aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/bignum.c2
-rw-r--r--src/channels.c52
-rw-r--r--src/getpass.c12
-rw-r--r--src/gssapi.c4
-rw-r--r--src/kdf.c2
-rw-r--r--src/kex.c6
-rw-r--r--src/libcrypto.c2
-rw-r--r--src/messages.c4
-rw-r--r--src/packet.c9
-rw-r--r--src/pki.c8
-rw-r--r--src/pki_crypto.c2
-rw-r--r--src/pki_mbedcrypto.c2
-rw-r--r--src/wrapper.c2
13 files changed, 72 insertions, 35 deletions
diff --git a/src/bignum.c b/src/bignum.c
index ef8de31f..e9b95194 100644
--- a/src/bignum.c
+++ b/src/bignum.c
@@ -86,7 +86,7 @@ void ssh_print_bignum(const char *name, const_bignum num)
if (num != NULL) {
bignum_bn2hex(num, &hex);
}
- fprintf(stderr, "%s value: %s\n", name, (hex == NULL) ? "(null)" : (char *) hex);
+ SSH_LOG(SSH_LOG_DEBUG, "%s value: %s\n", name, (hex == NULL) ? "(null)" : (char *) hex);
#ifdef HAVE_LIBGCRYPT
SAFE_FREE(hex);
#elif defined HAVE_LIBCRYPTO
diff --git a/src/channels.c b/src/channels.c
index 112a38f9..6e9fcfc1 100644
--- a/src/channels.c
+++ b/src/channels.c
@@ -717,7 +717,7 @@ SSH_PACKET_CALLBACK(channel_rcv_close) {
SSH_PACKET_CALLBACK(channel_rcv_request) {
ssh_channel channel;
char *request=NULL;
- uint8_t status;
+ uint8_t want_reply;
int rc;
(void)user;
(void)type;
@@ -730,7 +730,7 @@ SSH_PACKET_CALLBACK(channel_rcv_request) {
rc = ssh_buffer_unpack(packet, "sb",
&request,
- &status);
+ &want_reply);
if (rc != SSH_OK) {
SSH_LOG(SSH_LOG_PACKET, "Invalid MSG_CHANNEL_REQUEST");
return SSH_PACKET_USED;
@@ -838,13 +838,34 @@ SSH_PACKET_CALLBACK(channel_rcv_request) {
}
if (strcmp(request, "auth-agent-req@openssh.com") == 0) {
+ int status;
+
SAFE_FREE(request);
SSH_LOG(SSH_LOG_PROTOCOL, "Received an auth-agent-req request");
- ssh_callbacks_execute_list(channel->callbacks,
- ssh_channel_callbacks,
- channel_auth_agent_req_function,
- channel->session,
- channel);
+
+ status = SSH2_MSG_CHANNEL_FAILURE;
+ ssh_callbacks_iterate(channel->callbacks,
+ ssh_channel_callbacks,
+ channel_auth_agent_req_function) {
+ ssh_callbacks_iterate_exec(channel_auth_agent_req_function,
+ channel->session,
+ channel);
+ /* in lieu of a return value, if the callback exists it's supported */
+ status = SSH2_MSG_CHANNEL_SUCCESS;
+ break;
+ }
+ ssh_callbacks_iterate_end();
+
+ if (want_reply) {
+ rc = ssh_buffer_pack(session->out_buffer,
+ "bd",
+ status,
+ channel->remote_channel);
+ if (rc != SSH_OK) {
+ return SSH_PACKET_USED;
+ }
+ ssh_packet_send(session);
+ }
return SSH_PACKET_USED;
}
@@ -853,11 +874,11 @@ SSH_PACKET_CALLBACK(channel_rcv_request) {
* client requests. That means we need to create a ssh message to be passed
* to the user code handling ssh messages
*/
- ssh_message_handle_channel_request(session,channel,packet,request,status);
+ ssh_message_handle_channel_request(session,channel,packet,request,want_reply);
#else
SSH_LOG(SSH_LOG_WARNING, "Unhandled channel request %s", request);
#endif
-
+
SAFE_FREE(request);
return SSH_PACKET_USED;
@@ -3065,6 +3086,8 @@ int ssh_channel_read_nonblocking(ssh_channel channel,
*
* @return The number of bytes available for reading, 0 if nothing
* is available or SSH_ERROR on error.
+ * When a channel is freed the function returns
+ * SSH_ERROR immediately.
*
* @warning When the channel is in EOF state, the function returns SSH_EOF.
*
@@ -3073,7 +3096,7 @@ int ssh_channel_read_nonblocking(ssh_channel channel,
int ssh_channel_poll(ssh_channel channel, int is_stderr){
ssh_buffer stdbuf;
- if(channel == NULL) {
+ if ((channel == NULL) || (channel->flags & SSH_CHANNEL_FLAG_FREED_LOCAL)) {
return SSH_ERROR;
}
@@ -3119,6 +3142,7 @@ int ssh_channel_poll(ssh_channel channel, int is_stderr){
* SSH_ERROR on error.
