diff options
author | Vijay Anusuri <vanusuri@mvista.com> | 2023-12-22 20:07:20 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-12-29 05:29:14 -1000 |
commit | fc412fa80da3a85de1792b48b68f92ddfe0e033a (patch) | |
tree | 517f7619f24611ebf757be3386c3b3a2d8e68237 /meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch | |
parent | 0aa12e491969eac7050b6b2c6665a3fdbc070c3d (diff) | |
download | poky-fc412fa80da3a85de1792b48b68f92ddfe0e033a.tar.gz |
openssh: backport Debian patch for CVE-2023-48795
import patches from ubuntu to fix
CVE-2023-48795
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/openssh/tree/debian/patches?h=ubuntu%2Ffocal-security
Upstream commit https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5]
Reference: https://ubuntu.com/security/CVE-2023-48795
(From OE-Core rev: 4026a1cc3aa242a80c306b34b030f05d41b55dda)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch | 468 |
1 files changed, 468 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch new file mode 100644 index 0000000000..57c45e3d93 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch | |||
@@ -0,0 +1,468 @@ | |||
1 | (modified to not remove ssh_packet_read_expect(), to add to | ||
2 | KexAlgorithms in sshd.c and sshconnect2.c as this version pre-dates | ||
3 | kex_proposal_populate_entries(), replace debug*_f() with debug*(), | ||
4 | error*_f() with error*(), and fatal_f() with fatal()) | ||
5 | |||
6 | Backport of: | ||
7 | |||
8 | From 1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 Mon Sep 17 00:00:00 2001 | ||
9 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
10 | Date: Mon, 18 Dec 2023 14:45:17 +0000 | ||
11 | Subject: [PATCH] upstream: implement "strict key exchange" in ssh and sshd | ||
12 | |||
13 | This adds a protocol extension to improve the integrity of the SSH | ||
14 | transport protocol, particular in and around the initial key exchange | ||
15 | (KEX) phase. | ||
16 | |||
17 | Full details of the extension are in the PROTOCOL file. | ||
18 | |||
19 | with markus@ | ||
20 | |||
21 | OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14 | ||
22 | |||
23 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/openssh/tree/debian/patches/CVE-2023-48795.patch?h=ubuntu/focal-security | ||
24 | Upstream commit https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5] | ||
25 | CVE: CVE-2023-48795 | ||
26 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
27 | --- | ||
28 | PROTOCOL | 26 +++++++++++++++++ | ||
29 | kex.c | 68 +++++++++++++++++++++++++++++++++----------- | ||
30 | kex.h | 1 + | ||
31 | packet.c | 78 ++++++++++++++++++++++++++++++++++++++------------- | ||
32 | sshconnect2.c | 14 +++------ | ||
33 | sshd.c | 7 +++-- | ||
34 | 6 files changed, 146 insertions(+), 48 deletions(-) | ||
35 | |||
36 | diff --git a/PROTOCOL b/PROTOCOL | ||
37 | index f75c1c0..89bddfe 100644 | ||
38 | --- a/PROTOCOL | ||
39 | +++ b/PROTOCOL | ||
40 | @@ -102,6 +102,32 @@ OpenSSH supports the use of ECDH in Curve25519 for key exchange as | ||
41 | described at: | ||
42 | http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha256@libssh.org.txt?h=curve25519 | ||
43 | |||
44 | +1.9 transport: strict key exchange extension | ||
45 | + | ||
46 | +OpenSSH supports a number of transport-layer hardening measures under | ||
47 | +a "strict KEX" feature. This feature is signalled similarly to the | ||
48 | +RFC8308 ext-info feature: by including a additional algorithm in the | ||
49 | +initiial SSH2_MSG_KEXINIT kex_algorithms field. The client may append | ||
50 | +"kex-strict-c-v00@openssh.com" to its kex_algorithms and the server | ||
51 | +may append "kex-strict-s-v00@openssh.com". These pseudo-algorithms | ||
