File: | src/usr.bin/ssh/ssh/../packet.c |
Warning: | line 1084, column 3 Value stored to 'len' is never read |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: packet.c,v 1.313 2023/12/18 14:45:17 djm Exp $ */ |
2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved |
6 | * This file contains code implementing the packet protocol and communication |
7 | * with the other side. This same code is used both on client and server side. |
8 | * |
9 | * As far as I am concerned, the code I have written for this software |
10 | * can be used freely for any purpose. Any derived versions of this |
11 | * software must be clearly marked as such, and if the derived work is |
12 | * incompatible with the protocol description in the RFC file, it must be |
13 | * called by a name other than "ssh" or "Secure Shell". |
14 | * |
15 | * |
16 | * SSH2 packet format added by Markus Friedl. |
17 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
18 | * |
19 | * Redistribution and use in source and binary forms, with or without |
20 | * modification, are permitted provided that the following conditions |
21 | * are met: |
22 | * 1. Redistributions of source code must retain the above copyright |
23 | * notice, this list of conditions and the following disclaimer. |
24 | * 2. Redistributions in binary form must reproduce the above copyright |
25 | * notice, this list of conditions and the following disclaimer in the |
26 | * documentation and/or other materials provided with the distribution. |
27 | * |
28 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
29 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
30 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
31 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
32 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
33 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
34 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
35 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
36 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
37 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
38 | */ |
39 | |
40 | #include <sys/types.h> |
41 | #include <sys/queue.h> |
42 | #include <sys/socket.h> |
43 | #include <sys/time.h> |
44 | #include <netinet/in.h> |
45 | #include <netinet/ip.h> |
46 | |
47 | #include <errno(*__errno()).h> |
48 | #include <netdb.h> |
49 | #include <stdarg.h> |
50 | #include <stdio.h> |
51 | #include <stdlib.h> |
52 | #include <string.h> |
53 | #include <unistd.h> |
54 | #include <limits.h> |
55 | #include <poll.h> |
56 | #include <signal.h> |
57 | #include <time.h> |
58 | |
59 | #ifdef WITH_ZLIB1 |
60 | #include <zlib.h> |
61 | #endif |
62 | |
63 | #include "xmalloc.h" |
64 | #include "compat.h" |
65 | #include "ssh2.h" |
66 | #include "cipher.h" |
67 | #include "sshkey.h" |
68 | #include "kex.h" |
69 | #include "digest.h" |
70 | #include "mac.h" |
71 | #include "log.h" |
72 | #include "canohost.h" |
73 | #include "misc.h" |
74 | #include "channels.h" |
75 | #include "ssh.h" |
76 | #include "packet.h" |
77 | #include "ssherr.h" |
78 | #include "sshbuf.h" |
79 | |
80 | #ifdef PACKET_DEBUG |
81 | #define DBG(x) x |
82 | #else |
83 | #define DBG(x) |
84 | #endif |
85 | |
86 | #define PACKET_MAX_SIZE(256 * 1024) (256 * 1024) |
87 | |
88 | struct packet_state { |
89 | u_int32_t seqnr; |
90 | u_int32_t packets; |
91 | u_int64_t blocks; |
92 | u_int64_t bytes; |
93 | }; |
94 | |
95 | struct packet { |
96 | TAILQ_ENTRY(packet)struct { struct packet *tqe_next; struct packet **tqe_prev; } next; |
97 | u_char type; |
98 | struct sshbuf *payload; |
99 | }; |
100 | |
101 | struct session_state { |
102 | /* |
103 | * This variable contains the file descriptors used for |
104 | * communicating with the other side. connection_in is used for |
105 | * reading; connection_out for writing. These can be the same |
106 | * descriptor, in which case it is assumed to be a socket. |
107 | */ |
108 | int connection_in; |
109 | int connection_out; |
110 | |
111 | /* Protocol flags for the remote side. */ |
112 | u_int remote_protocol_flags; |
113 | |
114 | /* Encryption context for receiving data. Only used for decryption. */ |
115 | struct sshcipher_ctx *receive_context; |
116 | |
117 | /* Encryption context for sending data. Only used for encryption. */ |
118 | struct sshcipher_ctx *send_context; |
119 | |
120 | /* Buffer for raw input data from the socket. */ |
121 | struct sshbuf *input; |
122 | |
123 | /* Buffer for raw output data going to the socket. */ |
124 | struct sshbuf *output; |
125 | |
126 | /* Buffer for the partial outgoing packet being constructed. */ |
127 | struct sshbuf *outgoing_packet; |
128 | |
129 | /* Buffer for the incoming packet currently being processed. */ |
130 | struct sshbuf *incoming_packet; |
131 | |
132 | /* Scratch buffer for packet compression/decompression. */ |
133 | struct sshbuf *compression_buffer; |
134 | |
135 | #ifdef WITH_ZLIB1 |
136 | /* Incoming/outgoing compression dictionaries */ |
137 | z_stream compression_in_stream; |
138 | z_stream compression_out_stream; |
139 | #endif |
140 | int compression_in_started; |
141 | int compression_out_started; |
142 | int compression_in_failures; |
143 | int compression_out_failures; |
144 | |
145 | /* default maximum packet size */ |
146 | u_int max_packet_size; |
147 | |
148 | /* Flag indicating whether this module has been initialized. */ |
149 | int initialized; |
150 | |
151 | /* Set to true if the connection is interactive. */ |
152 | int interactive_mode; |
153 | |
154 | /* Set to true if we are the server side. */ |
155 | int server_side; |
156 | |
157 | /* Set to true if we are authenticated. */ |
158 | int after_authentication; |
159 | |
160 | int keep_alive_timeouts; |
161 | |
162 | /* The maximum time that we will wait to send or receive a packet */ |
163 | int packet_timeout_ms; |
164 | |
165 | /* Session key information for Encryption and MAC */ |
166 | struct newkeys *newkeys[MODE_MAX]; |
167 | struct packet_state p_read, p_send; |
168 | |
169 | /* Volume-based rekeying */ |
170 | u_int64_t max_blocks_in, max_blocks_out, rekey_limit; |
171 | |
172 | /* Time-based rekeying */ |
173 | u_int32_t rekey_interval; /* how often in seconds */ |
174 | time_t rekey_time; /* time of last rekeying */ |
175 | |
176 | /* roundup current message to extra_pad bytes */ |
177 | u_char extra_pad; |
178 | |
179 | /* XXX discard incoming data after MAC error */ |
180 | u_int packet_discard; |
181 | size_t packet_discard_mac_already; |
182 | struct sshmac *packet_discard_mac; |
183 | |
184 | /* Used in packet_read_poll2() */ |
185 | u_int packlen; |
186 | |
187 | /* Used in packet_send2 */ |
188 | int rekeying; |
189 | |
190 | /* Used in ssh_packet_send_mux() */ |
191 | int mux; |
192 | |
193 | /* Used in packet_set_interactive */ |
194 | int set_interactive_called; |
195 | |
196 | /* Used in packet_set_maxsize */ |
197 | int set_maxsize_called; |
198 | |
199 | /* One-off warning about weak ciphers */ |
200 | int cipher_warning_done; |
201 | |
202 | /* Hook for fuzzing inbound packets */ |
203 | ssh_packet_hook_fn *hook_in; |
204 | void *hook_in_ctx; |
205 | |
206 | TAILQ_HEAD(, packet)struct { struct packet *tqh_first; struct packet **tqh_last; } outgoing; |
207 | }; |
208 | |
209 | struct ssh * |
210 | ssh_alloc_session_state(void) |
211 | { |
212 | struct ssh *ssh = NULL((void *)0); |
213 | struct session_state *state = NULL((void *)0); |
214 | |
215 | if ((ssh = calloc(1, sizeof(*ssh))) == NULL((void *)0) || |
216 | (state = calloc(1, sizeof(*state))) == NULL((void *)0) || |
217 | (ssh->kex = kex_new()) == NULL((void *)0) || |
218 | (state->input = sshbuf_new()) == NULL((void *)0) || |
219 | (state->output = sshbuf_new()) == NULL((void *)0) || |
220 | (state->outgoing_packet = sshbuf_new()) == NULL((void *)0) || |
221 | (state->incoming_packet = sshbuf_new()) == NULL((void *)0)) |
222 | goto fail; |
223 | TAILQ_INIT(&state->outgoing)do { (&state->outgoing)->tqh_first = ((void *)0); ( &state->outgoing)->tqh_last = &(&state-> outgoing)->tqh_first; } while (0); |
224 | TAILQ_INIT(&ssh->private_keys)do { (&ssh->private_keys)->tqh_first = ((void *)0); (&ssh->private_keys)->tqh_last = &(&ssh-> private_keys)->tqh_first; } while (0); |
225 | TAILQ_INIT(&ssh->public_keys)do { (&ssh->public_keys)->tqh_first = ((void *)0); ( &ssh->public_keys)->tqh_last = &(&ssh->public_keys )->tqh_first; } while (0); |
226 | state->connection_in = -1; |
227 | state->connection_out = -1; |
228 | state->max_packet_size = 32768; |
229 | state->packet_timeout_ms = -1; |
230 | state->p_send.packets = state->p_read.packets = 0; |
231 | state->initialized = 1; |
232 | /* |
233 | * ssh_packet_send2() needs to queue packets until |
234 | * we've done the initial key exchange. |
235 | */ |
236 | state->rekeying = 1; |
237 | ssh->state = state; |
238 | return ssh; |
239 | fail: |
240 | if (ssh) { |
241 | kex_free(ssh->kex); |
242 | free(ssh); |
243 | } |
244 | if (state) { |
245 | sshbuf_free(state->input); |
246 | sshbuf_free(state->output); |
247 | sshbuf_free(state->incoming_packet); |
248 | sshbuf_free(state->outgoing_packet); |
249 | free(state); |
250 | } |
251 | return NULL((void *)0); |
252 | } |
253 | |
254 | void |
255 | ssh_packet_set_input_hook(struct ssh *ssh, ssh_packet_hook_fn *hook, void *ctx) |
256 | { |
257 | ssh->state->hook_in = hook; |
258 | ssh->state->hook_in_ctx = ctx; |
259 | } |
260 | |
261 | /* Returns nonzero if rekeying is in progress */ |
262 | int |
263 | ssh_packet_is_rekeying(struct ssh *ssh) |
264 | { |
265 | return ssh->state->rekeying || |
266 | (ssh->kex != NULL((void *)0) && ssh->kex->done == 0); |
267 | } |
268 | |
269 | /* |
270 | * Sets the descriptors used for communication. |
271 | */ |
272 | struct ssh * |
273 | ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out) |
274 | { |
275 | struct session_state *state; |
276 | const struct sshcipher *none = cipher_by_name("none"); |
277 | int r; |
278 | |
279 | if (none == NULL((void *)0)) { |
280 | error_f("cannot load cipher 'none'")sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 280, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "cannot load cipher 'none'" ); |
281 | return NULL((void *)0); |
282 | } |
283 | if (ssh == NULL((void *)0)) |
284 | ssh = ssh_alloc_session_state(); |
285 | if (ssh == NULL((void *)0)) { |
286 | error_f("could not allocate state")sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 286, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "could not allocate state" ); |
287 | return NULL((void *)0); |
288 | } |
289 | state = ssh->state; |
290 | state->connection_in = fd_in; |
291 | state->connection_out = fd_out; |
292 | if ((r = cipher_init(&state->send_context, none, |
293 | (const u_char *)"", 0, NULL((void *)0), 0, CIPHER_ENCRYPT1)) != 0 || |
294 | (r = cipher_init(&state->receive_context, none, |
295 | (const u_char *)"", 0, NULL((void *)0), 0, CIPHER_DECRYPT0)) != 0) { |
296 | error_fr(r, "cipher_init failed")sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 296, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "cipher_init failed"); |
297 | free(ssh); /* XXX need ssh_free_session_state? */ |
298 | return NULL((void *)0); |
299 | } |
300 | state->newkeys[MODE_IN] = state->newkeys[MODE_OUT] = NULL((void *)0); |
301 | /* |
302 | * Cache the IP address of the remote connection for use in error |
303 | * messages that might be generated after the connection has closed. |
304 | */ |
305 | (void)ssh_remote_ipaddr(ssh); |
306 | return ssh; |
307 | } |
308 | |
309 | void |
310 | ssh_packet_set_timeout(struct ssh *ssh, int timeout, int count) |
311 | { |
312 | struct session_state *state = ssh->state; |
313 | |
314 | if (timeout <= 0 || count <= 0) { |
315 | state->packet_timeout_ms = -1; |
316 | return; |
317 | } |
318 | if ((INT_MAX0x7fffffff / 1000) / count < timeout) |
319 | state->packet_timeout_ms = INT_MAX0x7fffffff; |
320 | else |
321 | state->packet_timeout_ms = timeout * count * 1000; |
322 | } |
323 | |
324 | void |
325 | ssh_packet_set_mux(struct ssh *ssh) |
326 | { |
327 | ssh->state->mux = 1; |
328 | ssh->state->rekeying = 0; |
329 | kex_free(ssh->kex); |
330 | ssh->kex = NULL((void *)0); |
331 | } |
332 | |
333 | int |
334 | ssh_packet_get_mux(struct ssh *ssh) |
335 | { |
336 | return ssh->state->mux; |
337 | } |
338 | |
339 | int |
340 | ssh_packet_set_log_preamble(struct ssh *ssh, const char *fmt, ...) |
341 | { |
342 | va_list args; |
343 | int r; |
344 | |
345 | free(ssh->log_preamble); |
346 | if (fmt == NULL((void *)0)) |
347 | ssh->log_preamble = NULL((void *)0); |
348 | else { |
349 | va_start(args, fmt)__builtin_va_start((args), fmt); |
350 | r = vasprintf(&ssh->log_preamble, fmt, args); |
351 | va_end(args)__builtin_va_end((args)); |
352 | if (r < 0 || ssh->log_preamble == NULL((void *)0)) |
353 | return SSH_ERR_ALLOC_FAIL-2; |
354 | } |
355 | return 0; |
356 | } |
357 | |
358 | int |
359 | ssh_packet_stop_discard(struct ssh *ssh) |
360 | { |
361 | struct session_state *state = ssh->state; |
362 | int r; |
363 | |
364 | if (state->packet_discard_mac) { |
365 | char buf[1024]; |
366 | size_t dlen = PACKET_MAX_SIZE(256 * 1024); |
367 | |
368 | if (dlen > state->packet_discard_mac_already) |
369 | dlen -= state->packet_discard_mac_already; |
370 | memset(buf, 'a', sizeof(buf)); |
371 | while (sshbuf_len(state->incoming_packet) < dlen) |
372 | if ((r = sshbuf_put(state->incoming_packet, buf, |
373 | sizeof(buf))) != 0) |
374 | return r; |
375 | (void) mac_compute(state->packet_discard_mac, |
376 | state->p_read.seqnr, |
377 | sshbuf_ptr(state->incoming_packet), dlen, |
378 | NULL((void *)0), 0); |
379 | } |
380 | logit("Finished discarding for %.200s port %d",sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 381, 0, SYSLOG_LEVEL_INFO, ((void *)0), "Finished discarding for %.200s port %d" , ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)) |
