { "*MindTerm*", 0 }, | - |
78 | { "3.0.*", SSH_BUG_DEBUG }, | - |
79 | { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, | - |
80 | { "1.7 SecureFX*", SSH_OLD_SESSIONID }, | - |
81 | { "1.2.18*," | - |
82 | "1.2.19*," | - |
83 | "1.2.20*," | - |
84 | "1.2.21*," | - |
85 | "1.2.22*", SSH_BUG_IGNOREMSG }, | - |
86 | { "1.3.2*", | - |
87 | SSH_BUG_IGNOREMSG }, | - |
88 | { "Cisco-1.*", SSH_BUG_DHGEX_LARGE| | - |
89 | SSH_BUG_HOSTKEYS }, | - |
90 | { "*SSH Compatible Server*", | - |
91 | SSH_BUG_PASSWORDPAD }, | - |
92 | { "*OSU_0*," | - |
93 | "OSU_1.0*," | - |
94 | "OSU_1.1*," | - |
95 | "OSU_1.2*," | - |
96 | "OSU_1.3*," | - |
97 | "OSU_1.4*," | - |
98 | "OSU_1.5alpha1*," | - |
99 | "OSU_1.5alpha2*," | - |
100 | "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD }, | - |
101 | { "*SSH_Version_Mapper*", | - |
102 | SSH_BUG_SCANNER }, | - |
103 | { "PuTTY_Local:*," | - |
104 | "PuTTY-Release-0.5*," | - |
105 | "PuTTY_Release_0.5*," | - |
106 | "PuTTY_Release_0.60*," | - |
107 | "PuTTY_Release_0.61*," | - |
108 | "PuTTY_Release_0.62*," | - |
109 | "PuTTY_Release_0.63*," | - |
110 | "PuTTY_Release_0.64*", | - |
111 | SSH_OLD_DHGEX }, | - |
112 | { "FuTTY*", SSH_OLD_DHGEX }, | - |
113 | { "Probe-*", | - |
114 | SSH_BUG_PROBE }, | - |
115 | { "TeraTerm SSH*," | - |
116 | "TTSSH/1.5.*," | - |
117 | "TTSSH/2.1*," | - |
118 | "TTSSH/2.2*," | - |
119 | "TTSSH/2.3*," | - |
120 | "TTSSH/2.4*," | - |
121 | "TTSSH/2.5*," | - |
122 | "TTSSH/2.6*," | - |
123 | "TTSSH/2.70*," | - |
124 | "TTSSH/2.71*," | - |
125 | "TTSSH/2.72*", SSH_BUG_HOSTKEYS }, | - |
126 | { "WinSCP_release_4*," | - |
127 | "WinSCP_release_5.0*," | - |
128 | "WinSCP_release_5.1," | - |
129 | "WinSCP_release_5.1.*," | - |
130 | "WinSCP_release_5.5," | - |
131 | "WinSCP_release_5.5.*," | - |
132 | "WinSCP_release_5.6," | - |
133 | "WinSCP_release_5.6.*," | - |
134 | "WinSCP_release_5.7," | - |
135 | "WinSCP_release_5.7.1," | - |
136 | "WinSCP_release_5.7.2," | - |
137 | "WinSCP_release_5.7.3," | - |
138 | "WinSCP_release_5.7.4", | - |
139 | SSH_OLD_DHGEX }, | - |
140 | { "ConfD-*", | - |
141 | SSH_BUG_UTF8TTYMODE }, | - |
142 | { "Twisted_*", 0 }, | - |
143 | { "Twisted*", SSH_BUG_DEBUG }, | - |
144 | { NULL, 0 } | - |
145 | }; | - |
146 | | - |
147 | | - |
148 | for (i = 0; check[i].pat; i++) {TRUE | evaluated 576 times by 1 test | FALSE | never evaluated |
| 0-576 |
149 | if (match_pattern_list(version, check[i].pat, 0) == 1) {TRUE | evaluated 64 times by 1 test | FALSE | evaluated 512 times by 1 test |
| 64-512 |
150 | debug("match: %s pat %s compat 0x%08x", | - |
151 | version, check[i].pat, check[i].bugs); | - |
152 | datafellows = check[i].bugs; | - |
153 | return check[i].bugs;executed 64 times by 1 test: return check[i].bugs; | 64 |
154 | } | - |
155 | }executed 512 times by 1 test: end of block | 512 |
156 | debug("no match: %s", version); | - |
157 | return 0; never executed: return 0; | 0 |
158 | } | - |
159 | | - |
160 | #define SEP "," | - |
161 | int | - |
162 | proto_spec(const char *spec) | - |
163 | { | - |
164 | char *s, *p, *q; | - |
165 | int ret = SSH_PROTO_UNKNOWN; | - |
166 | | - |
167 | if (spec == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
168 | return ret; never executed: return ret; | 0 |
169 | q = s = strdup(spec); never executed: __retval = (char *) memcpy (__retval, spec , __len); TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
170 | if (s == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
171 | return ret; never executed: return ret; | 0 |
172 | for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
173 | switch (atoi(p)) { | - |