52 | +are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored | ||
53 | +if they are present in subsequent SSH2_MSG_KEXINIT packets. | ||
54 | + | ||
55 | +When an endpoint that supports this extension observes this algorithm | ||
56 | +name in a peer's KEXINIT packet, it MUST make the following changes to | ||
57 | +the the protocol: | ||
58 | + | ||
59 | +a) During initial KEX, terminate the connection if any unexpected or | ||
60 | + out-of-sequence packet is received. This includes terminating the | ||
61 | + connection if the first packet received is not SSH2_MSG_KEXINIT. | ||
62 | + Unexpected packets for the purpose of strict KEX include messages | ||
63 | + that are otherwise valid at any time during the connection such as | ||
64 | + SSH2_MSG_DEBUG and SSH2_MSG_IGNORE. | ||
65 | +b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the | ||
66 | + packet sequence number to zero. This behaviour persists for the | ||
67 | + duration of the connection (i.e. not just the first | ||
68 | + SSH2_MSG_NEWKEYS). | ||
69 | + | ||
70 | 2. Connection protocol changes | ||
71 | |||
72 | 2.1. connection: Channel write close extension "eow@openssh.com" | ||
73 | diff --git a/kex.c b/kex.c | ||
74 | index ce85f04..3129a4e 100644 | ||
75 | --- a/kex.c | ||
76 | +++ b/kex.c | ||
77 | @@ -63,7 +63,7 @@ | ||
78 | #include "digest.h" | ||
79 | |||
80 | /* prototype */ | ||
81 | -static int kex_choose_conf(struct ssh *); | ||
82 | +static int kex_choose_conf(struct ssh *, uint32_t seq); | ||
83 | static int kex_input_newkeys(int, u_int32_t, struct ssh *); | ||
84 | |||
85 | static const char *proposal_names[PROPOSAL_MAX] = { | ||
86 | @@ -173,6 +173,18 @@ kex_names_valid(const char *names) | ||
87 | return 1; | ||
88 | } | ||
89 | |||
90 | +/* returns non-zero if proposal contains any algorithm from algs */ | ||
91 | +static int | ||
92 | +has_any_alg(const char *proposal, const char *algs) | ||
93 | +{ | ||
94 | + char *cp; | ||
95 | + | ||
96 | + if ((cp = match_list(proposal, algs, NULL)) == NULL) | ||
97 | + return 0; | ||
98 | + free(cp); | ||
99 | + return 1; | ||
100 | +} | ||
101 | + | ||
102 | /* | ||
103 | * Concatenate algorithm names, avoiding duplicates in the process. | ||
104 | * Caller must free returned string. | ||
105 | @@ -180,7 +192,7 @@ kex_names_valid(const char *names) | ||
106 | char * | ||
107 | kex_names_cat(const char *a, const char *b) | ||
108 | { | ||
109 | - char *ret = NULL, *tmp = NULL, *cp, *p, *m; | ||
110 | + char *ret = NULL, *tmp = NULL, *cp, *p; | ||
111 | size_t len; | ||
112 | |||
113 | if (a == NULL || *a == '\0') | ||
114 | @@ -197,10 +209,8 @@ kex_names_cat(const char *a, const char *b) | ||
115 | } | ||
116 | strlcpy(ret, a, len); | ||
117 | for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { | ||
118 | - if ((m = match_list(ret, p, NULL)) != NULL) { | ||
119 | - free(m); | ||
120 | + if (has_any_alg(ret, p)) | ||
121 | continue; /* Algorithm already present */ | ||
122 | - } | ||
123 | if (strlcat(ret, ",", len) >= len || | ||
124 | strlcat(ret, p, len) >= len) { | ||
125 | free(tmp); | ||
126 | @@ -409,7 +419,12 @@ kex_protocol_error(int type, u_int32_t seq, struct ssh *ssh) | ||
127 | { | ||
128 | int r; | ||
129 | |||
130 | - error("kex protocol error: type %d seq %u", type, seq); | ||
131 | + /* If in strict mode, any unexpected message is an error */ | ||
132 | + if ((ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict) { | ||
133 | + ssh_packet_disconnect(ssh, "strict KEX violation: " | ||
134 | + "unexpected packet type %u (seqnr %u)", type, seq); | ||
135 | + } | ||
136 | + error("type %u seq %u", type, seq); | ||