381 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh))sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 381, 0, SYSLOG_LEVEL_INFO, ((void *)0), "Finished discarding for %.200s port %d" , ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); |
382 | return SSH_ERR_MAC_INVALID-30; |
383 | } |
384 | |
385 | static int |
386 | ssh_packet_start_discard(struct ssh *ssh, struct sshenc *enc, |
387 | struct sshmac *mac, size_t mac_already, u_int discard) |
388 | { |
389 | struct session_state *state = ssh->state; |
390 | int r; |
391 | |
392 | if (enc == NULL((void *)0) || !cipher_is_cbc(enc->cipher) || (mac && mac->etm)) { |
393 | if ((r = sshpkt_disconnect(ssh, "Packet corrupt")) != 0) |
394 | return r; |
395 | return SSH_ERR_MAC_INVALID-30; |
396 | } |
397 | /* |
398 | * Record number of bytes over which the mac has already |
399 | * been computed in order to minimize timing attacks. |
400 | */ |
401 | if (mac && mac->enabled) { |
402 | state->packet_discard_mac = mac; |
403 | state->packet_discard_mac_already = mac_already; |
404 | } |
405 | if (sshbuf_len(state->input) >= discard) |
406 | return ssh_packet_stop_discard(ssh); |
407 | state->packet_discard = discard - sshbuf_len(state->input); |
408 | return 0; |
409 | } |
410 | |
411 | /* Returns 1 if remote host is connected via socket, 0 if not. */ |
412 | |
413 | int |
414 | ssh_packet_connection_is_on_socket(struct ssh *ssh) |
415 | { |
416 | struct session_state *state; |
417 | struct sockaddr_storage from, to; |
418 | socklen_t fromlen, tolen; |
419 | |
420 | if (ssh == NULL((void *)0) || ssh->state == NULL((void *)0)) |
421 | return 0; |
422 | |
423 | state = ssh->state; |
424 | if (state->connection_in == -1 || state->connection_out == -1) |
425 | return 0; |
426 | /* filedescriptors in and out are the same, so it's a socket */ |
427 | if (state->connection_in == state->connection_out) |
428 | return 1; |
429 | fromlen = sizeof(from); |
430 | memset(&from, 0, sizeof(from)); |
431 | if (getpeername(state->connection_in, (struct sockaddr *)&from, |
432 | &fromlen) == -1) |
433 | return 0; |
434 | tolen = sizeof(to); |
435 | memset(&to, 0, sizeof(to)); |
436 | if (getpeername(state->connection_out, (struct sockaddr *)&to, |
437 | &tolen) == -1) |
438 | return 0; |
439 | if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0) |
440 | return 0; |
441 | if (from.ss_family != AF_INET2 && from.ss_family != AF_INET624) |
442 | return 0; |
443 | return 1; |
444 | } |
445 | |
446 | void |
447 | ssh_packet_get_bytes(struct ssh *ssh, u_int64_t *ibytes, u_int64_t *obytes) |
448 | { |
449 | if (ibytes) |
450 | *ibytes = ssh->state->p_read.bytes; |
451 | if (obytes) |
452 | *obytes = ssh->state->p_send.bytes; |
453 | } |
454 | |
455 | int |
456 | ssh_packet_connection_af(struct ssh *ssh) |
457 | { |
458 | return get_sock_af(ssh->state->connection_out); |
459 | } |
460 | |
461 | /* Sets the connection into non-blocking mode. */ |
462 | |
463 | void |
464 | ssh_packet_set_nonblocking(struct ssh *ssh) |
465 | { |
466 | /* Set the socket into non-blocking mode. */ |
467 | set_nonblock(ssh->state->connection_in); |
468 | |
469 | if (ssh->state->connection_out != ssh->state->connection_in) |
470 | set_nonblock(ssh->state->connection_out); |
471 | } |
472 | |
473 | /* Returns the socket used for reading. */ |
474 | |
475 | int |
476 | ssh_packet_get_connection_in(struct ssh *ssh) |
477 | { |
478 | return ssh->state->connection_in; |
479 | } |
480 | |
481 | /* Returns the descriptor used for writing. */ |
482 | |
483 | int |
484 | ssh_packet_get_connection_out(struct ssh *ssh) |
485 | { |
486 | return ssh->state->connection_out; |
487 | } |
488 | |
489 | /* |
490 | * Returns the IP-address of the remote host as a string. The returned |
491 | * string must not be freed. |
492 | */ |
493 | |
494 | const char * |
495 | ssh_remote_ipaddr(struct ssh *ssh) |
496 | { |
497 | int sock; |
498 | |
499 | /* Check whether we have cached the ipaddr. */ |
500 | if (ssh->remote_ipaddr == NULL((void *)0)) { |
501 | if (ssh_packet_connection_is_on_socket(ssh)) { |
502 | sock = ssh->state->connection_in; |
503 | ssh->remote_ipaddr = get_peer_ipaddr(sock); |
504 | ssh->remote_port = get_peer_port(sock); |
505 | ssh->local_ipaddr = get_local_ipaddr(sock); |
506 | ssh->local_port = get_local_port(sock); |
507 | } else { |
508 | ssh->remote_ipaddr = xstrdup("UNKNOWN"); |
509 | ssh->remote_port = 65535; |
510 | ssh->local_ipaddr = xstrdup("UNKNOWN"); |
511 | ssh->local_port = 65535; |
512 | } |
513 | } |
514 | return ssh->remote_ipaddr; |
515 | } |
516 | |
517 | /* Returns the port number of the remote host. */ |
518 | |
519 | int |
520 | ssh_remote_port(struct ssh *ssh) |
521 | { |
522 | (void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */ |
523 | return ssh->remote_port; |
524 | } |
525 | |
526 | /* |
527 | * Returns the IP-address of the local host as a string. The returned |
528 | * string must not be freed. |
529 | */ |
530 | |
531 | const char * |
532 | ssh_local_ipaddr(struct ssh *ssh) |
533 | { |
534 | (void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */ |
535 | return ssh->local_ipaddr; |
536 | } |
537 | |
538 | /* Returns the port number of the local host. */ |
539 | |
540 | int |
541 | ssh_local_port(struct ssh *ssh) |
542 | { |
543 | (void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */ |
544 | return ssh->local_port; |
545 | } |
546 | |
547 | /* Returns the routing domain of the input socket, or NULL if unavailable */ |
548 | const char * |
549 | ssh_packet_rdomain_in(struct ssh *ssh) |
550 | { |
551 | if (ssh->rdomain_in != NULL((void *)0)) |
552 | return ssh->rdomain_in; |
553 | if (!ssh_packet_connection_is_on_socket(ssh)) |
554 | return NULL((void *)0); |
555 | ssh->rdomain_in = get_rdomain(ssh->state->connection_in); |
556 | return ssh->rdomain_in; |
557 | } |
558 | |
559 | /* Closes the connection and clears and frees internal data structures. */ |
560 | |
561 | static void |
562 | ssh_packet_close_internal(struct ssh *ssh, int do_close) |
563 | { |
564 | struct session_state *state = ssh->state; |
565 | u_int mode; |
566 | |
567 | if (!state->initialized) |
568 | return; |
569 | state->initialized = 0; |
570 | if (do_close) { |
571 | if (state->connection_in == state->connection_out) { |
572 | close(state->connection_out); |
573 | } else { |
574 | close(state->connection_in); |
575 | close(state->connection_out); |
576 | } |
577 | } |
578 | sshbuf_free(state->input); |
579 | sshbuf_free(state->output); |
580 | sshbuf_free(state->outgoing_packet); |
581 | sshbuf_free(state->incoming_packet); |
582 | for (mode = 0; mode < MODE_MAX; mode++) { |
583 | kex_free_newkeys(state->newkeys[mode]); /* current keys */ |
584 | state->newkeys[mode] = NULL((void *)0); |
585 | ssh_clear_newkeys(ssh, mode); /* next keys */ |
586 | } |
587 | #ifdef WITH_ZLIB1 |
588 | /* compression state is in shared mem, so we can only release it once */ |
589 | if (do_close && state->compression_buffer) { |
590 | sshbuf_free(state->compression_buffer); |
591 | if (state->compression_out_started) { |
592 | z_streamp stream = &state->compression_out_stream; |
593 | debug("compress outgoing: "sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 598, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "compress outgoing: " "raw data %llu, compressed %llu, factor %.2f" , (unsigned long long)stream->total_in, (unsigned long long )stream->total_out, stream->total_in == 0 ? 0.0 : (double ) stream->total_out / stream->total_in) |
594 | "raw data %llu, compressed %llu, factor %.2f",sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 598, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "compress outgoing: " "raw data %llu, compressed %llu, factor %.2f" , (unsigned long long)stream->total_in, (unsigned long long )stream->total_out, stream->total_in == 0 ? 0.0 : (double ) stream->total_out / stream->total_in) |
595 | (unsigned long long)stream->total_in,sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 598, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "compress outgoing: " "raw data %llu, compressed %llu, factor %.2f" , (unsigned long long)stream->total_in, (unsigned long long )stream->total_out, stream->total_in == 0 ? 0.0 : (double ) stream->total_out / stream->total_in) |
596 | (unsigned long long)stream->total_out,sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 598, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "compress outgoing: " "raw data %llu, compressed %llu, factor %.2f" , (unsigned long long)stream->total_in, (unsigned long long )stream->total_out, stream->total_in == 0 ? 0.0 : (double ) stream->total_out / stream->total_in) |
597 | stream->total_in == 0 ? 0.0 :sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 598, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "compress outgoing: " "raw data %llu, compressed %llu, factor %.2f" , (unsigned long long)stream->total_in, (unsigned long long )stream->total_out, stream->total_in == 0 ? 0.0 : (double ) stream->total_out / stream->total_in) |
598 | (double) stream->total_out / stream->total_in)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 598, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "compress outgoing: " "raw data %llu, compressed %llu, factor %.2f" , (unsigned long long)stream->total_in, (unsigned long long )stream->total_out, stream->total_in == 0 ? 0.0 : (double ) stream->total_out / stream->total_in); |
599 | if (state->compression_out_failures == 0) |
600 | deflateEnd(stream); |
601 | } |
602 | if (state->compression_in_started) { |
603 | z_streamp stream = &state->compression_in_stream; |
604 | debug("compress incoming: "sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 609, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "compress incoming: " "raw data %llu, compressed %llu, factor %.2f" , (unsigned long long)stream->total_out, (unsigned long long )stream->total_in, stream->total_out == 0 ? 0.0 : (double ) stream->total_in / stream->total_out) |
605 | "raw data %llu, compressed %llu, factor %.2f",sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 609, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "compress incoming: " "raw data %llu, compressed %llu, factor %.2f" , (unsigned long long)stream->total_out, (unsigned long long )stream->total_in, stream->total_out == 0 ? 0.0 : (double ) stream->total_in / stream->total_out) |
606 | (unsigned long long)stream->total_out,sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 609, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "compress incoming: " "raw data %llu, compressed %llu, factor %.2f" , (unsigned long long)stream->total_out, (unsigned long long )stream->total_in, stream->total_out == 0 ? 0.0 : (double ) stream->total_in / stream->total_out) |
607 | (unsigned long long)stream->total_in,sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 609, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "compress incoming: " "raw data %llu, compressed %llu, factor %.2f" , (unsigned long long)stream->total_out, (unsigned long long )stream->total_in, stream->total_out == 0 ? 0.0 : (double ) stream->total_in / stream->total_out) |
608 | stream->total_out == 0 ? 0.0 :sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 609, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "compress incoming: " "raw data %llu, compressed %llu, factor %.2f" , (unsigned long long)stream->total_out, (unsigned long long )stream->total_in, stream->total_out == 0 ? 0.0 : (double ) stream->total_in / stream->total_out) |
609 | (double) stream->total_in / stream->total_out)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 609, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "compress incoming: " "raw data %llu, compressed %llu, factor %.2f" , (unsigned long long)stream->total_out, (unsigned long long )stream->total_in, stream->total_out == 0 ? 0.0 : (double ) stream->total_in / stream->total_out); |
610 | if (state->compression_in_failures == 0) |
611 | inflateEnd(stream); |
612 | } |
613 | } |
614 | #endif /* WITH_ZLIB */ |
615 | cipher_free(state->send_context); |
616 | cipher_free(state->receive_context); |
617 | state->send_context = state->receive_context = NULL((void *)0); |
618 | if (do_close) { |
619 | free(ssh->local_ipaddr); |
620 | ssh->local_ipaddr = NULL((void *)0); |
621 | free(ssh->remote_ipaddr); |
622 | ssh->remote_ipaddr = NULL((void *)0); |
623 | free(ssh->state); |
624 | ssh->state = NULL((void *)0); |
625 | kex_free(ssh->kex); |
626 | ssh->kex = NULL((void *)0); |
627 | } |
628 | } |
629 | |
630 | void |
631 | ssh_packet_close(struct ssh *ssh) |
632 | { |
633 | ssh_packet_close_internal(ssh, 1); |
634 | } |
635 | |
636 | void |
637 | ssh_packet_clear_keys(struct ssh *ssh) |
638 | { |
639 | ssh_packet_close_internal(ssh, 0); |
640 | } |
641 | |
642 | /* Sets remote side protocol flags. */ |
643 | |
644 | void |
645 | ssh_packet_set_protocol_flags(struct ssh *ssh, u_int protocol_flags) |
646 | { |
647 | ssh->state->remote_protocol_flags = protocol_flags; |
648 | } |
649 | |
650 | /* Returns the remote protocol flags set earlier by the above function. */ |
651 | |
652 | u_int |
653 | ssh_packet_get_protocol_flags(struct ssh *ssh) |
654 | { |
655 | return ssh->state->remote_protocol_flags; |
656 | } |
657 | |
658 | /* |
659 | * Starts packet compression from the next packet on in both directions. |
660 | * Level is compression level 1 (fastest) - 9 (slow, best) as in gzip. |
661 | */ |
662 | |
663 | static int |
664 | ssh_packet_init_compression(struct ssh *ssh) |
665 | { |
666 | if (!ssh->state->compression_buffer && |
667 | ((ssh->state->compression_buffer = sshbuf_new()) == NULL((void *)0))) |
668 | return SSH_ERR_ALLOC_FAIL-2; |
669 | return 0; |
670 | } |
671 | |
672 | #ifdef WITH_ZLIB1 |
673 | static int |
674 | start_compression_out(struct ssh *ssh, int level) |
675 | { |
676 | if (level < 1 || level > 9) |
677 | return SSH_ERR_INVALID_ARGUMENT-10; |