*
* @warning When the channel is in EOF state, the function returns SSH_EOF.
+ * When a channel is freed the function returns SSH_ERROR immediately.
*
* @see ssh_channel_is_eof()
*/
@@ -3130,7 +3154,7 @@ int ssh_channel_poll_timeout(ssh_channel channel, int timeout, int is_stderr)
size_t len;
int rc;
- if (channel == NULL) {
+ if ((channel == NULL) || (channel->flags & SSH_CHANNEL_FLAG_FREED_LOCAL)) {
return SSH_ERROR;
}
@@ -3212,6 +3236,8 @@ static int ssh_channel_exit_status_termination(void *c){
* (yet), or SSH_ERROR on error.
* @warning This function may block until a timeout (or never)
* if the other side is not willing to close the channel.
+ * When a channel is freed the function returns
+ * SSH_ERROR immediately.
*
* If you're looking for an async handling of this register a callback for the
* exit status.
@@ -3220,7 +3246,7 @@ static int ssh_channel_exit_status_termination(void *c){
*/
int ssh_channel_get_exit_status(ssh_channel channel) {
int rc;
- if(channel == NULL) {
+ if ((channel == NULL) || (channel->flags & SSH_CHANNEL_FLAG_FREED_LOCAL)) {
return SSH_ERROR;
}
rc = ssh_handle_packets_termination(channel->session,
@@ -3569,7 +3595,7 @@ error:
* forward the content of a socket to the channel. You still have to
* use channel_read and channel_write for this.
*/
-int ssh_channel_open_x11(ssh_channel channel,
+int ssh_channel_open_x11(ssh_channel channel,
const char *orig_addr, int orig_port) {
ssh_session session;
ssh_buffer payload = NULL;
diff --git a/src/getpass.c b/src/getpass.c
index 99627665..c00d0f54 100644
--- a/src/getpass.c
+++ b/src/getpass.c
@@ -255,7 +255,11 @@ int ssh_getpass(const char *prompt,
/* disable nonblocking I/O */
if (fd & O_NDELAY) {
- fcntl(0, F_SETFL, fd & ~O_NDELAY);
+ ok = fcntl(0, F_SETFL, fd & ~O_NDELAY);
+ if (ok < 0) {
+ perror("fcntl");
+ return -1;
+ }
}
ok = ssh_gets(prompt, buf, len, verify);
@@ -267,7 +271,11 @@ int ssh_getpass(const char *prompt,
/* close fd */
if (fd & O_NDELAY) {
- fcntl(0, F_SETFL, fd);
+ ok = fcntl(0, F_SETFL, fd);
+ if (ok < 0) {
+ perror("fcntl");
+ return -1;
+ }
}
if (!ok) {
diff --git a/src/gssapi.c b/src/gssapi.c
index 488df582..1d0fb6ae 100644
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -465,8 +465,8 @@ static ssh_buffer ssh_gssapi_build_mic(ssh_session session)
rc = ssh_buffer_pack(mic_buffer,
"dPbsss",
- crypto->digest_len,
- (size_t)crypto->digest_len, crypto->session_id,
+ crypto->session_id_len,
+ crypto->session_id_len, crypto->session_id,
SSH2_MSG_USERAUTH_REQUEST,
session->gssapi->user,
"ssh-connection",
diff --git a/src/kdf.c b/src/kdf.c
index 0e90e188..09644739 100644
--- a/src/kdf.c
+++ b/src/kdf.c
@@ -138,7 +138,7 @@ int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
ssh_mac_update(ctx, key, key_len);
ssh_mac_update(ctx, crypto->secret_hash, crypto->digest_len);
ssh_mac_update(ctx, &letter, 1);
- ssh_mac_update(ctx, crypto->session_id, crypto->digest_len);
+ ssh_mac_update(ctx, crypto->session_id, crypto->session_id_len);
ssh_mac_final(digest, ctx);
if (requested_len < output_len) {
diff --git a/src/kex.c b/src/kex.c
index d2ee93ba..21641cf0 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -1233,11 +1233,13 @@ int ssh_make_sessionid(ssh_session session)
}
memcpy(session->next_crypto->session_id, session->next_crypto->secret_hash,
session->next_crypto->digest_len);
+ /* Initial length is the same as secret hash */
+ session->next_crypto->session_id_len = session->next_crypto->digest_len;
}
#ifdef DEBUG_CRYPTO
- printf("Session hash: \n");
+ SSH_LOG(SSH_LOG_DEBUG, "Session hash: \n");
ssh_log_hexdump("secret hash", session->next_crypto->secret_hash, session->next_crypto->digest_len);
- ssh_log_hexdump("session id", session->next_crypto->session_id, session->next_crypto->digest_len);
+ ssh_log_hexdump("session id", session->next_crypto->session_id, session->next_crypto->session_id_len);
#endif
rc = SSH_OK;
diff --git a/src/libcrypto.c b/src/libcrypto.c
index c14eeeea..e94ee9ab 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -388,7 +388,7 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
goto out;
}
rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID,