137 | if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 || | ||
138 | (r = sshpkt_put_u32(ssh, seq)) != 0 || | ||
139 | (r = sshpkt_send(ssh)) != 0) | ||
140 | @@ -481,6 +496,11 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh) | ||
141 | ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error); | ||
142 | if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0) | ||
143 | return r; | ||
144 | + if (ninfo >= 1024) { | ||
145 | + error("SSH2_MSG_EXT_INFO with too many entries, expected " | ||
146 | + "<=1024, received %u", ninfo); | ||
147 | + return dispatch_protocol_error(type, seq, ssh); | ||
148 | + } | ||
149 | for (i = 0; i < ninfo; i++) { | ||
150 | if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0) | ||
151 | return r; | ||
152 | @@ -581,7 +601,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh) | ||
153 | error("%s: no hex", __func__); | ||
154 | return SSH_ERR_INTERNAL_ERROR; | ||
155 | } | ||
156 | - ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); | ||
157 | + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_protocol_error); | ||
158 | ptr = sshpkt_ptr(ssh, &dlen); | ||
159 | if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) | ||
160 | return r; | ||
161 | @@ -617,7 +637,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh) | ||
162 | if (!(kex->flags & KEX_INIT_SENT)) | ||
163 | if ((r = kex_send_kexinit(ssh)) != 0) | ||
164 | return r; | ||
165 | - if ((r = kex_choose_conf(ssh)) != 0) | ||
166 | + if ((r = kex_choose_conf(ssh, seq)) != 0) | ||
167 | return r; | ||
168 | |||
169 | if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL) | ||
170 | @@ -880,7 +900,13 @@ proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX]) | ||
171 | } | ||
172 | |||
173 | static int | ||
174 | -kex_choose_conf(struct ssh *ssh) | ||
175 | +kexalgs_contains(char **peer, const char *ext) | ||
176 | +{ | ||
177 | + return has_any_alg(peer[PROPOSAL_KEX_ALGS], ext); | ||
178 | +} | ||
179 | + | ||
180 | +static int | ||
181 | +kex_choose_conf(struct ssh *ssh, uint32_t seq) | ||
182 | { | ||
183 | struct kex *kex = ssh->kex; | ||
184 | struct newkeys *newkeys; | ||
185 | @@ -905,13 +931,23 @@ kex_choose_conf(struct ssh *ssh) | ||
186 | sprop=peer; | ||
187 | } | ||
188 | |||
189 | - /* Check whether client supports ext_info_c */ | ||
190 | - if (kex->server && (kex->flags & KEX_INITIAL)) { | ||
191 | - char *ext; | ||
192 | - | ||
193 | - ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL); | ||
194 | - kex->ext_info_c = (ext != NULL); | ||
195 | - free(ext); | ||
196 | + /* Check whether peer supports ext_info/kex_strict */ | ||
197 | + if ((kex->flags & KEX_INITIAL) != 0) { | ||
198 | + if (kex->server) { | ||
199 | + kex->ext_info_c = kexalgs_contains(peer, "ext-info-c"); | ||
200 | + kex->kex_strict = kexalgs_contains(peer, | ||
201 | + "kex-strict-c-v00@openssh.com"); | ||
202 | + } else { | ||
203 | + kex->kex_strict = kexalgs_contains(peer, | ||
204 | + "kex-strict-s-v00@openssh.com"); | ||
205 | + } | ||
206 | + if (kex->kex_strict) { | ||
207 | + debug3("will use strict KEX ordering"); | ||
208 | + if (seq != 0) | ||
209 | + ssh_packet_disconnect(ssh, | ||
210 | + "strict KEX violation: " | ||
211 | + "KEXINIT was not the first packet"); | ||
212 | + } | ||
213 | } | ||
214 | |||
215 | /* Algorithm Negotiation */ | ||
216 | diff --git a/kex.h b/kex.h | ||
217 | index a5ae6ac..cae38f7 100644 | ||
218 | --- a/kex.h | ||
219 | +++ b/kex.h | ||
220 | @@ -145,6 +145,7 @@ struct kex { | ||
221 | u_int kex_type; | ||
222 | char *server_sig_algs; | ||
223 | int ext_info_c; | ||
224 | + int kex_strict; | ||
225 | struct sshbuf *my; | ||
226 | struct sshbuf *peer; | ||