678 | debug("Enabling compression at level %d.", level)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 678, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Enabling compression at level %d." , level); |
679 | if (ssh->state->compression_out_started == 1) |
680 | deflateEnd(&ssh->state->compression_out_stream); |
681 | switch (deflateInit(&ssh->state->compression_out_stream, level)deflateInit_((&ssh->state->compression_out_stream), (level), "1.3.0.1-motley", (int)sizeof(z_stream))) { |
682 | case Z_OK0: |
683 | ssh->state->compression_out_started = 1; |
684 | break; |
685 | case Z_MEM_ERROR(-4): |
686 | return SSH_ERR_ALLOC_FAIL-2; |
687 | default: |
688 | return SSH_ERR_INTERNAL_ERROR-1; |
689 | } |
690 | return 0; |
691 | } |
692 | |
693 | static int |
694 | start_compression_in(struct ssh *ssh) |
695 | { |
696 | if (ssh->state->compression_in_started == 1) |
697 | inflateEnd(&ssh->state->compression_in_stream); |
698 | switch (inflateInit(&ssh->state->compression_in_stream)inflateInit_((&ssh->state->compression_in_stream), "1.3.0.1-motley" , (int)sizeof(z_stream))) { |
699 | case Z_OK0: |
700 | ssh->state->compression_in_started = 1; |
701 | break; |
702 | case Z_MEM_ERROR(-4): |
703 | return SSH_ERR_ALLOC_FAIL-2; |
704 | default: |
705 | return SSH_ERR_INTERNAL_ERROR-1; |
706 | } |
707 | return 0; |
708 | } |
709 | |
710 | /* XXX remove need for separate compression buffer */ |
711 | static int |
712 | compress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) |
713 | { |
714 | u_char buf[4096]; |
715 | int r, status; |
716 | |
717 | if (ssh->state->compression_out_started != 1) |
718 | return SSH_ERR_INTERNAL_ERROR-1; |
719 | |
720 | /* This case is not handled below. */ |
721 | if (sshbuf_len(in) == 0) |
722 | return 0; |
723 | |
724 | /* Input is the contents of the input buffer. */ |
725 | if ((ssh->state->compression_out_stream.next_in = |
726 | sshbuf_mutable_ptr(in)) == NULL((void *)0)) |
727 | return SSH_ERR_INTERNAL_ERROR-1; |
728 | ssh->state->compression_out_stream.avail_in = sshbuf_len(in); |
729 | |
730 | /* Loop compressing until deflate() returns with avail_out != 0. */ |
731 | do { |
732 | /* Set up fixed-size output buffer. */ |
733 | ssh->state->compression_out_stream.next_out = buf; |
734 | ssh->state->compression_out_stream.avail_out = sizeof(buf); |
735 | |
736 | /* Compress as much data into the buffer as possible. */ |
737 | status = deflate(&ssh->state->compression_out_stream, |
738 | Z_PARTIAL_FLUSH1); |
739 | switch (status) { |
740 | case Z_MEM_ERROR(-4): |
741 | return SSH_ERR_ALLOC_FAIL-2; |
742 | case Z_OK0: |
743 | /* Append compressed data to output_buffer. */ |
744 | if ((r = sshbuf_put(out, buf, sizeof(buf) - |
745 | ssh->state->compression_out_stream.avail_out)) != 0) |
746 | return r; |
747 | break; |
748 | case Z_STREAM_ERROR(-2): |
749 | default: |
750 | ssh->state->compression_out_failures++; |
751 | return SSH_ERR_INVALID_FORMAT-4; |
752 | } |
753 | } while (ssh->state->compression_out_stream.avail_out == 0); |
754 | return 0; |
755 | } |
756 | |
757 | static int |
758 | uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) |
759 | { |
760 | u_char buf[4096]; |
761 | int r, status; |
762 | |
763 | if (ssh->state->compression_in_started != 1) |
764 | return SSH_ERR_INTERNAL_ERROR-1; |
765 | |
766 | if ((ssh->state->compression_in_stream.next_in = |
767 | sshbuf_mutable_ptr(in)) == NULL((void *)0)) |
768 | return SSH_ERR_INTERNAL_ERROR-1; |
769 | ssh->state->compression_in_stream.avail_in = sshbuf_len(in); |
770 | |
771 | for (;;) { |
772 | /* Set up fixed-size output buffer. */ |
773 | ssh->state->compression_in_stream.next_out = buf; |
774 | ssh->state->compression_in_stream.avail_out = sizeof(buf); |
775 | |
776 | status = inflate(&ssh->state->compression_in_stream, |
777 | Z_SYNC_FLUSH2); |
778 | switch (status) { |
779 | case Z_OK0: |
780 | if ((r = sshbuf_put(out, buf, sizeof(buf) - |
781 | ssh->state->compression_in_stream.avail_out)) != 0) |
782 | return r; |
783 | break; |
784 | case Z_BUF_ERROR(-5): |
785 | /* |
786 | * Comments in zlib.h say that we should keep calling |
787 | * inflate() until we get an error. This appears to |
788 | * be the error that we get. |
789 | */ |
790 | return 0; |
791 | case Z_DATA_ERROR(-3): |
792 | return SSH_ERR_INVALID_FORMAT-4; |
793 | case Z_MEM_ERROR(-4): |
794 | return SSH_ERR_ALLOC_FAIL-2; |
795 | case Z_STREAM_ERROR(-2): |
796 | default: |
797 | ssh->state->compression_in_failures++; |
798 | return SSH_ERR_INTERNAL_ERROR-1; |
799 | } |
800 | } |
801 | /* NOTREACHED */ |
802 | } |
803 | |
804 | #else /* WITH_ZLIB */ |
805 | |
806 | static int |
807 | start_compression_out(struct ssh *ssh, int level) |
808 | { |
809 | return SSH_ERR_INTERNAL_ERROR-1; |
810 | } |
811 | |
812 | static int |
813 | start_compression_in(struct ssh *ssh) |
814 | { |
815 | return SSH_ERR_INTERNAL_ERROR-1; |
816 | } |
817 | |
818 | static int |
819 | compress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) |
820 | { |
821 | return SSH_ERR_INTERNAL_ERROR-1; |
822 | } |
823 | |
824 | static int |
825 | uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) |
826 | { |
827 | return SSH_ERR_INTERNAL_ERROR-1; |
828 | } |
829 | #endif /* WITH_ZLIB */ |
830 | |
831 | void |
832 | ssh_clear_newkeys(struct ssh *ssh, int mode) |
833 | { |
834 | if (ssh->kex && ssh->kex->newkeys[mode]) { |
835 | kex_free_newkeys(ssh->kex->newkeys[mode]); |
836 | ssh->kex->newkeys[mode] = NULL((void *)0); |
837 | } |
838 | } |
839 | |
840 | int |
841 | ssh_set_newkeys(struct ssh *ssh, int mode) |
842 | { |
843 | struct session_state *state = ssh->state; |
844 | struct sshenc *enc; |
845 | struct sshmac *mac; |
846 | struct sshcomp *comp; |
847 | struct sshcipher_ctx **ccp; |
848 | struct packet_state *ps; |
849 | u_int64_t *max_blocks; |
850 | const char *wmsg; |
851 | int r, crypt_type; |
852 | const char *dir = mode == MODE_OUT ? "out" : "in"; |
853 | |
854 | debug2_f("mode %d", mode)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 854, 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "mode %d", mode); |
855 | |
856 | if (mode == MODE_OUT) { |
857 | ccp = &state->send_context; |
858 | crypt_type = CIPHER_ENCRYPT1; |
859 | ps = &state->p_send; |
860 | max_blocks = &state->max_blocks_out; |
861 | } else { |
862 | ccp = &state->receive_context; |
863 | crypt_type = CIPHER_DECRYPT0; |
864 | ps = &state->p_read; |
865 | max_blocks = &state->max_blocks_in; |
866 | } |
867 | if (state->newkeys[mode] != NULL((void *)0)) { |
868 | debug_f("rekeying %s, input %llu bytes %llu blocks, "sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 873, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "rekeying %s, input %llu bytes %llu blocks, " "output %llu bytes %llu blocks", dir, (unsigned long long)state ->p_read.bytes, (unsigned long long)state->p_read.blocks , (unsigned long long)state->p_send.bytes, (unsigned long long )state->p_send.blocks) |
869 | "output %llu bytes %llu blocks", dir,sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 873, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "rekeying %s, input %llu bytes %llu blocks, " "output %llu bytes %llu blocks", dir, (unsigned long long)state ->p_read.bytes, (unsigned long long)state->p_read.blocks , (unsigned long long)state->p_send.bytes, (unsigned long long )state->p_send.blocks) |
870 | (unsigned long long)state->p_read.bytes,sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 873, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "rekeying %s, input %llu bytes %llu blocks, " "output %llu bytes %llu blocks", dir, (unsigned long long)state ->p_read.bytes, (unsigned long long)state->p_read.blocks , (unsigned long long)state->p_send.bytes, (unsigned long long )state->p_send.blocks) |
871 | (unsigned long long)state->p_read.blocks,sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 873, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "rekeying %s, input %llu bytes %llu blocks, " "output %llu bytes %llu blocks", dir, (unsigned long long)state ->p_read.bytes, (unsigned long long)state->p_read.blocks , (unsigned long long)state->p_send.bytes, (unsigned long long )state->p_send.blocks) |
872 | (unsigned long long)state->p_send.bytes,sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 873, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "rekeying %s, input %llu bytes %llu blocks, " "output %llu bytes %llu blocks", dir, (unsigned long long)state ->p_read.bytes, (unsigned long long)state->p_read.blocks , (unsigned long long)state->p_send.bytes, (unsigned long long )state->p_send.blocks) |
873 | (unsigned long long)state->p_send.blocks)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 873, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "rekeying %s, input %llu bytes %llu blocks, " "output %llu bytes %llu blocks", dir, (unsigned long long)state ->p_read.bytes, (unsigned long long)state->p_read.blocks , (unsigned long long)state->p_send.bytes, (unsigned long long )state->p_send.blocks); |
874 | kex_free_newkeys(state->newkeys[mode]); |
875 | state->newkeys[mode] = NULL((void *)0); |
876 | } |
877 | /* note that both bytes and the seqnr are not reset */ |
878 | ps->packets = ps->blocks = 0; |
879 | /* move newkeys from kex to state */ |
880 | if ((state->newkeys[mode] = ssh->kex->newkeys[mode]) == NULL((void *)0)) |
881 | return SSH_ERR_INTERNAL_ERROR-1; |
882 | ssh->kex->newkeys[mode] = NULL((void *)0); |
883 | enc = &state->newkeys[mode]->enc; |
884 | mac = &state->newkeys[mode]->mac; |
885 | comp = &state->newkeys[mode]->comp; |
886 | if (cipher_authlen(enc->cipher) == 0) { |
887 | if ((r = mac_init(mac)) != 0) |
888 | return r; |
889 | } |
890 | mac->enabled = 1; |
891 | DBG(debug_f("cipher_init: %s", dir)); |
892 | cipher_free(*ccp); |
893 | *ccp = NULL((void *)0); |
894 | if ((r = cipher_init(ccp, enc->cipher, enc->key, enc->key_len, |
895 | enc->iv, enc->iv_len, crypt_type)) != 0) |
896 | return r; |
897 | if (!state->cipher_warning_done && |
898 | (wmsg = cipher_warning_message(*ccp)) != NULL((void *)0)) { |
899 | error("Warning: %s", wmsg)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 899, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Warning: %s", wmsg); |
900 | state->cipher_warning_done = 1; |
901 | } |
902 | /* Deleting the keys does not gain extra security */ |
903 | /* explicit_bzero(enc->iv, enc->block_size); |
904 | explicit_bzero(enc->key, enc->key_len); |
905 | explicit_bzero(mac->key, mac->key_len); */ |
906 | if ((comp->type == COMP_ZLIB1 || |
907 | (comp->type == COMP_DELAYED2 && |
908 | state->after_authentication)) && comp->enabled == 0) { |
909 | if ((r = ssh_packet_init_compression(ssh)) < 0) |
910 | return r; |
911 | if (mode == MODE_OUT) { |
912 | if ((r = start_compression_out(ssh, 6)) != 0) |
913 | return r; |
914 | } else { |
915 | if ((r = start_compression_in(ssh)) != 0) |
916 | return r; |
917 | } |
918 | comp->enabled = 1; |
919 | } |
920 | /* |
921 | * The 2^(blocksize*2) limit is too expensive for 3DES, |
922 | * so enforce a 1GB limit for small blocksizes. |
923 | * See RFC4344 section 3.2. |
924 | */ |
925 | if (enc->block_size >= 16) |
926 | *max_blocks = (u_int64_t)1 << (enc->block_size*2); |
927 | else |
928 | *max_blocks = ((u_int64_t)1 << 30) / enc->block_size; |
929 | if (state->rekey_limit) |
930 | *max_blocks = MINIMUM(*max_blocks,(((*max_blocks) < (state->rekey_limit / enc->block_size )) ? (*max_blocks) : (state->rekey_limit / enc->block_size )) |
931 | state->rekey_limit / enc->block_size)(((*max_blocks) < (state->rekey_limit / enc->block_size )) ? (*max_blocks) : (state->rekey_limit / enc->block_size )); |
932 | debug("rekey %s after %llu blocks", dir,sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 933, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "rekey %s after %llu blocks" , dir, (unsigned long long)*max_blocks) |
933 | (unsigned long long)*max_blocks)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 933, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "rekey %s after %llu blocks" , dir, (unsigned long long)*max_blocks); |
934 | return 0; |
935 | } |
936 | |
937 | #define MAX_PACKETS(1U<<31) (1U<<31) |
938 | static int |
939 | ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) |
940 | { |
941 | struct session_state *state = ssh->state; |
942 | u_int32_t out_blocks; |
943 | |
944 | /* XXX client can't cope with rekeying pre-auth */ |
945 | if (!state->after_authentication) |
946 | return 0; |
947 | |
948 | /* Haven't keyed yet or KEX in progress. */ |
949 | if (ssh_packet_is_rekeying(ssh)) |
950 | return 0; |
951 | |
952 | /* Peer can't rekey */ |
953 | if (ssh->compat & SSH_BUG_NOREKEY0x00008000) |
954 | return 0; |
955 | |
956 | /* |
957 | * Permit one packet in or out per rekey - this allows us to |
958 | * make progress when rekey limits are very small. |
959 | */ |
960 | if (state->p_send.packets == 0 && state->p_read.packets == 0) |
961 | return 0; |
962 | |
963 | /* Time-based rekeying */ |
964 | if (state->rekey_interval != 0 && |
965 | (int64_t)state->rekey_time + state->rekey_interval <= monotime()) |
966 | return 1; |
967 | |
968 | /* |
969 | * Always rekey when MAX_PACKETS sent in either direction |
970 | * As per RFC4344 section 3.1 we do this after 2^31 packets. |
971 | */ |
972 | if (state->p_send.packets > MAX_PACKETS(1U<<31) || |
973 | state->p_read.packets > MAX_PACKETS(1U<<31)) |
974 | return 1; |
975 | |
976 | /* Rekey after (cipher-specific) maximum blocks */ |
977 | out_blocks = ROUNDUP(outbound_packet_len,((((outbound_packet_len)+((state->newkeys[MODE_OUT]->enc .block_size)-1))/(state->newkeys[MODE_OUT]->enc.block_size ))*(state->newkeys[MODE_OUT]->enc.block_size)) |
978 | state->newkeys[MODE_OUT]->enc.block_size)((((outbound_packet_len)+((state->newkeys[MODE_OUT]->enc .block_size)-1))/(state->newkeys[MODE_OUT]->enc.block_size ))*(state->newkeys[MODE_OUT]->enc.block_size)); |
979 | return (state->max_blocks_out && |
980 | (state->p_send.blocks + out_blocks > state->max_blocks_out)) || |
981 | (state->max_blocks_in && |