- crypto->session_id, crypto->digest_len);
+ crypto->session_id, crypto->session_id_len);
if (rc != 1) {
goto out;
}
diff --git a/src/messages.c b/src/messages.c
index c7fcc887..a772d488 100644
--- a/src/messages.c
+++ b/src/messages.c
@@ -714,8 +714,8 @@ static ssh_buffer ssh_msg_userauth_build_digest(ssh_session session,
rc = ssh_buffer_pack(buffer,
"dPbsssbsS",
- crypto->digest_len, /* session ID string */
- (size_t)crypto->digest_len, crypto->session_id,
+ crypto->session_id_len, /* session ID string */
+ crypto->session_id_len, crypto->session_id,
SSH2_MSG_USERAUTH_REQUEST, /* type */
msg->auth_request.username,
service,
diff --git a/src/packet.c b/src/packet.c
index 93591565..66f445d7 100644
--- a/src/packet.c
+++ b/src/packet.c
@@ -1903,7 +1903,7 @@ ssh_packet_set_newkeys(ssh_session session,
/* Both sides switched: do the actual switch now */
if (session->next_crypto->used == SSH_DIRECTION_BOTH) {
- size_t digest_len;
+ size_t session_id_len;
if (session->current_crypto != NULL) {
crypto_free(session->current_crypto);
@@ -1920,8 +1920,8 @@ ssh_packet_set_newkeys(ssh_session session,
return SSH_ERROR;
}
- digest_len = session->current_crypto->digest_len;
- session->next_crypto->session_id = malloc(digest_len);
+ session_id_len = session->current_crypto->session_id_len;
+ session->next_crypto->session_id = malloc(session_id_len);
if (session->next_crypto->session_id == NULL) {
ssh_set_error_oom(session);
return SSH_ERROR;
@@ -1929,7 +1929,8 @@ ssh_packet_set_newkeys(ssh_session session,
memcpy(session->next_crypto->session_id,
session->current_crypto->session_id,
- digest_len);
+ session_id_len);
+ session->next_crypto->session_id_len = session_id_len;
return SSH_OK;
}
diff --git a/src/pki.c b/src/pki.c
index 5d57ca71..dc7992f6 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -2562,11 +2562,11 @@ ssh_string ssh_pki_do_sign(ssh_session session,
}
/* Get the session ID */
- session_id = ssh_string_new(crypto->digest_len);
+ session_id = ssh_string_new(crypto->session_id_len);
if (session_id == NULL) {
return NULL;
}
- rc = ssh_string_fill(session_id, crypto->session_id, crypto->digest_len);
+ rc = ssh_string_fill(session_id, crypto->session_id, crypto->session_id_len);
if (rc < 0) {
goto end;
}
@@ -2626,11 +2626,11 @@ ssh_string ssh_pki_do_sign_agent(ssh_session session,
}
/* prepend session identifier */
- session_id = ssh_string_new(crypto->digest_len);
+ session_id = ssh_string_new(crypto->session_id_len);
if (session_id == NULL) {
return NULL;
}
- rc = ssh_string_fill(session_id, crypto->session_id, crypto->digest_len);
+ rc = ssh_string_fill(session_id, crypto->session_id, crypto->session_id_len);
if (rc < 0) {
SSH_STRING_FREE(session_id);
return NULL;
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 4c95286b..83bf4180 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1625,7 +1625,7 @@ static int pki_signature_from_rsa_blob(const ssh_key pubkey,
}
#ifdef DEBUG_CRYPTO
- SSH_LOG(SSH_LOG_WARN, "RSA signature len: %lu", (unsigned long)len);
+ SSH_LOG(SSH_LOG_DEBUG, "RSA signature len: %lu", (unsigned long)len);
ssh_log_hexdump("RSA signature", ssh_string_data(sig_blob), len);
#endif
diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c
index 720fe1de..52b298ee 100644
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -891,7 +891,7 @@ static ssh_signature pki_signature_from_rsa_blob(const ssh_key pubkey, const
goto errout;
}
#ifdef DEBUG_CRYPTO
- SSH_LOG(SSH_LOG_WARN, "RSA signature len: %lu", (unsigned long)len);
+ SSH_LOG(SSH_LOG_DEBUG, "RSA signature len: %lu", (unsigned long)len);
ssh_log_hexdump("RSA signature", ssh_string_data(sig_blob), len);
#endif
diff --git a/src/wrapper.c b/src/wrapper.c
index bbd4e4b2..0f65b1ae 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -187,7 +187,7 @@ void crypto_free(struct ssh_crypto_struct *crypto)
#endif
SAFE_FREE(crypto->dh_server_signature);
if (crypto->session_id != NULL) {
- explicit_bzero(crypto->session_id, crypto->digest_len);
+ explicit_bzero(crypto->session_id, crypto->session_id_len);
SAFE_FREE(crypto->session_id);
}
if (crypto->secret_hash != NULL) {