Line | Count | Source (jump to first uncovered line) |
1 | | /* $OpenBSD: compat.c,v 1.126 2023/03/06 12:14:48 dtucker Exp $ */ |
2 | | /* |
3 | | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. |
4 | | * |
5 | | * Redistribution and use in source and binary forms, with or without |
6 | | * modification, are permitted provided that the following conditions |
7 | | * are met: |
8 | | * 1. Redistributions of source code must retain the above copyright |
9 | | * notice, this list of conditions and the following disclaimer. |
10 | | * 2. Redistributions in binary form must reproduce the above copyright |
11 | | * notice, this list of conditions and the following disclaimer in the |
12 | | * documentation and/or other materials provided with the distribution. |
13 | | * |
14 | | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
15 | | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
16 | | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
17 | | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
18 | | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
19 | | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
20 | | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
21 | | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
22 | | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 | | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | | */ |
25 | | |
26 | | #include "includes.h" |
27 | | |
28 | | #include <sys/types.h> |
29 | | |
30 | | #include <stdlib.h> |
31 | | #include <string.h> |
32 | | #include <stdarg.h> |
33 | | |
34 | | #include "xmalloc.h" |
35 | | #include "packet.h" |
36 | | #include "compat.h" |
37 | | #include "log.h" |
38 | | #include "match.h" |
39 | | |
40 | | /* determine bug flags from SSH protocol banner */ |
41 | | void |
42 | | compat_banner(struct ssh *ssh, const char *version) |
43 | 91.4k | { |
44 | 91.4k | int i; |
45 | 91.4k | static struct { |
46 | 91.4k | char *pat; |
47 | 91.4k | int bugs; |
48 | 91.4k | } check[] = { |
49 | 91.4k | { "OpenSSH_2.*," |
50 | 91.4k | "OpenSSH_3.0*," |
51 | 91.4k | "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR| |
52 | 91.4k | SSH_BUG_SIGTYPE}, |
53 | 91.4k | { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR|SSH_BUG_SIGTYPE }, |
54 | 91.4k | { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| |
55 | 91.4k | SSH_BUG_SIGTYPE}, |
56 | 91.4k | { "OpenSSH_2*," |
57 | 91.4k | "OpenSSH_3*," |
58 | 91.4k | "OpenSSH_4*", SSH_BUG_SIGTYPE }, |
59 | 91.4k | { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT| |
60 | 91.4k | SSH_BUG_SIGTYPE}, |
61 | 91.4k | { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE}, |
62 | 91.4k | { "OpenSSH_6.5*," |
63 | 91.4k | "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD| |
64 | 91.4k | SSH_BUG_SIGTYPE}, |
65 | 91.4k | { "OpenSSH_7.4*", SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE| |
66 | 91.4k | SSH_BUG_SIGTYPE74}, |
67 | 91.4k | { "OpenSSH_7.0*," |
68 | 91.4k | "OpenSSH_7.1*," |
69 | 91.4k | "OpenSSH_7.2*," |
70 | 91.4k | "OpenSSH_7.3*," |
71 | 91.4k | "OpenSSH_7.5*," |
72 | 91.4k | "OpenSSH_7.6*," |
73 | 91.4k | "OpenSSH_7.7*", SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE}, |
74 | 91.4k | { "OpenSSH*", SSH_NEW_OPENSSH }, |
75 | 91.4k | { "*MindTerm*", 0 }, |
76 | 91.4k | { "3.0.*", SSH_BUG_DEBUG }, |
77 | 91.4k | { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, |
78 | 91.4k | { "1.7 SecureFX*", SSH_OLD_SESSIONID }, |