982 | (state->p_read.blocks > state->max_blocks_in)); |
983 | } |
984 | |
985 | int |
986 | ssh_packet_check_rekey(struct ssh *ssh) |
987 | { |
988 | if (!ssh_packet_need_rekeying(ssh, 0)) |
989 | return 0; |
990 | debug3_f("rekex triggered")sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 990, 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "rekex triggered"); |
991 | return kex_start_rekex(ssh); |
992 | } |
993 | |
994 | /* |
995 | * Delayed compression for SSH2 is enabled after authentication: |
996 | * This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent, |
997 | * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received. |
998 | */ |
999 | static int |
1000 | ssh_packet_enable_delayed_compress(struct ssh *ssh) |
1001 | { |
1002 | struct session_state *state = ssh->state; |
1003 | struct sshcomp *comp = NULL((void *)0); |
1004 | int r, mode; |
1005 | |
1006 | /* |
1007 | * Remember that we are past the authentication step, so rekeying |
1008 | * with COMP_DELAYED will turn on compression immediately. |
1009 | */ |
1010 | state->after_authentication = 1; |
1011 | for (mode = 0; mode < MODE_MAX; mode++) { |
1012 | /* protocol error: USERAUTH_SUCCESS received before NEWKEYS */ |
1013 | if (state->newkeys[mode] == NULL((void *)0)) |
1014 | continue; |
1015 | comp = &state->newkeys[mode]->comp; |
1016 | if (comp && !comp->enabled && comp->type == COMP_DELAYED2) { |
1017 | if ((r = ssh_packet_init_compression(ssh)) != 0) |
1018 | return r; |
1019 | if (mode == MODE_OUT) { |
1020 | if ((r = start_compression_out(ssh, 6)) != 0) |
1021 | return r; |
1022 | } else { |
1023 | if ((r = start_compression_in(ssh)) != 0) |
1024 | return r; |
1025 | } |
1026 | comp->enabled = 1; |
1027 | } |
1028 | } |
1029 | return 0; |
1030 | } |
1031 | |
1032 | /* Used to mute debug logging for noisy packet types */ |
1033 | int |
1034 | ssh_packet_log_type(u_char type) |
1035 | { |
1036 | switch (type) { |
1037 | case SSH2_MSG_PING192: |
1038 | case SSH2_MSG_PONG193: |
1039 | case SSH2_MSG_CHANNEL_DATA94: |
1040 | case SSH2_MSG_CHANNEL_EXTENDED_DATA95: |
1041 | case SSH2_MSG_CHANNEL_WINDOW_ADJUST93: |
1042 | return 0; |
1043 | default: |
1044 | return 1; |
1045 | } |
1046 | } |
1047 | |
1048 | /* |
1049 | * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) |
1050 | */ |
1051 | int |
1052 | ssh_packet_send2_wrapped(struct ssh *ssh) |
1053 | { |
1054 | struct session_state *state = ssh->state; |
1055 | u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH64]; |
1056 | u_char tmp, padlen, pad = 0; |
1057 | u_int authlen = 0, aadlen = 0; |
1058 | u_int len; |
1059 | struct sshenc *enc = NULL((void *)0); |
1060 | struct sshmac *mac = NULL((void *)0); |
1061 | struct sshcomp *comp = NULL((void *)0); |
1062 | int r, block_size; |
1063 | |
1064 | if (state->newkeys[MODE_OUT] != NULL((void *)0)) { |
1065 | enc = &state->newkeys[MODE_OUT]->enc; |
1066 | mac = &state->newkeys[MODE_OUT]->mac; |
1067 | comp = &state->newkeys[MODE_OUT]->comp; |
1068 | /* disable mac for authenticated encryption */ |
1069 | if ((authlen = cipher_authlen(enc->cipher)) != 0) |
1070 | mac = NULL((void *)0); |
1071 | } |
1072 | block_size = enc ? enc->block_size : 8; |
1073 | aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0; |
1074 | |
1075 | type = (sshbuf_ptr(state->outgoing_packet))[5]; |
1076 | if (ssh_packet_log_type(type)) |
1077 | debug3("send packet: type %u", type)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1077 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "send packet: type %u" , type); |
1078 | #ifdef PACKET_DEBUG |
1079 | fprintf(stderr(&__sF[2]), "plain: "); |
1080 | sshbuf_dump(state->outgoing_packet, stderr(&__sF[2])); |
1081 | #endif |
1082 | |
1083 | if (comp && comp->enabled) { |
1084 | len = sshbuf_len(state->outgoing_packet); |
Value stored to 'len' is never read | |
1085 | /* skip header, compress only payload */ |
1086 | if ((r = sshbuf_consume(state->outgoing_packet, 5)) != 0) |
1087 | goto out; |
1088 | sshbuf_reset(state->compression_buffer); |
1089 | if ((r = compress_buffer(ssh, state->outgoing_packet, |
1090 | state->compression_buffer)) != 0) |
1091 | goto out; |
1092 | sshbuf_reset(state->outgoing_packet); |
1093 | if ((r = sshbuf_put(state->outgoing_packet, |
1094 | "\0\0\0\0\0", 5)) != 0 || |
1095 | (r = sshbuf_putb(state->outgoing_packet, |
1096 | state->compression_buffer)) != 0) |
1097 | goto out; |
1098 | DBG(debug("compression: raw %d compressed %zd", len, |
1099 | sshbuf_len(state->outgoing_packet))); |
1100 | } |
1101 | |
1102 | /* sizeof (packet_len + pad_len + payload) */ |
1103 | len = sshbuf_len(state->outgoing_packet); |
1104 | |
1105 | /* |
1106 | * calc size of padding, alloc space, get random data, |
1107 | * minimum padding is 4 bytes |
1108 | */ |
1109 | len -= aadlen; /* packet length is not encrypted for EtM modes */ |
1110 | padlen = block_size - (len % block_size); |
1111 | if (padlen < 4) |
1112 | padlen += block_size; |
1113 | if (state->extra_pad) { |
1114 | tmp = state->extra_pad; |
1115 | state->extra_pad = |
1116 | ROUNDUP(state->extra_pad, block_size)((((state->extra_pad)+((block_size)-1))/(block_size))*(block_size )); |
1117 | /* check if roundup overflowed */ |
1118 | if (state->extra_pad < tmp) |
1119 | return SSH_ERR_INVALID_ARGUMENT-10; |
1120 | tmp = (len + padlen) % state->extra_pad; |
1121 | /* Check whether pad calculation below will underflow */ |
1122 | if (tmp > state->extra_pad) |
1123 | return SSH_ERR_INVALID_ARGUMENT-10; |
1124 | pad = state->extra_pad - tmp; |
1125 | DBG(debug3_f("adding %d (len %d padlen %d extra_pad %d)", |
1126 | pad, len, padlen, state->extra_pad)); |
1127 | tmp = padlen; |
1128 | padlen += pad; |
1129 | /* Check whether padlen calculation overflowed */ |
1130 | if (padlen < tmp) |
1131 | return SSH_ERR_INVALID_ARGUMENT-10; /* overflow */ |
1132 | state->extra_pad = 0; |
1133 | } |
1134 | if ((r = sshbuf_reserve(state->outgoing_packet, padlen, &cp)) != 0) |
1135 | goto out; |
1136 | if (enc && !cipher_ctx_is_plaintext(state->send_context)) { |
1137 | /* random padding */ |
1138 | arc4random_buf(cp, padlen); |
1139 | } else { |
1140 | /* clear padding */ |
1141 | explicit_bzero(cp, padlen); |
1142 | } |
1143 | /* sizeof (packet_len + pad_len + payload + padding) */ |
1144 | len = sshbuf_len(state->outgoing_packet); |
1145 | cp = sshbuf_mutable_ptr(state->outgoing_packet); |
1146 | if (cp == NULL((void *)0)) { |
1147 | r = SSH_ERR_INTERNAL_ERROR-1; |
1148 | goto out; |
1149 | } |
1150 | /* packet_length includes payload, padding and padding length field */ |
1151 | POKE_U32(cp, len - 4)do { const u_int32_t __v = (len - 4); ((u_char *)(cp))[0] = ( __v >> 24) & 0xff; ((u_char *)(cp))[1] = (__v >> 16) & 0xff; ((u_char *)(cp))[2] = (__v >> 8) & 0xff; ((u_char *)(cp))[3] = __v & 0xff; } while (0); |
1152 | cp[4] = padlen; |
1153 | DBG(debug("send: len %d (includes padlen %d, aadlen %d)", |
1154 | len, padlen, aadlen)); |
1155 | |
1156 | /* compute MAC over seqnr and packet(length fields, payload, padding) */ |
1157 | if (mac && mac->enabled && !mac->etm) { |
1158 | if ((r = mac_compute(mac, state->p_send.seqnr, |
1159 | sshbuf_ptr(state->outgoing_packet), len, |
1160 | macbuf, sizeof(macbuf))) != 0) |
1161 | goto out; |
1162 | DBG(debug("done calc MAC out #%d", state->p_send.seqnr)); |
1163 | } |
1164 | /* encrypt packet and append to output buffer. */ |
1165 | if ((r = sshbuf_reserve(state->output, |
1166 | sshbuf_len(state->outgoing_packet) + authlen, &cp)) != 0) |
1167 | goto out; |
1168 | if ((r = cipher_crypt(state->send_context, state->p_send.seqnr, cp, |
1169 | sshbuf_ptr(state->outgoing_packet), |
1170 | len - aadlen, aadlen, authlen)) != 0) |
1171 | goto out; |
1172 | /* append unencrypted MAC */ |
1173 | if (mac && mac->enabled) { |
1174 | if (mac->etm) { |
1175 | /* EtM: compute mac over aadlen + cipher text */ |
1176 | if ((r = mac_compute(mac, state->p_send.seqnr, |
1177 | cp, len, macbuf, sizeof(macbuf))) != 0) |
1178 | goto out; |
1179 | DBG(debug("done calc MAC(EtM) out #%d", |
1180 | state->p_send.seqnr)); |
1181 | } |
1182 | if ((r = sshbuf_put(state->output, macbuf, mac->mac_len)) != 0) |
1183 | goto out; |
1184 | } |
1185 | #ifdef PACKET_DEBUG |
1186 | fprintf(stderr(&__sF[2]), "encrypted: "); |
1187 | sshbuf_dump(state->output, stderr(&__sF[2])); |
1188 | #endif |
1189 | /* increment sequence number for outgoing packets */ |
1190 | if (++state->p_send.seqnr == 0) { |
1191 | if ((ssh->kex->flags & KEX_INITIAL0x0002) != 0) { |
1192 | ssh_packet_disconnect(ssh, "outgoing sequence number " |
1193 | "wrapped during initial key exchange"); |
1194 | } |
1195 | logit("outgoing seqnr wraps around")sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1195 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "outgoing seqnr wraps around" ); |
1196 | } |
1197 | if (++state->p_send.packets == 0) |
1198 | if (!(ssh->compat & SSH_BUG_NOREKEY0x00008000)) |
1199 | return SSH_ERR_NEED_REKEY-39; |
1200 | state->p_send.blocks += len / block_size; |
1201 | state->p_send.bytes += len; |
1202 | sshbuf_reset(state->outgoing_packet); |
1203 | |
1204 | if (type == SSH2_MSG_NEWKEYS21 && ssh->kex->kex_strict) { |
1205 | debug_f("resetting send seqnr %u", state->p_send.seqnr)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1205 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "resetting send seqnr %u" , state->p_send.seqnr); |
1206 | state->p_send.seqnr = 0; |
1207 | } |
1208 | |
1209 | if (type == SSH2_MSG_NEWKEYS21) |
1210 | r = ssh_set_newkeys(ssh, MODE_OUT); |
1211 | else if (type == SSH2_MSG_USERAUTH_SUCCESS52 && state->server_side) |
1212 | r = ssh_packet_enable_delayed_compress(ssh); |
1213 | else |
1214 | r = 0; |
1215 | out: |
1216 | return r; |
1217 | } |
1218 | |
1219 | /* returns non-zero if the specified packet type is usec by KEX */ |
1220 | static int |
1221 | ssh_packet_type_is_kex(u_char type) |
1222 | { |
1223 | return |
1224 | type >= SSH2_MSG_TRANSPORT_MIN1 && |
1225 | type <= SSH2_MSG_TRANSPORT_MAX49 && |
1226 | type != SSH2_MSG_SERVICE_REQUEST5 && |
1227 | type != SSH2_MSG_SERVICE_ACCEPT6 && |
1228 | type != SSH2_MSG_EXT_INFO7; |
1229 | } |
1230 | |
1231 | int |
1232 | ssh_packet_send2(struct ssh *ssh) |
1233 | { |
1234 | struct session_state *state = ssh->state; |
1235 | struct packet *p; |
1236 | u_char type; |
1237 | int r, need_rekey; |
1238 | |
1239 | if (sshbuf_len(state->outgoing_packet) < 6) |
1240 | return SSH_ERR_INTERNAL_ERROR-1; |
1241 | type = sshbuf_ptr(state->outgoing_packet)[5]; |
1242 | need_rekey = !ssh_packet_type_is_kex(type) && |
1243 | ssh_packet_need_rekeying(ssh, sshbuf_len(state->outgoing_packet)); |
1244 | |
1245 | /* |
1246 | * During rekeying we can only send key exchange messages. |
1247 | * Queue everything else. |
1248 | */ |
1249 | if ((need_rekey || state->rekeying) && !ssh_packet_type_is_kex(type)) { |
1250 | if (need_rekey) |
1251 | debug3_f("rekex triggered")sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1251 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "rekex triggered"); |
1252 | debug("enqueue packet: %u", type)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1252 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "enqueue packet: %u", type ); |
1253 | p = calloc(1, sizeof(*p)); |
1254 | if (p == NULL((void *)0)) |
1255 | return SSH_ERR_ALLOC_FAIL-2; |
1256 | p->type = type; |
1257 | p->payload = state->outgoing_packet; |
1258 | TAILQ_INSERT_TAIL(&state->outgoing, p, next)do { (p)->next.tqe_next = ((void *)0); (p)->next.tqe_prev = (&state->outgoing)->tqh_last; *(&state->outgoing )->tqh_last = (p); (&state->outgoing)->tqh_last = &(p)->next.tqe_next; } while (0); |
1259 | state->outgoing_packet = sshbuf_new(); |
1260 | if (state->outgoing_packet == NULL((void *)0)) |
1261 | return SSH_ERR_ALLOC_FAIL-2; |
1262 | if (need_rekey) { |
1263 | /* |
1264 | * This packet triggered a rekey, so send the |
1265 | * KEXINIT now. |
1266 | * NB. reenters this function via kex_start_rekex(). |
1267 | */ |
1268 | return kex_start_rekex(ssh); |
1269 | } |
1270 | return 0; |
1271 | } |
1272 | |
1273 | /* rekeying starts with sending KEXINIT */ |
1274 | if (type == SSH2_MSG_KEXINIT20) |
1275 | state->rekeying = 1; |
1276 | |
1277 | if ((r = ssh_packet_send2_wrapped(ssh)) != 0) |
1278 | return r; |
1279 | |
1280 | /* after a NEWKEYS message we can send the complete queue */ |
1281 | if (type == SSH2_MSG_NEWKEYS21) { |
1282 | state->rekeying = 0; |
1283 | state->rekey_time = monotime(); |
1284 | while ((p = TAILQ_FIRST(&state->outgoing)((&state->outgoing)->tqh_first))) { |
1285 | type = p->type; |
1286 | /* |
1287 | * If this packet triggers a rekex, then skip the |
1288 | * remaining packets in the queue for now. |
1289 | * NB. re-enters this function via kex_start_rekex. |
1290 | */ |
1291 | if (ssh_packet_need_rekeying(ssh, |
1292 | sshbuf_len(p->payload))) { |
1293 | debug3_f("queued packet triggered rekex")sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1293 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "queued packet triggered rekex" ); |
1294 | return kex_start_rekex(ssh); |
1295 | } |
1296 | debug("dequeue packet: %u", type)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1296 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "dequeue packet: %u", type ); |
1297 | sshbuf_free(state->outgoing_packet); |
1298 | state->outgoing_packet = p->payload; |
1299 | TAILQ_REMOVE(&state->outgoing, p, next)do { if (((p)->next.tqe_next) != ((void *)0)) (p)->next .tqe_next->next.tqe_prev = (p)->next.tqe_prev; else (& state->outgoing)->tqh_last = (p)->next.tqe_prev; *(p )->next.tqe_prev = (p)->next.tqe_next; ; ; } while (0); |
1300 | memset(p, 0, sizeof(*p)); |
1301 | free(p); |
1302 | if ((r = ssh_packet_send2_wrapped(ssh)) != 0) |
1303 | return r; |
1304 | } |
1305 | } |
1306 | return 0; |
1307 | } |
1308 | |
1309 | /* |
1310 | * Waits until a packet has been received, and returns its type. Note that |