227 | struct sshbuf *client_version; | ||
228 | diff --git a/packet.c b/packet.c | ||
229 | index 6d3e917..43139f9 100644 | ||
230 | --- a/packet.c | ||
231 | +++ b/packet.c | ||
232 | @@ -1203,8 +1203,13 @@ ssh_packet_send2_wrapped(struct ssh *ssh) | ||
233 | sshbuf_dump(state->output, stderr); | ||
234 | #endif | ||
235 | /* increment sequence number for outgoing packets */ | ||
236 | - if (++state->p_send.seqnr == 0) | ||
237 | + if (++state->p_send.seqnr == 0) { | ||
238 | + if ((ssh->kex->flags & KEX_INITIAL) != 0) { | ||
239 | + ssh_packet_disconnect(ssh, "outgoing sequence number " | ||
240 | + "wrapped during initial key exchange"); | ||
241 | + } | ||
242 | logit("outgoing seqnr wraps around"); | ||
243 | + } | ||
244 | if (++state->p_send.packets == 0) | ||
245 | if (!(ssh->compat & SSH_BUG_NOREKEY)) | ||
246 | return SSH_ERR_NEED_REKEY; | ||
247 | @@ -1212,6 +1217,11 @@ ssh_packet_send2_wrapped(struct ssh *ssh) | ||
248 | state->p_send.bytes += len; | ||
249 | sshbuf_reset(state->outgoing_packet); | ||
250 | |||
251 | + if (type == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) { | ||
252 | + debug("resetting send seqnr %u", state->p_send.seqnr); | ||
253 | + state->p_send.seqnr = 0; | ||
254 | + } | ||
255 | + | ||
256 | if (type == SSH2_MSG_NEWKEYS) | ||
257 | r = ssh_set_newkeys(ssh, MODE_OUT); | ||
258 | else if (type == SSH2_MSG_USERAUTH_SUCCESS && state->server_side) | ||
259 | @@ -1345,8 +1355,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | ||
260 | /* Stay in the loop until we have received a complete packet. */ | ||
261 | for (;;) { | ||
262 | /* Try to read a packet from the buffer. */ | ||
263 | - r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p); | ||
264 | - if (r != 0) | ||
265 | + if ((r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p)) != 0) | ||
266 | break; | ||
267 | /* If we got a packet, return it. */ | ||
268 | if (*typep != SSH_MSG_NONE) | ||
269 | @@ -1633,10 +1642,16 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | ||
270 | if ((r = sshbuf_consume(state->input, mac->mac_len)) != 0) | ||
271 | goto out; | ||
272 | } | ||
273 | + | ||
274 | if (seqnr_p != NULL) | ||
275 | *seqnr_p = state->p_read.seqnr; | ||
276 | - if (++state->p_read.seqnr == 0) | ||
277 | + if (++state->p_read.seqnr == 0) { | ||
278 | + if ((ssh->kex->flags & KEX_INITIAL) != 0) { | ||
279 | + ssh_packet_disconnect(ssh, "incoming sequence number " | ||
280 | + "wrapped during initial key exchange"); | ||
281 | + } | ||
282 | logit("incoming seqnr wraps around"); | ||
283 | + } | ||
284 | if (++state->p_read.packets == 0) | ||
285 | if (!(ssh->compat & SSH_BUG_NOREKEY)) | ||
286 | return SSH_ERR_NEED_REKEY; | ||
287 | @@ -1702,6 +1717,10 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | ||
288 | #endif | ||
289 | /* reset for next packet */ | ||
290 | state->packlen = 0; | ||
291 | + if (*typep == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) { | ||
292 | + debug("resetting read seqnr %u", state->p_read.seqnr); | ||
293 | + state->p_read.seqnr = 0; | ||
294 | + } | ||
295 | |||
296 | /* do we need to rekey? */ | ||
297 | if (ssh_packet_need_rekeying(ssh, 0)) { | ||
298 | @@ -1726,10 +1745,39 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | ||
299 | r = ssh_packet_read_poll2(ssh, typep, seqnr_p); | ||
300 | if (r != 0) | ||
301 | return r; | ||
302 | - if (*typep) { | ||
303 | - state->keep_alive_timeouts = 0; | ||
304 | - DBG(debug("received packet type %d", *typep)); | ||
305 | + if (*typep == 0) { | ||
306 | + /* no message ready */ | ||
307 | + return 0; | ||
308 | + } | ||
309 | + state->keep_alive_timeouts = 0; | ||
310 | + DBG(debug("received packet type %d", *typep)); | ||