79 | 91.4k | { "Cisco-1.*", SSH_BUG_DHGEX_LARGE| |
80 | 91.4k | SSH_BUG_HOSTKEYS }, |
81 | 91.4k | { "*SSH_Version_Mapper*", |
82 | 91.4k | SSH_BUG_SCANNER }, |
83 | 91.4k | { "PuTTY_Local:*," /* dev versions < Sep 2014 */ |
84 | 91.4k | "PuTTY-Release-0.5*," /* 0.50-0.57, DH-GEX in >=0.52 */ |
85 | 91.4k | "PuTTY_Release_0.5*," /* 0.58-0.59 */ |
86 | 91.4k | "PuTTY_Release_0.60*," |
87 | 91.4k | "PuTTY_Release_0.61*," |
88 | 91.4k | "PuTTY_Release_0.62*," |
89 | 91.4k | "PuTTY_Release_0.63*," |
90 | 91.4k | "PuTTY_Release_0.64*", |
91 | 91.4k | SSH_OLD_DHGEX }, |
92 | 91.4k | { "FuTTY*", SSH_OLD_DHGEX }, /* Putty Fork */ |
93 | 91.4k | { "Probe-*", |
94 | 91.4k | SSH_BUG_PROBE }, |
95 | 91.4k | { "TeraTerm SSH*," |
96 | 91.4k | "TTSSH/1.5.*," |
97 | 91.4k | "TTSSH/2.1*," |
98 | 91.4k | "TTSSH/2.2*," |
99 | 91.4k | "TTSSH/2.3*," |
100 | 91.4k | "TTSSH/2.4*," |
101 | 91.4k | "TTSSH/2.5*," |
102 | 91.4k | "TTSSH/2.6*," |
103 | 91.4k | "TTSSH/2.70*," |
104 | 91.4k | "TTSSH/2.71*," |
105 | 91.4k | "TTSSH/2.72*", SSH_BUG_HOSTKEYS }, |
106 | 91.4k | { "WinSCP_release_4*," |
107 | 91.4k | "WinSCP_release_5.0*," |
108 | 91.4k | "WinSCP_release_5.1," |
109 | 91.4k | "WinSCP_release_5.1.*," |
110 | 91.4k | "WinSCP_release_5.5," |
111 | 91.4k | "WinSCP_release_5.5.*," |
112 | 91.4k | "WinSCP_release_5.6," |
113 | 91.4k | "WinSCP_release_5.6.*," |
114 | 91.4k | "WinSCP_release_5.7," |
115 | 91.4k | "WinSCP_release_5.7.1," |
116 | 91.4k | "WinSCP_release_5.7.2," |
117 | 91.4k | "WinSCP_release_5.7.3," |
118 | 91.4k | "WinSCP_release_5.7.4", |
119 | 91.4k | SSH_OLD_DHGEX }, |
120 | 91.4k | { "ConfD-*", |
121 | 91.4k | SSH_BUG_UTF8TTYMODE }, |
122 | 91.4k | { "Twisted_*", 0 }, |
123 | 91.4k | { "Twisted*", SSH_BUG_DEBUG }, |
124 | 91.4k | { NULL, 0 } |
125 | 91.4k | }; |
126 | | |
127 | | /* process table, return first match */ |
128 | 91.4k | ssh->compat = 0; |
129 | 2.08M | for (i = 0; check[i].pat; i++) { |
130 | 2.00M | if (match_pattern_list(version, check[i].pat, 0) == 1) { |
131 | 13.0k | debug_f("match: %s pat %s compat 0x%08x", |
132 | 13.0k | version, check[i].pat, check[i].bugs); |
133 | 13.0k | ssh->compat = check[i].bugs; |
134 | 13.0k | return; |
135 | 13.0k | } |
136 | 2.00M | } |
137 | 78.4k | debug_f("no match: %s", version); |
138 | 78.4k | } |
139 | | |
140 | | /* Always returns pointer to allocated memory, caller must free. */ |
141 | | char * |
142 | | compat_kex_proposal(struct ssh *ssh, const char *p) |
143 | 179k | { |
144 | 179k | char *cp = NULL, *cp2 = NULL; |
145 | | |
146 | 179k | if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) |
147 | 179k | return xstrdup(p); |
148 | 0 | debug2_f("original KEX proposal: %s", p); |
149 | 0 | if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0) |
150 | 0 | if ((cp = match_filter_denylist(p, |
151 | 0 | "curve25519-sha256@libssh.org")) == NULL) |
152 | 0 | fatal("match_filter_denylist failed"); |
153 | 0 | if ((ssh->compat & SSH_OLD_DHGEX) != 0) { |
154 | 0 | if ((cp2 = match_filter_denylist(cp ? cp : p, |
155 | 0 | "diffie-hellman-group-exchange-sha256," |
156 | 0 | "diffie-hellman-group-exchange-sha1")) == NULL) |
157 | 0 | fatal("match_filter_denylist failed"); |
158 | 0 | free(cp); |
159 | 0 | cp = cp2; |
160 | 0 | } |
161 | 0 | if (cp == NULL || *cp == '\0') |
162 | 0 | fatal("No supported key exchange algorithms found"); |
163 | 0 | debug2_f("compat KEX proposal: %s", cp); |
164 | 0 | return cp; |
165 | 0 | } |
166 | | |