1311 | * no other data is processed until this returns, so this function should not |
1312 | * be used during the interactive session. |
1313 | */ |
1314 | |
1315 | int |
1316 | ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) |
1317 | { |
1318 | struct session_state *state = ssh->state; |
1319 | int len, r, ms_remain = 0; |
1320 | struct pollfd pfd; |
1321 | char buf[8192]; |
1322 | struct timeval start; |
1323 | struct timespec timespec, *timespecp = NULL((void *)0); |
1324 | |
1325 | DBG(debug("packet_read()")); |
1326 | |
1327 | /* |
1328 | * Since we are blocking, ensure that all written packets have |
1329 | * been sent. |
1330 | */ |
1331 | if ((r = ssh_packet_write_wait(ssh)) != 0) |
1332 | goto out; |
1333 | |
1334 | /* Stay in the loop until we have received a complete packet. */ |
1335 | for (;;) { |
1336 | /* Try to read a packet from the buffer. */ |
1337 | if ((r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p)) != 0) |
1338 | break; |
1339 | /* If we got a packet, return it. */ |
1340 | if (*typep != SSH_MSG_NONE0) |
1341 | break; |
1342 | /* |
1343 | * Otherwise, wait for some data to arrive, add it to the |
1344 | * buffer, and try again. |
1345 | */ |
1346 | pfd.fd = state->connection_in; |
1347 | pfd.events = POLLIN0x0001; |
1348 | |
1349 | if (state->packet_timeout_ms > 0) { |
1350 | ms_remain = state->packet_timeout_ms; |
1351 | timespecp = ×pec; |
1352 | } |
1353 | /* Wait for some data to arrive. */ |
1354 | for (;;) { |
1355 | if (state->packet_timeout_ms > 0) { |
1356 | ms_to_timespec(×pec, ms_remain); |
1357 | monotime_tv(&start); |
1358 | } |
1359 | if ((r = ppoll(&pfd, 1, timespecp, NULL((void *)0))) >= 0) |
1360 | break; |
1361 | if (errno(*__errno()) != EAGAIN35 && errno(*__errno()) != EINTR4) { |
1362 | r = SSH_ERR_SYSTEM_ERROR-24; |
1363 | goto out; |
1364 | } |
1365 | if (state->packet_timeout_ms <= 0) |
1366 | continue; |
1367 | ms_subtract_diff(&start, &ms_remain); |
1368 | if (ms_remain <= 0) { |
1369 | r = 0; |
1370 | break; |
1371 | } |
1372 | } |
1373 | if (r == 0) { |
1374 | r = SSH_ERR_CONN_TIMEOUT-53; |
1375 | goto out; |
1376 | } |
1377 | /* Read data from the socket. */ |
1378 | len = read(state->connection_in, buf, sizeof(buf)); |
1379 | if (len == 0) { |
1380 | r = SSH_ERR_CONN_CLOSED-52; |
1381 | goto out; |
1382 | } |
1383 | if (len == -1) { |
1384 | r = SSH_ERR_SYSTEM_ERROR-24; |
1385 | goto out; |
1386 | } |
1387 | |
1388 | /* Append it to the buffer. */ |
1389 | if ((r = ssh_packet_process_incoming(ssh, buf, len)) != 0) |
1390 | goto out; |
1391 | } |
1392 | out: |
1393 | return r; |
1394 | } |
1395 | |
1396 | int |
1397 | ssh_packet_read(struct ssh *ssh) |
1398 | { |
1399 | u_char type; |
1400 | int r; |
1401 | |
1402 | if ((r = ssh_packet_read_seqnr(ssh, &type, NULL((void *)0))) != 0) |
1403 | fatal_fr(r, "read")sshfatal("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1403 , 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "read"); |
1404 | return type; |
1405 | } |
1406 | |
1407 | static int |
1408 | ssh_packet_read_poll2_mux(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) |
1409 | { |
1410 | struct session_state *state = ssh->state; |
1411 | const u_char *cp; |
1412 | size_t need; |
1413 | int r; |
1414 | |
1415 | if (ssh->kex) |
1416 | return SSH_ERR_INTERNAL_ERROR-1; |
1417 | *typep = SSH_MSG_NONE0; |
1418 | cp = sshbuf_ptr(state->input); |
1419 | if (state->packlen == 0) { |
1420 | if (sshbuf_len(state->input) < 4 + 1) |
1421 | return 0; /* packet is incomplete */ |
1422 | state->packlen = PEEK_U32(cp)(((u_int32_t)(((const u_char *)(cp))[0]) << 24) | ((u_int32_t )(((const u_char *)(cp))[1]) << 16) | ((u_int32_t)(((const u_char *)(cp))[2]) << 8) | (u_int32_t)(((const u_char * )(cp))[3])); |
1423 | if (state->packlen < 4 + 1 || |
1424 | state->packlen > PACKET_MAX_SIZE(256 * 1024)) |
1425 | return SSH_ERR_MESSAGE_INCOMPLETE-3; |
1426 | } |
1427 | need = state->packlen + 4; |
1428 | if (sshbuf_len(state->input) < need) |
1429 | return 0; /* packet is incomplete */ |
1430 | sshbuf_reset(state->incoming_packet); |
1431 | if ((r = sshbuf_put(state->incoming_packet, cp + 4, |
1432 | state->packlen)) != 0 || |
1433 | (r = sshbuf_consume(state->input, need)) != 0 || |
1434 | (r = sshbuf_get_u8(state->incoming_packet, NULL((void *)0))) != 0 || |
1435 | (r = sshbuf_get_u8(state->incoming_packet, typep)) != 0) |
1436 | return r; |
1437 | if (ssh_packet_log_type(*typep)) |
1438 | debug3_f("type %u", *typep)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1438 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "type %u", *typep); |
1439 | /* sshbuf_dump(state->incoming_packet, stderr); */ |
1440 | /* reset for next packet */ |
1441 | state->packlen = 0; |
1442 | return r; |
1443 | } |
1444 | |
1445 | int |
1446 | ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) |
1447 | { |
1448 | struct session_state *state = ssh->state; |
1449 | u_int padlen, need; |
1450 | u_char *cp; |
1451 | u_int maclen, aadlen = 0, authlen = 0, block_size; |
1452 | struct sshenc *enc = NULL((void *)0); |
1453 | struct sshmac *mac = NULL((void *)0); |
1454 | struct sshcomp *comp = NULL((void *)0); |
1455 | int r; |
1456 | |
1457 | if (state->mux) |
1458 | return ssh_packet_read_poll2_mux(ssh, typep, seqnr_p); |
1459 | |
1460 | *typep = SSH_MSG_NONE0; |
1461 | |
1462 | if (state->packet_discard) |
1463 | return 0; |
1464 | |
1465 | if (state->newkeys[MODE_IN] != NULL((void *)0)) { |
1466 | enc = &state->newkeys[MODE_IN]->enc; |
1467 | mac = &state->newkeys[MODE_IN]->mac; |
1468 | comp = &state->newkeys[MODE_IN]->comp; |
1469 | /* disable mac for authenticated encryption */ |
1470 | if ((authlen = cipher_authlen(enc->cipher)) != 0) |
1471 | mac = NULL((void *)0); |
1472 | } |
1473 | maclen = mac && mac->enabled ? mac->mac_len : 0; |
1474 | block_size = enc ? enc->block_size : 8; |
1475 | aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0; |
1476 | |
1477 | if (aadlen && state->packlen == 0) { |
1478 | if (cipher_get_length(state->receive_context, |
1479 | &state->packlen, state->p_read.seqnr, |
1480 | sshbuf_ptr(state->input), sshbuf_len(state->input)) != 0) |
1481 | return 0; |
1482 | if (state->packlen < 1 + 4 || |
1483 | state->packlen > PACKET_MAX_SIZE(256 * 1024)) { |
1484 | #ifdef PACKET_DEBUG |
1485 | sshbuf_dump(state->input, stderr(&__sF[2])); |
1486 | #endif |
1487 | logit("Bad packet length %u.", state->packlen)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1487 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Bad packet length %u.", state->packlen); |
1488 | if ((r = sshpkt_disconnect(ssh, "Packet corrupt")) != 0) |
1489 | return r; |
1490 | return SSH_ERR_CONN_CORRUPT-54; |
1491 | } |
1492 | sshbuf_reset(state->incoming_packet); |
1493 | } else if (state->packlen == 0) { |
1494 | /* |
1495 | * check if input size is less than the cipher block size, |
1496 | * decrypt first block and extract length of incoming packet |
1497 | */ |
1498 | if (sshbuf_len(state->input) < block_size) |
1499 | return 0; |
1500 | sshbuf_reset(state->incoming_packet); |
1501 | if ((r = sshbuf_reserve(state->incoming_packet, block_size, |
1502 | &cp)) != 0) |
1503 | goto out; |
1504 | if ((r = cipher_crypt(state->receive_context, |
1505 | state->p_send.seqnr, cp, sshbuf_ptr(state->input), |
1506 | block_size, 0, 0)) != 0) |
1507 | goto out; |
1508 | state->packlen = PEEK_U32(sshbuf_ptr(state->incoming_packet))(((u_int32_t)(((const u_char *)(sshbuf_ptr(state->incoming_packet )))[0]) << 24) | ((u_int32_t)(((const u_char *)(sshbuf_ptr (state->incoming_packet)))[1]) << 16) | ((u_int32_t) (((const u_char *)(sshbuf_ptr(state->incoming_packet)))[2] ) << 8) | (u_int32_t)(((const u_char *)(sshbuf_ptr(state ->incoming_packet)))[3])); |
1509 | if (state->packlen < 1 + 4 || |
1510 | state->packlen > PACKET_MAX_SIZE(256 * 1024)) { |
1511 | #ifdef PACKET_DEBUG |
1512 | fprintf(stderr(&__sF[2]), "input: \n"); |
1513 | sshbuf_dump(state->input, stderr(&__sF[2])); |
1514 | fprintf(stderr(&__sF[2]), "incoming_packet: \n"); |
1515 | sshbuf_dump(state->incoming_packet, stderr(&__sF[2])); |
1516 | #endif |
1517 | logit("Bad packet length %u.", state->packlen)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1517 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Bad packet length %u.", state->packlen); |
1518 | return ssh_packet_start_discard(ssh, enc, mac, 0, |
1519 | PACKET_MAX_SIZE(256 * 1024)); |
1520 | } |
1521 | if ((r = sshbuf_consume(state->input, block_size)) != 0) |
1522 | goto out; |
1523 | } |
1524 | DBG(debug("input: packet len %u", state->packlen+4)); |
1525 | |
1526 | if (aadlen) { |
1527 | /* only the payload is encrypted */ |
1528 | need = state->packlen; |
1529 | } else { |
1530 | /* |
1531 | * the payload size and the payload are encrypted, but we |
1532 | * have a partial packet of block_size bytes |
1533 | */ |
1534 | need = 4 + state->packlen - block_size; |
1535 | } |
1536 | DBG(debug("partial packet: block %d, need %d, maclen %d, authlen %d," |
1537 | " aadlen %d", block_size, need, maclen, authlen, aadlen)); |
1538 | if (need % block_size != 0) { |
1539 | logit("padding error: need %d block %d mod %d",sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1540 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "padding error: need %d block %d mod %d" , need, block_size, need % block_size) |
1540 | need, block_size, need % block_size)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1540 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "padding error: need %d block %d mod %d" , need, block_size, need % block_size); |
1541 | return ssh_packet_start_discard(ssh, enc, mac, 0, |
1542 | PACKET_MAX_SIZE(256 * 1024) - block_size); |
1543 | } |
1544 | /* |
1545 | * check if the entire packet has been received and |
1546 | * decrypt into incoming_packet: |
1547 | * 'aadlen' bytes are unencrypted, but authenticated. |
1548 | * 'need' bytes are encrypted, followed by either |
1549 | * 'authlen' bytes of authentication tag or |
1550 | * 'maclen' bytes of message authentication code. |
1551 | */ |
1552 | if (sshbuf_len(state->input) < aadlen + need + authlen + maclen) |
1553 | return 0; /* packet is incomplete */ |
1554 | #ifdef PACKET_DEBUG |
1555 | fprintf(stderr(&__sF[2]), "read_poll enc/full: "); |
1556 | sshbuf_dump(state->input, stderr(&__sF[2])); |
1557 | #endif |
1558 | /* EtM: check mac over encrypted input */ |
1559 | if (mac && mac->enabled && mac->etm) { |
1560 | if ((r = mac_check(mac, state->p_read.seqnr, |
1561 | sshbuf_ptr(state->input), aadlen + need, |
1562 | sshbuf_ptr(state->input) + aadlen + need + authlen, |
1563 | maclen)) != 0) { |
1564 | if (r == SSH_ERR_MAC_INVALID-30) |
1565 | logit("Corrupted MAC on input.")sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1565 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Corrupted MAC on input." ); |
1566 | goto out; |
1567 | } |
1568 | } |
1569 | if ((r = sshbuf_reserve(state->incoming_packet, aadlen + need, |
1570 | &cp)) != 0) |
1571 | goto out; |
1572 | if ((r = cipher_crypt(state->receive_context, state->p_read.seqnr, cp, |
1573 | sshbuf_ptr(state->input), need, aadlen, authlen)) != 0) |
1574 | goto out; |
1575 | if ((r = sshbuf_consume(state->input, aadlen + need + authlen)) != 0) |
1576 | goto out; |
1577 | if (mac && mac->enabled) { |
1578 | /* Not EtM: check MAC over cleartext */ |
1579 | if (!mac->etm && (r = mac_check(mac, state->p_read.seqnr, |
1580 | sshbuf_ptr(state->incoming_packet), |
1581 | sshbuf_len(state->incoming_packet), |
1582 | sshbuf_ptr(state->input), maclen)) != 0) { |
1583 | if (r != SSH_ERR_MAC_INVALID-30) |
1584 | goto out; |
1585 | logit("Corrupted MAC on input.")sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1585 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Corrupted MAC on input." ); |
1586 | if (need + block_size > PACKET_MAX_SIZE(256 * 1024)) |
1587 | return SSH_ERR_INTERNAL_ERROR-1; |
1588 | return ssh_packet_start_discard(ssh, enc, mac, |
1589 | sshbuf_len(state->incoming_packet), |
1590 | PACKET_MAX_SIZE(256 * 1024) - need - block_size); |
1591 | } |
1592 | /* Remove MAC from input buffer */ |
1593 | DBG(debug("MAC #%d ok", state->p_read.seqnr)); |
1594 | if ((r = sshbuf_consume(state->input, mac->mac_len)) != 0) |
1595 | goto out; |
1596 | } |
1597 | |
1598 | if (seqnr_p != NULL((void *)0)) |
1599 | *seqnr_p = state->p_read.seqnr; |
1600 | if (++state->p_read.seqnr == 0) { |
1601 | if ((ssh->kex->flags & KEX_INITIAL0x0002) != 0) { |
1602 | ssh_packet_disconnect(ssh, "incoming sequence number " |
1603 | "wrapped during initial key exchange"); |
1604 | } |
1605 | logit("incoming seqnr wraps around")sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1605 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "incoming seqnr wraps around" ); |
1606 | } |
1607 | if (++state->p_read.packets == 0) |
1608 | if (!(ssh->compat & SSH_BUG_NOREKEY0x00008000)) |
1609 | return SSH_ERR_NEED_REKEY-39; |
1610 | state->p_read.blocks += (state->packlen + 4) / block_size; |
1611 | state->p_read.bytes += state->packlen + 4; |
1612 | |
1613 | /* get padlen */ |
1614 | padlen = sshbuf_ptr(state->incoming_packet)[4]; |
1615 | DBG(debug("input: padlen %d", padlen)); |
1616 | if (padlen < 4) { |
1617 | if ((r = sshpkt_disconnect(ssh, |
1618 | "Corrupted padlen %d on input.", padlen)) != 0 || |
1619 | (r = ssh_packet_write_wait(ssh)) != 0) |
1620 | return r; |
1621 | return SSH_ERR_CONN_CORRUPT-54; |
1622 | } |
1623 | |
1624 | /* skip packet size + padlen, discard padding */ |
1625 | if ((r = sshbuf_consume(state->incoming_packet, 4 + 1)) != 0 || |
1626 | ((r = sshbuf_consume_end(state->incoming_packet, padlen)) != 0)) |
1627 | goto out; |
1628 | |
1629 | DBG(debug("input: len before de-compress %zd", |
1630 | sshbuf_len(state->incoming_packet))); |
1631 | if (comp && comp->enabled) { |
1632 | sshbuf_reset(state->compression_buffer); |
1633 | if ((r = uncompress_buffer(ssh, state->incoming_packet, |