174 | case 2: never executed: case 2: | 0 |
175 | ret |= SSH_PROTO_2; | - |
176 | break; never executed: break; | 0 |
177 | default: never executed: default: | 0 |
178 | logit("ignoring bad proto spec: '%s'.", p); | - |
179 | break; never executed: break; | 0 |
180 | } | - |
181 | } | - |
182 | free(s); | - |
183 | return ret; never executed: return ret; | 0 |
184 | } | - |
185 | | - |
186 | char * | - |
187 | compat_cipher_proposal(char *cipher_prop) | - |
188 | { | - |
189 | if (!(datafellows & SSH_BUG_BIGENDIANAES))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
190 | return cipher_prop; never executed: return cipher_prop; | 0 |
191 | debug2("%s: original cipher proposal: %s", __func__, cipher_prop); | - |
192 | if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
193 | fatal("match_filter_blacklist failed"); never executed: fatal("match_filter_blacklist failed"); | 0 |
194 | debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); | - |
195 | if (*cipher_prop == '\0')TRUE | never evaluated | FALSE | never evaluated |
| 0 |
196 | fatal("No supported ciphers found"); never executed: fatal("No supported ciphers found"); | 0 |
197 | return cipher_prop; never executed: return cipher_prop; | 0 |
198 | } | - |
199 | | - |
200 | char * | - |
201 | compat_pkalg_proposal(char *pkalg_prop) | - |
202 | { | - |
203 | if (!(datafellows & SSH_BUG_RSASIGMD5))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
204 | return pkalg_prop; never executed: return pkalg_prop; | 0 |
205 | debug2("%s: original public key proposal: %s", __func__, pkalg_prop); | - |
206 | if ((pkalg_prop = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
207 | fatal("match_filter_blacklist failed"); never executed: fatal("match_filter_blacklist failed"); | 0 |
208 | debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); | - |
209 | if (*pkalg_prop == '\0')TRUE | never evaluated | FALSE | never evaluated |
| 0 |
210 | fatal("No supported PK algorithms found"); never executed: fatal("No supported PK algorithms found"); | 0 |
211 | return pkalg_prop; never executed: return pkalg_prop; | 0 |
212 | } | - |
213 | | - |
214 | char * | - |
215 | compat_kex_proposal(char *p) | - |
216 | { | - |
217 | if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
218 | return p; never executed: return p; | 0 |
219 | debug2("%s: original KEX proposal: %s", __func__, p); | - |
220 | if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
221 | if ((p = match_filter_blacklist(p,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
222 | "curve25519-sha256@libssh.org")) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
223 | fatal("match_filter_blacklist failed"); never executed: fatal("match_filter_blacklist failed"); | 0 |
224 | if ((datafellows & SSH_OLD_DHGEX) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
225 | if ((p = match_filter_blacklist(p,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
226 | "diffie-hellman-group-exchange-sha256,"TRUE | never evaluated | FALSE | never evaluated |
| 0 |
227 | "diffie-hellman-group-exchange-sha1")) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
228 | fatal("match_filter_blacklist failed"); never executed: fatal("match_filter_blacklist failed"); | 0 |
229 | } never executed: end of block | 0 |
230 | debug2("%s: compat KEX proposal: %s", __func__, p); | - |
231 | if (*p == '\0')TRUE | never evaluated | FALSE | never evaluated |
| 0 |
232 | fatal("No supported key exchange algorithms found"); never executed: fatal("No supported key exchange algorithms found"); | 0 |
233 | return p; never executed: return p; | 0 |
234 | } | - |
235 | | - |
| | |