311 | + | ||
312 | + /* Always process disconnect messages */ | ||
313 | + if (*typep == SSH2_MSG_DISCONNECT) { | ||
314 | + if ((r = sshpkt_get_u32(ssh, &reason)) != 0 || | ||
315 | + (r = sshpkt_get_string(ssh, &msg, NULL)) != 0) | ||
316 | + return r; | ||
317 | + /* Ignore normal client exit notifications */ | ||
318 | + do_log2(ssh->state->server_side && | ||
319 | + reason == SSH2_DISCONNECT_BY_APPLICATION ? | ||
320 | + SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, | ||
321 | + "Received disconnect from %s port %d:" | ||
322 | + "%u: %.400s", ssh_remote_ipaddr(ssh), | ||
323 | + ssh_remote_port(ssh), reason, msg); | ||
324 | + free(msg); | ||
325 | + return SSH_ERR_DISCONNECTED; | ||
326 | } | ||
327 | + | ||
328 | + /* | ||
329 | + * Do not implicitly handle any messages here during initial | ||
330 | + * KEX when in strict mode. They will be need to be allowed | ||
331 | + * explicitly by the KEX dispatch table or they will generate | ||
332 | + * protocol errors. | ||
333 | + */ | ||
334 | + if (ssh->kex != NULL && | ||
335 | + (ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict) | ||
336 | + return 0; | ||
337 | + /* Implicitly handle transport-level messages */ | ||
338 | switch (*typep) { | ||
339 | case SSH2_MSG_IGNORE: | ||
340 | debug3("Received SSH2_MSG_IGNORE"); | ||
341 | @@ -1744,19 +1792,6 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | ||
342 | debug("Remote: %.900s", msg); | ||
343 | free(msg); | ||
344 | break; | ||
345 | - case SSH2_MSG_DISCONNECT: | ||
346 | - if ((r = sshpkt_get_u32(ssh, &reason)) != 0 || | ||
347 | - (r = sshpkt_get_string(ssh, &msg, NULL)) != 0) | ||
348 | - return r; | ||
349 | - /* Ignore normal client exit notifications */ | ||
350 | - do_log2(ssh->state->server_side && | ||
351 | - reason == SSH2_DISCONNECT_BY_APPLICATION ? | ||
352 | - SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, | ||
353 | - "Received disconnect from %s port %d:" | ||
354 | - "%u: %.400s", ssh_remote_ipaddr(ssh), | ||
355 | - ssh_remote_port(ssh), reason, msg); | ||
356 | - free(msg); | ||
357 | - return SSH_ERR_DISCONNECTED; | ||
358 | case SSH2_MSG_UNIMPLEMENTED: | ||
359 | if ((r = sshpkt_get_u32(ssh, &seqnr)) != 0) | ||
360 | return r; | ||
361 | @@ -2235,6 +2270,7 @@ kex_to_blob(struct sshbuf *m, struct kex *kex) | ||
362 | (r = sshbuf_put_u32(m, kex->hostkey_type)) != 0 || | ||
363 | (r = sshbuf_put_u32(m, kex->hostkey_nid)) != 0 || | ||
364 | (r = sshbuf_put_u32(m, kex->kex_type)) != 0 || | ||
365 | + (r = sshbuf_put_u32(m, kex->kex_strict)) != 0 || | ||
366 | (r = sshbuf_put_stringb(m, kex->my)) != 0 || | ||
367 | (r = sshbuf_put_stringb(m, kex->peer)) != 0 || | ||
368 | (r = sshbuf_put_stringb(m, kex->client_version)) != 0 || | ||
369 | @@ -2397,6 +2433,7 @@ kex_from_blob(struct sshbuf *m, struct kex **kexp) | ||
370 | (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_type)) != 0 || | ||
371 | (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_nid)) != 0 || | ||
372 | (r = sshbuf_get_u32(m, &kex->kex_type)) != 0 || | ||
373 | + (r = sshbuf_get_u32(m, &kex->kex_strict)) != 0 || | ||
374 | (r = sshbuf_get_stringb(m, kex->my)) != 0 || | ||
375 | (r = sshbuf_get_stringb(m, kex->peer)) != 0 || | ||
376 | (r = sshbuf_get_stringb(m, kex->client_version)) != 0 || | ||
377 | @@ -2724,6 +2761,7 @@ sshpkt_disconnect(struct ssh *ssh, const char *fmt,...) | ||
378 | vsnprintf(buf, sizeof(buf), fmt, args); | ||
379 | va_end(args); | ||
380 | |||
381 | + debug2("sending SSH2_MSG_DISCONNECT: %s", buf); | ||
382 | if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 || | ||
383 | (r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_PROTOCOL_ERROR)) != 0 || | ||