1634 | state->compression_buffer)) != 0) |
1635 | goto out; |
1636 | sshbuf_reset(state->incoming_packet); |
1637 | if ((r = sshbuf_putb(state->incoming_packet, |
1638 | state->compression_buffer)) != 0) |
1639 | goto out; |
1640 | DBG(debug("input: len after de-compress %zd", |
1641 | sshbuf_len(state->incoming_packet))); |
1642 | } |
1643 | /* |
1644 | * get packet type, implies consume. |
1645 | * return length of payload (without type field) |
1646 | */ |
1647 | if ((r = sshbuf_get_u8(state->incoming_packet, typep)) != 0) |
1648 | goto out; |
1649 | if (ssh_packet_log_type(*typep)) |
1650 | debug3("receive packet: type %u", *typep)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1650 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "receive packet: type %u" , *typep); |
1651 | if (*typep < SSH2_MSG_MIN1) { |
1652 | if ((r = sshpkt_disconnect(ssh, |
1653 | "Invalid ssh2 packet type: %d", *typep)) != 0 || |
1654 | (r = ssh_packet_write_wait(ssh)) != 0) |
1655 | return r; |
1656 | return SSH_ERR_PROTOCOL_ERROR-55; |
1657 | } |
1658 | if (state->hook_in != NULL((void *)0) && |
1659 | (r = state->hook_in(ssh, state->incoming_packet, typep, |
1660 | state->hook_in_ctx)) != 0) |
1661 | return r; |
1662 | if (*typep == SSH2_MSG_USERAUTH_SUCCESS52 && !state->server_side) |
1663 | r = ssh_packet_enable_delayed_compress(ssh); |
1664 | else |
1665 | r = 0; |
1666 | #ifdef PACKET_DEBUG |
1667 | fprintf(stderr(&__sF[2]), "read/plain[%d]:\r\n", *typep); |
1668 | sshbuf_dump(state->incoming_packet, stderr(&__sF[2])); |
1669 | #endif |
1670 | /* reset for next packet */ |
1671 | state->packlen = 0; |
1672 | if (*typep == SSH2_MSG_NEWKEYS21 && ssh->kex->kex_strict) { |
1673 | debug_f("resetting read seqnr %u", state->p_read.seqnr)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1673 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "resetting read seqnr %u" , state->p_read.seqnr); |
1674 | state->p_read.seqnr = 0; |
1675 | } |
1676 | |
1677 | if ((r = ssh_packet_check_rekey(ssh)) != 0) |
1678 | return r; |
1679 | out: |
1680 | return r; |
1681 | } |
1682 | |
1683 | int |
1684 | ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) |
1685 | { |
1686 | struct session_state *state = ssh->state; |
1687 | u_int reason, seqnr; |
1688 | int r; |
1689 | u_char *msg; |
1690 | const u_char *d; |
1691 | size_t len; |
1692 | |
1693 | for (;;) { |
1694 | msg = NULL((void *)0); |
1695 | r = ssh_packet_read_poll2(ssh, typep, seqnr_p); |
1696 | if (r != 0) |
1697 | return r; |
1698 | if (*typep == 0) { |
1699 | /* no message ready */ |
1700 | return 0; |
1701 | } |
1702 | state->keep_alive_timeouts = 0; |
1703 | DBG(debug("received packet type %d", *typep)); |
1704 | |
1705 | /* Always process disconnect messages */ |
1706 | if (*typep == SSH2_MSG_DISCONNECT1) { |
1707 | if ((r = sshpkt_get_u32(ssh, &reason)) != 0 || |
1708 | (r = sshpkt_get_string(ssh, &msg, NULL((void *)0))) != 0) |
1709 | return r; |
1710 | /* Ignore normal client exit notifications */ |
1711 | do_log2(ssh->state->server_side &&sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1716 , 0, ssh->state->server_side && reason == 11 ? SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, ((void *)0), "Received disconnect from %s port %d:" "%u: %.400s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), reason , msg) |
1712 | reason == SSH2_DISCONNECT_BY_APPLICATION ?sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1716 , 0, ssh->state->server_side && reason == 11 ? SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, ((void *)0), "Received disconnect from %s port %d:" "%u: %.400s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), reason , msg) |
1713 | SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1716 , 0, ssh->state->server_side && reason == 11 ? SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, ((void *)0), "Received disconnect from %s port %d:" "%u: %.400s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), reason , msg) |
1714 | "Received disconnect from %s port %d:"sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1716 , 0, ssh->state->server_side && reason == 11 ? SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, ((void *)0), "Received disconnect from %s port %d:" "%u: %.400s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), reason , msg) |
1715 | "%u: %.400s", ssh_remote_ipaddr(ssh),sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1716 , 0, ssh->state->server_side && reason == 11 ? SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, ((void *)0), "Received disconnect from %s port %d:" "%u: %.400s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), reason , msg) |
1716 | ssh_remote_port(ssh), reason, msg)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1716 , 0, ssh->state->server_side && reason == 11 ? SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, ((void *)0), "Received disconnect from %s port %d:" "%u: %.400s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), reason , msg); |
1717 | free(msg); |
1718 | return SSH_ERR_DISCONNECTED-29; |
1719 | } |
1720 | |
1721 | /* |
1722 | * Do not implicitly handle any messages here during initial |
1723 | * KEX when in strict mode. They will be need to be allowed |
1724 | * explicitly by the KEX dispatch table or they will generate |
1725 | * protocol errors. |
1726 | */ |
1727 | if (ssh->kex != NULL((void *)0) && |
1728 | (ssh->kex->flags & KEX_INITIAL0x0002) && ssh->kex->kex_strict) |
1729 | return 0; |
1730 | /* Implicitly handle transport-level messages */ |
1731 | switch (*typep) { |
1732 | case SSH2_MSG_IGNORE2: |
1733 | debug3("Received SSH2_MSG_IGNORE")sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1733 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "Received SSH2_MSG_IGNORE" ); |
1734 | break; |
1735 | case SSH2_MSG_DEBUG4: |
1736 | if ((r = sshpkt_get_u8(ssh, NULL((void *)0))) != 0 || |
1737 | (r = sshpkt_get_string(ssh, &msg, NULL((void *)0))) != 0 || |
1738 | (r = sshpkt_get_string(ssh, NULL((void *)0), NULL((void *)0))) != 0) { |
1739 | free(msg); |
1740 | return r; |
1741 | } |
1742 | debug("Remote: %.900s", msg)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1742 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Remote: %.900s", msg); |
1743 | free(msg); |
1744 | break; |
1745 | case SSH2_MSG_UNIMPLEMENTED3: |
1746 | if ((r = sshpkt_get_u32(ssh, &seqnr)) != 0) |
1747 | return r; |
1748 | debug("Received SSH2_MSG_UNIMPLEMENTED for %u",sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1749 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Received SSH2_MSG_UNIMPLEMENTED for %u" , seqnr) |
1749 | seqnr)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1749 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Received SSH2_MSG_UNIMPLEMENTED for %u" , seqnr); |
1750 | break; |
1751 | case SSH2_MSG_PING192: |
1752 | if ((r = sshpkt_get_string_direct(ssh, &d, &len)) != 0) |
1753 | return r; |
1754 | DBG(debug("Received SSH2_MSG_PING len %zu", len)); |
1755 | if ((r = sshpkt_start(ssh, SSH2_MSG_PONG193)) != 0 || |
1756 | (r = sshpkt_put_string(ssh, d, len)) != 0 || |
1757 | (r = sshpkt_send(ssh)) != 0) |
1758 | return r; |
1759 | break; |
1760 | case SSH2_MSG_PONG193: |
1761 | if ((r = sshpkt_get_string_direct(ssh, |
1762 | NULL((void *)0), &len)) != 0) |
1763 | return r; |
1764 | DBG(debug("Received SSH2_MSG_PONG len %zu", len)); |
1765 | break; |
1766 | default: |
1767 | return 0; |
1768 | } |
1769 | } |
1770 | } |
1771 | |
1772 | /* |
1773 | * Buffers the supplied input data. This is intended to be used together |
1774 | * with packet_read_poll(). |
1775 | */ |
1776 | int |
1777 | ssh_packet_process_incoming(struct ssh *ssh, const char *buf, u_int len) |
1778 | { |
1779 | struct session_state *state = ssh->state; |
1780 | int r; |
1781 | |
1782 | if (state->packet_discard) { |
1783 | state->keep_alive_timeouts = 0; /* ?? */ |
1784 | if (len >= state->packet_discard) { |
1785 | if ((r = ssh_packet_stop_discard(ssh)) != 0) |
1786 | return r; |
1787 | } |
1788 | state->packet_discard -= len; |
1789 | return 0; |
1790 | } |
1791 | if ((r = sshbuf_put(state->input, buf, len)) != 0) |
1792 | return r; |
1793 | |
1794 | return 0; |
1795 | } |
1796 | |
1797 | /* Reads and buffers data from the specified fd */ |
1798 | int |
1799 | ssh_packet_process_read(struct ssh *ssh, int fd) |
1800 | { |
1801 | struct session_state *state = ssh->state; |
1802 | int r; |
1803 | size_t rlen; |
1804 | |
1805 | if ((r = sshbuf_read(fd, state->input, PACKET_MAX_SIZE(256 * 1024), &rlen)) != 0) |
1806 | return r; |
1807 | |
1808 | if (state->packet_discard) { |
1809 | if ((r = sshbuf_consume_end(state->input, rlen)) != 0) |
1810 | return r; |
1811 | state->keep_alive_timeouts = 0; /* ?? */ |
1812 | if (rlen >= state->packet_discard) { |
1813 | if ((r = ssh_packet_stop_discard(ssh)) != 0) |
1814 | return r; |
1815 | } |
1816 | state->packet_discard -= rlen; |
1817 | return 0; |
1818 | } |
1819 | return 0; |
1820 | } |
1821 | |
1822 | int |
1823 | ssh_packet_remaining(struct ssh *ssh) |
1824 | { |
1825 | return sshbuf_len(ssh->state->incoming_packet); |
1826 | } |
1827 | |
1828 | /* |
1829 | * Sends a diagnostic message from the server to the client. This message |
1830 | * can be sent at any time (but not while constructing another message). The |
1831 | * message is printed immediately, but only if the client is being executed |
1832 | * in verbose mode. These messages are primarily intended to ease debugging |
1833 | * authentication problems. The length of the formatted message must not |
1834 | * exceed 1024 bytes. This will automatically call ssh_packet_write_wait. |
1835 | */ |
1836 | void |
1837 | ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...) |
1838 | { |
1839 | char buf[1024]; |
1840 | va_list args; |
1841 | int r; |
1842 | |
1843 | if ((ssh->compat & SSH_BUG_DEBUG0x00000040)) |
1844 | return; |
1845 | |
1846 | va_start(args, fmt)__builtin_va_start((args), fmt); |
1847 | vsnprintf(buf, sizeof(buf), fmt, args); |
1848 | va_end(args)__builtin_va_end((args)); |
1849 | |
1850 | debug3("sending debug message: %s", buf)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1850 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "sending debug message: %s" , buf); |
1851 | |
1852 | if ((r = sshpkt_start(ssh, SSH2_MSG_DEBUG4)) != 0 || |
1853 | (r = sshpkt_put_u8(ssh, 0)) != 0 || /* always display */ |
1854 | (r = sshpkt_put_cstring(ssh, buf)) != 0 || |
1855 | (r = sshpkt_put_cstring(ssh, "")) != 0 || |
1856 | (r = sshpkt_send(ssh)) != 0 || |
1857 | (r = ssh_packet_write_wait(ssh)) != 0) |
1858 | fatal_fr(r, "send DEBUG")sshfatal("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1858 , 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "send DEBUG"); |
1859 | } |
1860 | |
1861 | void |
1862 | sshpkt_fmt_connection_id(struct ssh *ssh, char *s, size_t l) |
1863 | { |
1864 | snprintf(s, l, "%.200s%s%s port %d", |
1865 | ssh->log_preamble ? ssh->log_preamble : "", |
1866 | ssh->log_preamble ? " " : "", |
1867 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); |
1868 | } |
1869 | |
1870 | /* |
1871 | * Pretty-print connection-terminating errors and exit. |
1872 | */ |
1873 | static void |
1874 | sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap) |
1875 | { |
1876 | char *tag = NULL((void *)0), remote_id[512]; |
1877 | int oerrno = errno(*__errno()); |
1878 | |
1879 | sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); |
1880 | |
1881 | switch (r) { |
1882 | case SSH_ERR_CONN_CLOSED-52: |
1883 | ssh_packet_clear_keys(ssh); |
1884 | logdie("Connection closed by %s", remote_id)sshlogdie("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1884 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Connection closed by %s" , remote_id); |
1885 | case SSH_ERR_CONN_TIMEOUT-53: |
1886 | ssh_packet_clear_keys(ssh); |
1887 | logdie("Connection %s %s timed out",sshlogdie("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1888 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Connection %s %s timed out" , ssh->state->server_side ? "from" : "to", remote_id) |
1888 | ssh->state->server_side ? "from" : "to", remote_id)sshlogdie("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1888 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Connection %s %s timed out" , ssh->state->server_side ? "from" : "to", remote_id); |
1889 | case SSH_ERR_DISCONNECTED-29: |
1890 | ssh_packet_clear_keys(ssh); |
1891 | logdie("Disconnected from %s", remote_id)sshlogdie("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1891 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Disconnected from %s", remote_id); |
1892 | case SSH_ERR_SYSTEM_ERROR-24: |
1893 | if (errno(*__errno()) == ECONNRESET54) { |
1894 | ssh_packet_clear_keys(ssh); |
1895 | logdie("Connection reset by %s", remote_id)sshlogdie("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1895 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Connection reset by %s" , remote_id); |
1896 | } |
1897 | /* FALLTHROUGH */ |
1898 | case SSH_ERR_NO_CIPHER_ALG_MATCH-31: |
1899 | case SSH_ERR_NO_MAC_ALG_MATCH-32: |
1900 | case SSH_ERR_NO_COMPRESS_ALG_MATCH-33: |
1901 | case SSH_ERR_NO_KEX_ALG_MATCH-34: |
1902 | case SSH_ERR_NO_HOSTKEY_ALG_MATCH-35: |
1903 | if (ssh->kex && ssh->kex->failed_choice) { |
1904 | ssh_packet_clear_keys(ssh); |
1905 | errno(*__errno()) = oerrno; |
1906 | logdie("Unable to negotiate with %s: %s. "sshlogdie("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1908 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to negotiate with %s: %s. " "Their offer: %s", remote_id, ssh_err(r), ssh->kex->failed_choice ) |
1907 | "Their offer: %s", remote_id, ssh_err(r),sshlogdie("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1908 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to negotiate with %s: %s. " "Their offer: %s", remote_id, ssh_err(r), ssh->kex->failed_choice ) |
1908 | ssh->kex->failed_choice)sshlogdie("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1908 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to negotiate with %s: %s. " "Their offer: %s", remote_id, ssh_err(r), ssh->kex->failed_choice ); |
1909 | } |
1910 | /* FALLTHROUGH */ |
1911 | default: |
1912 | if (vasprintf(&tag, fmt, ap) == -1) { |
1913 | ssh_packet_clear_keys(ssh); |
1914 | logdie_f("could not allocate failure message")sshlogdie("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1914 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "could not allocate failure message" ); |
1915 | } |
1916 | ssh_packet_clear_keys(ssh); |
1917 | errno(*__errno()) = oerrno; |
1918 | logdie_r(r, "%s%sConnection %s %s",sshlogdie("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1920 , 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "%s%sConnection %s %s", tag != ((void *)0) ? tag : "", tag != ((void *)0) ? ": " : "", ssh ->state->server_side ? "from" : "to", remote_id) |
1919 | tag != NULL ? tag : "", tag != NULL ? ": " : "",sshlogdie("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1920 , 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "%s%sConnection %s %s", tag != ((void *)0) ? tag : "", tag != ((void *)0) ? ": " : "", ssh ->state->server_side ? "from" : "to", remote_id) |
1920 | ssh->state->server_side ? "from" : "to", remote_id)sshlogdie("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1920 , 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "%s%sConnection %s %s", tag != ((void *)0) ? tag : "", tag != ((void *)0) ? ": " : "", ssh ->state->server_side ? "from" : "to", remote_id); |
1921 | } |
1922 | } |
1923 | |
1924 | void |
1925 | sshpkt_fatal(struct ssh *ssh, int r, const char *fmt, ...) |
1926 | { |
1927 | va_list ap; |
1928 | |
1929 | va_start(ap, fmt)__builtin_va_start((ap), fmt); |
1930 | sshpkt_vfatal(ssh, r, fmt, ap); |
1931 | /* NOTREACHED */ |
1932 | va_end(ap)__builtin_va_end((ap)); |
1933 | logdie_f("should have exited")sshlogdie("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1933 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "should have exited"); |
1934 | } |
1935 | |
1936 | /* |
1937 | * Logs the error plus constructs and sends a disconnect packet, closes the |
1938 | * connection, and exits. This function never returns. The error message |
1939 | * should not contain a newline. The length of the formatted message must |
1940 | * not exceed 1024 bytes. |
1941 | */ |
1942 | void |
1943 | ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...) |
1944 | { |
1945 | char buf[1024], remote_id[512]; |
1946 | va_list args; |
1947 | static int disconnecting = 0; |
1948 | int r; |
1949 | |
1950 | if (disconnecting) /* Guard against recursive invocations. */ |
1951 | fatal("packet_disconnect called recursively.")sshfatal("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1951 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "packet_disconnect called recursively." ); |
1952 | disconnecting = 1; |
1953 | |
1954 | /* |
1955 | * Format the message. Note that the caller must make sure the |
1956 | * message is of limited size. |
1957 | */ |
1958 | sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); |
1959 | va_start(args, fmt)__builtin_va_start((args), fmt); |
1960 | vsnprintf(buf, sizeof(buf), fmt, args); |
1961 | va_end(args)__builtin_va_end((args)); |
1962 | |
1963 | /* Display the error locally */ |
1964 | logit("Disconnecting %s: %.100s", remote_id, buf)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 1964 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Disconnecting %s: %.100s" , remote_id, buf); |
1965 | |
1966 | /* |
1967 | * Send the disconnect message to the other side, and wait |
1968 | * for it to get sent. |
1969 | */ |
1970 | if ((r = sshpkt_disconnect(ssh, "%s", buf)) != 0) |
1971 | sshpkt_fatal(ssh, r, "%s", __func__); |
1972 | |
1973 | if ((r = ssh_packet_write_wait(ssh)) != 0) |
1974 | sshpkt_fatal(ssh, r, "%s", __func__); |
1975 | |
1976 | /* Close the connection. */ |
1977 | ssh_packet_close(ssh); |
1978 | cleanup_exit(255); |
1979 | } |
1980 | |
1981 | /* |
1982 | * Checks if there is any buffered output, and tries to write some of |
1983 | * the output. |
1984 | */ |
1985 | int |
1986 | ssh_packet_write_poll(struct ssh *ssh) |
1987 | { |
1988 | struct session_state *state = ssh->state; |
1989 | int len = sshbuf_len(state->output); |
1990 | int r; |
1991 | |
1992 | if (len > 0) { |
1993 | len = write(state->connection_out, |
1994 | sshbuf_ptr(state->output), len); |
1995 | if (len == -1) { |
1996 | if (errno(*__errno()) == EINTR4 || errno(*__errno()) == EAGAIN35) |
1997 | return 0; |
1998 | return SSH_ERR_SYSTEM_ERROR-24; |
1999 | } |
2000 | if (len == 0) |
2001 | return SSH_ERR_CONN_CLOSED-52; |
2002 | if ((r = sshbuf_consume(state->output, len)) != 0) |
2003 | return r; |
2004 | } |
2005 | return 0; |
2006 | } |
2007 | |
2008 | /* |
2009 | * Calls packet_write_poll repeatedly until all pending output data has been |
2010 | * written. |
2011 | */ |
2012 | int |
2013 | ssh_packet_write_wait(struct ssh *ssh) |
2014 | { |
2015 | int ret, r, ms_remain = 0; |
2016 | struct timeval start; |
2017 | struct timespec timespec, *timespecp = NULL((void *)0); |
2018 | struct session_state *state = ssh->state; |
2019 | struct pollfd pfd; |
2020 | |
2021 | if ((r = ssh_packet_write_poll(ssh)) != 0) |
2022 | return r; |
2023 | while (ssh_packet_have_data_to_write(ssh)) { |
2024 | pfd.fd = state->connection_out; |
2025 | pfd.events = POLLOUT0x0004; |
2026 | |
2027 | if (state->packet_timeout_ms > 0) { |
2028 | ms_remain = state->packet_timeout_ms; |
2029 | timespecp = ×pec; |
2030 | } |
2031 | for (;;) { |
2032 | if (state->packet_timeout_ms > 0) { |
2033 | ms_to_timespec(×pec, ms_remain); |
2034 | monotime_tv(&start); |
2035 | } |
2036 | if ((ret = ppoll(&pfd, 1, timespecp, NULL((void *)0))) >= 0) |
2037 | break; |
2038 | if (errno(*__errno()) != EAGAIN35 && errno(*__errno()) != EINTR4) |
2039 | break; |
2040 | if (state->packet_timeout_ms <= 0) |
2041 | continue; |
2042 | ms_subtract_diff(&start, &ms_remain); |
2043 | if (ms_remain <= 0) { |
2044 | ret = 0; |
2045 | break; |
2046 | } |
2047 | } |
2048 | if (ret == 0) |
2049 | return SSH_ERR_CONN_TIMEOUT-53; |
2050 | if ((r = ssh_packet_write_poll(ssh)) != 0) |
2051 | return r; |
2052 | } |
2053 | return 0; |
2054 | } |
2055 | |
2056 | /* Returns true if there is buffered data to write to the connection. */ |
2057 | |
2058 | int |
2059 | ssh_packet_have_data_to_write(struct ssh *ssh) |
2060 | { |
2061 | return sshbuf_len(ssh->state->output) != 0; |
2062 | } |
2063 | |
2064 | /* Returns true if there is not too much data to write to the connection. */ |
2065 | |
2066 | int |
2067 | ssh_packet_not_very_much_data_to_write(struct ssh *ssh) |
2068 | { |
2069 | if (ssh->state->interactive_mode) |
2070 | return sshbuf_len(ssh->state->output) < 16384; |
2071 | else |
2072 | return sshbuf_len(ssh->state->output) < 128 * 1024; |
2073 | } |
2074 | |
2075 | /* |
2076 | * returns true when there are at most a few keystrokes of data to write |
2077 | * and the connection is in interactive mode. |
2078 | */ |
2079 | |
2080 | int |
2081 | ssh_packet_interactive_data_to_write(struct ssh *ssh) |
2082 | { |
2083 | return ssh->state->interactive_mode && |
2084 | sshbuf_len(ssh->state->output) < 256; |
2085 | } |
2086 | |
2087 | void |
2088 | ssh_packet_set_tos(struct ssh *ssh, int tos) |
2089 | { |
2090 | if (!ssh_packet_connection_is_on_socket(ssh) || tos == INT_MAX0x7fffffff) |
2091 | return; |
2092 | set_sock_tos(ssh->state->connection_in, tos); |
2093 | } |
2094 | |
2095 | /* Informs that the current session is interactive. Sets IP flags for that. */ |
2096 | |
2097 | void |
2098 | ssh_packet_set_interactive(struct ssh *ssh, int interactive, int qos_interactive, int qos_bulk) |
2099 | { |
2100 | struct session_state *state = ssh->state; |
2101 | |
2102 | if (state->set_interactive_called) |
2103 | return; |
2104 | state->set_interactive_called = 1; |
2105 | |
2106 | /* Record that we are in interactive mode. */ |
2107 | state->interactive_mode = interactive; |
2108 | |
2109 | /* Only set socket options if using a socket. */ |
2110 | if (!ssh_packet_connection_is_on_socket(ssh)) |
2111 | return; |
2112 | set_nodelay(state->connection_in); |
2113 | ssh_packet_set_tos(ssh, interactive ? qos_interactive : qos_bulk); |
2114 | } |
2115 | |
2116 | /* Returns true if the current connection is interactive. */ |
2117 | |
2118 | int |
2119 | ssh_packet_is_interactive(struct ssh *ssh) |
2120 | { |
2121 | return ssh->state->interactive_mode; |
2122 | } |
2123 | |
2124 | int |
2125 | ssh_packet_set_maxsize(struct ssh *ssh, u_int s) |
2126 | { |
2127 | struct session_state *state = ssh->state; |
2128 | |
2129 | if (state->set_maxsize_called) { |
2130 | logit_f("called twice: old %d new %d",sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 2131 , 1, SYSLOG_LEVEL_INFO, ((void *)0), "called twice: old %d new %d" , state->max_packet_size, s) |
2131 | state->max_packet_size, s)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 2131 , 1, SYSLOG_LEVEL_INFO, ((void *)0), "called twice: old %d new %d" , state->max_packet_size, s); |
2132 | return -1; |
2133 | } |
2134 | if (s < 4 * 1024 || s > 1024 * 1024) { |
2135 | logit_f("bad size %d", s)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 2135 , 1, SYSLOG_LEVEL_INFO, ((void *)0), "bad size %d", s); |
2136 | return -1; |
2137 | } |
2138 | state->set_maxsize_called = 1; |
2139 | debug_f("setting to %d", s)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 2139 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "setting to %d", s); |
2140 | state->max_packet_size = s; |
2141 | return s; |
2142 | } |
2143 | |
2144 | int |
2145 | ssh_packet_inc_alive_timeouts(struct ssh *ssh) |
2146 | { |
2147 | return ++ssh->state->keep_alive_timeouts; |
2148 | } |
2149 | |
2150 | void |
2151 | ssh_packet_set_alive_timeouts(struct ssh *ssh, int ka) |
2152 | { |
2153 | ssh->state->keep_alive_timeouts = ka; |
2154 | } |
2155 | |
2156 | u_int |
2157 | ssh_packet_get_maxsize(struct ssh *ssh) |
2158 | { |
2159 | return ssh->state->max_packet_size; |
2160 | } |
2161 | |
2162 | void |
2163 | ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, u_int32_t seconds) |
2164 | { |
2165 | debug3("rekey after %llu bytes, %u seconds", (unsigned long long)bytes,sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 2166 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "rekey after %llu bytes, %u seconds" , (unsigned long long)bytes, (unsigned int)seconds) |
2166 | (unsigned int)seconds)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 2166 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "rekey after %llu bytes, %u seconds" , (unsigned long long)bytes, (unsigned int)seconds); |
2167 | ssh->state->rekey_limit = bytes; |
2168 | ssh->state->rekey_interval = seconds; |
2169 | } |
2170 | |
2171 | time_t |
2172 | ssh_packet_get_rekey_timeout(struct ssh *ssh) |
2173 | { |
2174 | time_t seconds; |
2175 | |
2176 | seconds = ssh->state->rekey_time + ssh->state->rekey_interval - |
2177 | monotime(); |
2178 | return (seconds <= 0 ? 1 : seconds); |
2179 | } |
2180 | |
2181 | void |
2182 | ssh_packet_set_server(struct ssh *ssh) |
2183 | { |
2184 | ssh->state->server_side = 1; |
2185 | ssh->kex->server = 1; /* XXX unify? */ |
2186 | } |
2187 | |
2188 | void |
2189 | ssh_packet_set_authenticated(struct ssh *ssh) |
2190 | { |
2191 | ssh->state->after_authentication = 1; |
2192 | } |
2193 | |
2194 | void * |
2195 | ssh_packet_get_input(struct ssh *ssh) |
2196 | { |
2197 | return (void *)ssh->state->input; |
2198 | } |
2199 | |
2200 | void * |
2201 | ssh_packet_get_output(struct ssh *ssh) |
2202 | { |
2203 | return (void *)ssh->state->output; |
2204 | } |
2205 | |
2206 | /* Reset after_authentication and reset compression in post-auth privsep */ |
2207 | static int |
2208 | ssh_packet_set_postauth(struct ssh *ssh) |
2209 | { |
2210 | int r; |
2211 | |
2212 | debug_f("called")sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 2212 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "called"); |
2213 | /* This was set in net child, but is not visible in user child */ |
2214 | ssh->state->after_authentication = 1; |
2215 | ssh->state->rekeying = 0; |
2216 | if ((r = ssh_packet_enable_delayed_compress(ssh)) != 0) |
2217 | return r; |
2218 | return 0; |
2219 | } |
2220 | |
2221 | /* Packet state (de-)serialization for privsep */ |
2222 | |
2223 | /* turn kex into a blob for packet state serialization */ |
2224 | static int |
2225 | kex_to_blob(struct sshbuf *m, struct kex *kex) |
2226 | { |
2227 | int r; |
2228 | |
2229 | if ((r = sshbuf_put_u32(m, kex->we_need)) != 0 || |
2230 | (r = sshbuf_put_cstring(m, kex->hostkey_alg)) != 0 || |
2231 | (r = sshbuf_put_u32(m, kex->hostkey_type)) != 0 || |
2232 | (r = sshbuf_put_u32(m, kex->hostkey_nid)) != 0 || |
2233 | (r = sshbuf_put_u32(m, kex->kex_type)) != 0 || |
2234 | (r = sshbuf_put_u32(m, kex->kex_strict)) != 0 || |
2235 | (r = sshbuf_put_stringb(m, kex->my)) != 0 || |
2236 | (r = sshbuf_put_stringb(m, kex->peer)) != 0 || |
2237 | (r = sshbuf_put_stringb(m, kex->client_version)) != 0 || |
2238 | (r = sshbuf_put_stringb(m, kex->server_version)) != 0 || |
2239 | (r = sshbuf_put_stringb(m, kex->session_id)) != 0 || |
2240 | (r = sshbuf_put_u32(m, kex->flags)) != 0) |
2241 | return r; |
2242 | return 0; |
2243 | } |
2244 | |
2245 | /* turn key exchange results into a blob for packet state serialization */ |
2246 | static int |
2247 | newkeys_to_blob(struct sshbuf *m, struct ssh *ssh, int mode) |
2248 | { |
2249 | struct sshbuf *b; |
2250 | struct sshcipher_ctx *cc; |
2251 | struct sshcomp *comp; |
2252 | struct sshenc *enc; |
2253 | struct sshmac *mac; |
2254 | struct newkeys *newkey; |
2255 | int r; |
2256 | |
2257 | if ((newkey = ssh->state->newkeys[mode]) == NULL((void *)0)) |
2258 | return SSH_ERR_INTERNAL_ERROR-1; |
2259 | enc = &newkey->enc; |