384 | (r = sshpkt_put_cstring(ssh, buf)) != 0 || | ||
385 | diff --git a/sshconnect2.c b/sshconnect2.c | ||
386 | index 5df9477..617ed9f 100644 | ||
387 | --- a/sshconnect2.c | ||
388 | +++ b/sshconnect2.c | ||
389 | @@ -218,7 +218,8 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) | ||
390 | fatal("%s: kex_assemble_namelist", __func__); | ||
391 | free(all_key); | ||
392 | |||
393 | - if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) | ||
394 | + if ((s = kex_names_cat(options.kex_algorithms, | ||
395 | + "ext-info-c,kex-strict-c-v00@openssh.com")) == NULL) | ||
396 | fatal("%s: kex_names_cat", __func__); | ||
397 | myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s); | ||
398 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = | ||
399 | @@ -343,7 +344,6 @@ struct cauthmethod { | ||
400 | }; | ||
401 | |||
402 | static int input_userauth_service_accept(int, u_int32_t, struct ssh *); | ||
403 | -static int input_userauth_ext_info(int, u_int32_t, struct ssh *); | ||
404 | static int input_userauth_success(int, u_int32_t, struct ssh *); | ||
405 | static int input_userauth_failure(int, u_int32_t, struct ssh *); | ||
406 | static int input_userauth_banner(int, u_int32_t, struct ssh *); | ||
407 | @@ -460,7 +460,7 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, | ||
408 | |||
409 | ssh->authctxt = &authctxt; | ||
410 | ssh_dispatch_init(ssh, &input_userauth_error); | ||
411 | - ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); | ||
412 | + ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, kex_input_ext_info); | ||
413 | ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); | ||
414 | ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */ | ||
415 | pubkey_cleanup(ssh); | ||
416 | @@ -505,13 +505,6 @@ input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) | ||
417 | return r; | ||
418 | } | ||
419 | |||
420 | -/* ARGSUSED */ | ||
421 | -static int | ||
422 | -input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh) | ||
423 | -{ | ||
424 | - return kex_input_ext_info(type, seqnr, ssh); | ||
425 | -} | ||
426 | - | ||
427 | void | ||
428 | userauth(struct ssh *ssh, char *authlist) | ||
429 | { | ||
430 | @@ -593,6 +586,7 @@ input_userauth_success(int type, u_int32_t seq, struct ssh *ssh) | ||
431 | free(authctxt->methoddata); | ||
432 | authctxt->methoddata = NULL; | ||
433 | authctxt->success = 1; /* break out */ | ||
434 | + ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, dispatch_protocol_error); | ||
435 | return 0; | ||
436 | } | ||
437 | |||
438 | diff --git a/sshd.c b/sshd.c | ||
439 | index 60b2aaf..ffea38c 100644 | ||
440 | --- a/sshd.c | ||
441 | +++ b/sshd.c | ||
442 | @@ -2323,11 +2323,13 @@ static void | ||
443 | do_ssh2_kex(struct ssh *ssh) | ||
444 | { | ||
445 | char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; | ||
446 | + char *s; | ||
447 | struct kex *kex; | ||
448 | int r; | ||
449 | |||
450 | - myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( | ||
451 | - options.kex_algorithms); | ||
452 | + if ((s = kex_names_cat(options.kex_algorithms, "kex-strict-s-v00@openssh.com")) == NULL) | ||
453 | + fatal("kex_names_cat"); | ||
454 | + myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s); | ||
455 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal( | ||
456 | options.ciphers); | ||
457 | myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal( | ||
458 | @@ -2382,6 +2384,7 @@ do_ssh2_kex(struct ssh *ssh) | ||
459 | packet_send(); | ||
460 | packet_write_wait(); | ||
461 | #endif | ||
462 | + free(s); | ||
463 | debug("KEX done"); | ||
464 | } | ||
465 | |||
466 | -- | ||
467 | 2.25.1 | ||
468 | |||