2260 | mac = &newkey->mac; |
2261 | comp = &newkey->comp; |
2262 | cc = (mode == MODE_OUT) ? ssh->state->send_context : |
2263 | ssh->state->receive_context; |
2264 | if ((r = cipher_get_keyiv(cc, enc->iv, enc->iv_len)) != 0) |
2265 | return r; |
2266 | if ((b = sshbuf_new()) == NULL((void *)0)) |
2267 | return SSH_ERR_ALLOC_FAIL-2; |
2268 | if ((r = sshbuf_put_cstring(b, enc->name)) != 0 || |
2269 | (r = sshbuf_put_u32(b, enc->enabled)) != 0 || |
2270 | (r = sshbuf_put_u32(b, enc->block_size)) != 0 || |
2271 | (r = sshbuf_put_string(b, enc->key, enc->key_len)) != 0 || |
2272 | (r = sshbuf_put_string(b, enc->iv, enc->iv_len)) != 0) |
2273 | goto out; |
2274 | if (cipher_authlen(enc->cipher) == 0) { |
2275 | if ((r = sshbuf_put_cstring(b, mac->name)) != 0 || |
2276 | (r = sshbuf_put_u32(b, mac->enabled)) != 0 || |
2277 | (r = sshbuf_put_string(b, mac->key, mac->key_len)) != 0) |
2278 | goto out; |
2279 | } |
2280 | if ((r = sshbuf_put_u32(b, comp->type)) != 0 || |
2281 | (r = sshbuf_put_cstring(b, comp->name)) != 0) |
2282 | goto out; |
2283 | r = sshbuf_put_stringb(m, b); |
2284 | out: |
2285 | sshbuf_free(b); |
2286 | return r; |
2287 | } |
2288 | |
2289 | /* serialize packet state into a blob */ |
2290 | int |
2291 | ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) |
2292 | { |
2293 | struct session_state *state = ssh->state; |
2294 | int r; |
2295 | |
2296 | if ((r = kex_to_blob(m, ssh->kex)) != 0 || |
2297 | (r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 || |
2298 | (r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 || |
2299 | (r = sshbuf_put_u64(m, state->rekey_limit)) != 0 || |
2300 | (r = sshbuf_put_u32(m, state->rekey_interval)) != 0 || |
2301 | (r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 || |
2302 | (r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 || |
2303 | (r = sshbuf_put_u32(m, state->p_send.packets)) != 0 || |
2304 | (r = sshbuf_put_u64(m, state->p_send.bytes)) != 0 || |
2305 | (r = sshbuf_put_u32(m, state->p_read.seqnr)) != 0 || |
2306 | (r = sshbuf_put_u64(m, state->p_read.blocks)) != 0 || |
2307 | (r = sshbuf_put_u32(m, state->p_read.packets)) != 0 || |
2308 | (r = sshbuf_put_u64(m, state->p_read.bytes)) != 0 || |
2309 | (r = sshbuf_put_stringb(m, state->input)) != 0 || |
2310 | (r = sshbuf_put_stringb(m, state->output)) != 0) |
2311 | return r; |
2312 | |
2313 | return 0; |
2314 | } |
2315 | |
2316 | /* restore key exchange results from blob for packet state de-serialization */ |
2317 | static int |
2318 | newkeys_from_blob(struct sshbuf *m, struct ssh *ssh, int mode) |
2319 | { |
2320 | struct sshbuf *b = NULL((void *)0); |
2321 | struct sshcomp *comp; |
2322 | struct sshenc *enc; |
2323 | struct sshmac *mac; |
2324 | struct newkeys *newkey = NULL((void *)0); |
2325 | size_t keylen, ivlen, maclen; |
2326 | int r; |
2327 | |
2328 | if ((newkey = calloc(1, sizeof(*newkey))) == NULL((void *)0)) { |
2329 | r = SSH_ERR_ALLOC_FAIL-2; |
2330 | goto out; |
2331 | } |
2332 | if ((r = sshbuf_froms(m, &b)) != 0) |
2333 | goto out; |
2334 | #ifdef DEBUG_PK |
2335 | sshbuf_dump(b, stderr(&__sF[2])); |
2336 | #endif |
2337 | enc = &newkey->enc; |
2338 | mac = &newkey->mac; |
2339 | comp = &newkey->comp; |
2340 | |
2341 | if ((r = sshbuf_get_cstring(b, &enc->name, NULL((void *)0))) != 0 || |
2342 | (r = sshbuf_get_u32(b, (u_int *)&enc->enabled)) != 0 || |
2343 | (r = sshbuf_get_u32(b, &enc->block_size)) != 0 || |
2344 | (r = sshbuf_get_string(b, &enc->key, &keylen)) != 0 || |
2345 | (r = sshbuf_get_string(b, &enc->iv, &ivlen)) != 0) |
2346 | goto out; |
2347 | if ((enc->cipher = cipher_by_name(enc->name)) == NULL((void *)0)) { |
2348 | r = SSH_ERR_INVALID_FORMAT-4; |
2349 | goto out; |
2350 | } |
2351 | if (cipher_authlen(enc->cipher) == 0) { |
2352 | if ((r = sshbuf_get_cstring(b, &mac->name, NULL((void *)0))) != 0) |
2353 | goto out; |
2354 | if ((r = mac_setup(mac, mac->name)) != 0) |
2355 | goto out; |
2356 | if ((r = sshbuf_get_u32(b, (u_int *)&mac->enabled)) != 0 || |
2357 | (r = sshbuf_get_string(b, &mac->key, &maclen)) != 0) |
2358 | goto out; |
2359 | if (maclen > mac->key_len) { |
2360 | r = SSH_ERR_INVALID_FORMAT-4; |
2361 | goto out; |
2362 | } |
2363 | mac->key_len = maclen; |
2364 | } |
2365 | if ((r = sshbuf_get_u32(b, &comp->type)) != 0 || |
2366 | (r = sshbuf_get_cstring(b, &comp->name, NULL((void *)0))) != 0) |
2367 | goto out; |
2368 | if (sshbuf_len(b) != 0) { |
2369 | r = SSH_ERR_INVALID_FORMAT-4; |
2370 | goto out; |
2371 | } |
2372 | enc->key_len = keylen; |
2373 | enc->iv_len = ivlen; |
2374 | ssh->kex->newkeys[mode] = newkey; |
2375 | newkey = NULL((void *)0); |
2376 | r = 0; |
2377 | out: |
2378 | free(newkey); |
2379 | sshbuf_free(b); |
2380 | return r; |
2381 | } |
2382 | |
2383 | /* restore kex from blob for packet state de-serialization */ |
2384 | static int |
2385 | kex_from_blob(struct sshbuf *m, struct kex **kexp) |
2386 | { |
2387 | struct kex *kex; |
2388 | int r; |
2389 | |
2390 | if ((kex = kex_new()) == NULL((void *)0)) |
2391 | return SSH_ERR_ALLOC_FAIL-2; |
2392 | if ((r = sshbuf_get_u32(m, &kex->we_need)) != 0 || |
2393 | (r = sshbuf_get_cstring(m, &kex->hostkey_alg, NULL((void *)0))) != 0 || |
2394 | (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_type)) != 0 || |
2395 | (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_nid)) != 0 || |
2396 | (r = sshbuf_get_u32(m, &kex->kex_type)) != 0 || |
2397 | (r = sshbuf_get_u32(m, &kex->kex_strict)) != 0 || |
2398 | (r = sshbuf_get_stringb(m, kex->my)) != 0 || |
2399 | (r = sshbuf_get_stringb(m, kex->peer)) != 0 || |
2400 | (r = sshbuf_get_stringb(m, kex->client_version)) != 0 || |
2401 | (r = sshbuf_get_stringb(m, kex->server_version)) != 0 || |
2402 | (r = sshbuf_get_stringb(m, kex->session_id)) != 0 || |
2403 | (r = sshbuf_get_u32(m, &kex->flags)) != 0) |
2404 | goto out; |
2405 | kex->server = 1; |
2406 | kex->done = 1; |
2407 | r = 0; |
2408 | out: |
2409 | if (r != 0 || kexp == NULL((void *)0)) { |
2410 | kex_free(kex); |
2411 | if (kexp != NULL((void *)0)) |
2412 | *kexp = NULL((void *)0); |
2413 | } else { |
2414 | kex_free(*kexp); |
2415 | *kexp = kex; |
2416 | } |
2417 | return r; |
2418 | } |
2419 | |
2420 | /* |
2421 | * Restore packet state from content of blob 'm' (de-serialization). |
2422 | * Note that 'm' will be partially consumed on parsing or any other errors. |
2423 | */ |
2424 | int |
2425 | ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) |
2426 | { |
2427 | struct session_state *state = ssh->state; |
2428 | const u_char *input, *output; |
2429 | size_t ilen, olen; |
2430 | int r; |
2431 | |
2432 | if ((r = kex_from_blob(m, &ssh->kex)) != 0 || |
2433 | (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 || |
2434 | (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 || |
2435 | (r = sshbuf_get_u64(m, &state->rekey_limit)) != 0 || |
2436 | (r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 || |
2437 | (r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 || |
2438 | (r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 || |
2439 | (r = sshbuf_get_u32(m, &state->p_send.packets)) != 0 || |
2440 | (r = sshbuf_get_u64(m, &state->p_send.bytes)) != 0 || |
2441 | (r = sshbuf_get_u32(m, &state->p_read.seqnr)) != 0 || |
2442 | (r = sshbuf_get_u64(m, &state->p_read.blocks)) != 0 || |
2443 | (r = sshbuf_get_u32(m, &state->p_read.packets)) != 0 || |
2444 | (r = sshbuf_get_u64(m, &state->p_read.bytes)) != 0) |
2445 | return r; |
2446 | /* |
2447 | * We set the time here so that in post-auth privsep child we |
2448 | * count from the completion of the authentication. |
2449 | */ |
2450 | state->rekey_time = monotime(); |
2451 | /* XXX ssh_set_newkeys overrides p_read.packets? XXX */ |
2452 | if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0 || |
2453 | (r = ssh_set_newkeys(ssh, MODE_OUT)) != 0) |
2454 | return r; |
2455 | |
2456 | if ((r = ssh_packet_set_postauth(ssh)) != 0) |
2457 | return r; |
2458 | |
2459 | sshbuf_reset(state->input); |
2460 | sshbuf_reset(state->output); |
2461 | if ((r = sshbuf_get_string_direct(m, &input, &ilen)) != 0 || |
2462 | (r = sshbuf_get_string_direct(m, &output, &olen)) != 0 || |
2463 | (r = sshbuf_put(state->input, input, ilen)) != 0 || |
2464 | (r = sshbuf_put(state->output, output, olen)) != 0) |
2465 | return r; |
2466 | |
2467 | if (sshbuf_len(m)) |
2468 | return SSH_ERR_INVALID_FORMAT-4; |
2469 | debug3_f("done")sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 2469 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "done"); |
2470 | return 0; |
2471 | } |
2472 | |
2473 | /* NEW API */ |
2474 | |
2475 | /* put data to the outgoing packet */ |
2476 | |
2477 | int |
2478 | sshpkt_put(struct ssh *ssh, const void *v, size_t len) |
2479 | { |
2480 | return sshbuf_put(ssh->state->outgoing_packet, v, len); |
2481 | } |
2482 | |
2483 | int |
2484 | sshpkt_putb(struct ssh *ssh, const struct sshbuf *b) |
2485 | { |
2486 | return sshbuf_putb(ssh->state->outgoing_packet, b); |
2487 | } |
2488 | |
2489 | int |
2490 | sshpkt_put_u8(struct ssh *ssh, u_char val) |
2491 | { |
2492 | return sshbuf_put_u8(ssh->state->outgoing_packet, val); |
2493 | } |
2494 | |
2495 | int |
2496 | sshpkt_put_u32(struct ssh *ssh, u_int32_t val) |
2497 | { |
2498 | return sshbuf_put_u32(ssh->state->outgoing_packet, val); |
2499 | } |
2500 | |
2501 | int |
2502 | sshpkt_put_u64(struct ssh *ssh, u_int64_t val) |
2503 | { |
2504 | return sshbuf_put_u64(ssh->state->outgoing_packet, val); |
2505 | } |
2506 | |
2507 | int |
2508 | sshpkt_put_string(struct ssh *ssh, const void *v, size_t len) |
2509 | { |
2510 | return sshbuf_put_string(ssh->state->outgoing_packet, v, len); |
2511 | } |
2512 | |
2513 | int |
2514 | sshpkt_put_cstring(struct ssh *ssh, const void *v) |
2515 | { |
2516 | return sshbuf_put_cstring(ssh->state->outgoing_packet, v); |
2517 | } |
2518 | |
2519 | int |
2520 | sshpkt_put_stringb(struct ssh *ssh, const struct sshbuf *v) |
2521 | { |
2522 | return sshbuf_put_stringb(ssh->state->outgoing_packet, v); |
2523 | } |
2524 | |
2525 | #ifdef WITH_OPENSSL1 |
2526 | int |
2527 | sshpkt_put_ec(struct ssh *ssh, const EC_POINT *v, const EC_GROUP *g) |
2528 | { |
2529 | return sshbuf_put_ec(ssh->state->outgoing_packet, v, g); |
2530 | } |
2531 | |
2532 | |
2533 | int |
2534 | sshpkt_put_bignum2(struct ssh *ssh, const BIGNUM *v) |
2535 | { |
2536 | return sshbuf_put_bignum2(ssh->state->outgoing_packet, v); |
2537 | } |
2538 | #endif /* WITH_OPENSSL */ |
2539 | |
2540 | /* fetch data from the incoming packet */ |
2541 | |
2542 | int |
2543 | sshpkt_get(struct ssh *ssh, void *valp, size_t len) |
2544 | { |
2545 | return sshbuf_get(ssh->state->incoming_packet, valp, len); |
2546 | } |
2547 | |
2548 | int |
2549 | sshpkt_get_u8(struct ssh *ssh, u_char *valp) |
2550 | { |
2551 | return sshbuf_get_u8(ssh->state->incoming_packet, valp); |
2552 | } |
2553 | |
2554 | int |
2555 | sshpkt_get_u32(struct ssh *ssh, u_int32_t *valp) |
2556 | { |
2557 | return sshbuf_get_u32(ssh->state->incoming_packet, valp); |
2558 | } |
2559 | |
2560 | int |
2561 | sshpkt_get_u64(struct ssh *ssh, u_int64_t *valp) |
2562 | { |
2563 | return sshbuf_get_u64(ssh->state->incoming_packet, valp); |
2564 | } |
2565 | |
2566 | int |
2567 | sshpkt_get_string(struct ssh *ssh, u_char **valp, size_t *lenp) |
2568 | { |
2569 | return sshbuf_get_string(ssh->state->incoming_packet, valp, lenp); |
2570 | } |
2571 | |
2572 | int |
2573 | sshpkt_get_string_direct(struct ssh *ssh, const u_char **valp, size_t *lenp) |
2574 | { |
2575 | return sshbuf_get_string_direct(ssh->state->incoming_packet, valp, lenp); |
2576 | } |
2577 | |
2578 | int |
2579 | sshpkt_peek_string_direct(struct ssh *ssh, const u_char **valp, size_t *lenp) |
2580 | { |
2581 | return sshbuf_peek_string_direct(ssh->state->incoming_packet, valp, lenp); |
2582 | } |
2583 | |
2584 | int |
2585 | sshpkt_get_cstring(struct ssh *ssh, char **valp, size_t *lenp) |
2586 | { |
2587 | return sshbuf_get_cstring(ssh->state->incoming_packet, valp, lenp); |
2588 | } |
2589 | |
2590 | int |
2591 | sshpkt_getb_froms(struct ssh *ssh, struct sshbuf **valp) |
2592 | { |
2593 | return sshbuf_froms(ssh->state->incoming_packet, valp); |
2594 | } |
2595 | |
2596 | #ifdef WITH_OPENSSL1 |
2597 | int |
2598 | sshpkt_get_ec(struct ssh *ssh, EC_POINT *v, const EC_GROUP *g) |
2599 | { |
2600 | return sshbuf_get_ec(ssh->state->incoming_packet, v, g); |
2601 | } |
2602 | |
2603 | int |
2604 | sshpkt_get_bignum2(struct ssh *ssh, BIGNUM **valp) |
2605 | { |
2606 | return sshbuf_get_bignum2(ssh->state->incoming_packet, valp); |
2607 | } |
2608 | #endif /* WITH_OPENSSL */ |
2609 | |
2610 | int |
2611 | sshpkt_get_end(struct ssh *ssh) |
2612 | { |
2613 | if (sshbuf_len(ssh->state->incoming_packet) > 0) |
2614 | return SSH_ERR_UNEXPECTED_TRAILING_DATA-23; |
2615 | return 0; |
2616 | } |
2617 | |
2618 | const u_char * |
2619 | sshpkt_ptr(struct ssh *ssh, size_t *lenp) |
2620 | { |
2621 | if (lenp != NULL((void *)0)) |
2622 | *lenp = sshbuf_len(ssh->state->incoming_packet); |
2623 | return sshbuf_ptr(ssh->state->incoming_packet); |
2624 | } |
2625 | |
2626 | /* start a new packet */ |
2627 | |
2628 | int |
2629 | sshpkt_start(struct ssh *ssh, u_char type) |
2630 | { |
2631 | u_char buf[6]; /* u32 packet length, u8 pad len, u8 type */ |
2632 | |
2633 | DBG(debug("packet_start[%d]", type)); |
2634 | memset(buf, 0, sizeof(buf)); |
2635 | buf[sizeof(buf) - 1] = type; |
2636 | sshbuf_reset(ssh->state->outgoing_packet); |
2637 | return sshbuf_put(ssh->state->outgoing_packet, buf, sizeof(buf)); |
2638 | } |
2639 | |
2640 | static int |
2641 | ssh_packet_send_mux(struct ssh *ssh) |
2642 | { |
2643 | struct session_state *state = ssh->state; |
2644 | u_char type, *cp; |
2645 | size_t len; |
2646 | int r; |
2647 | |
2648 | if (ssh->kex) |
2649 | return SSH_ERR_INTERNAL_ERROR-1; |
2650 | len = sshbuf_len(state->outgoing_packet); |
2651 | if (len < 6) |
2652 | return SSH_ERR_INTERNAL_ERROR-1; |
2653 | cp = sshbuf_mutable_ptr(state->outgoing_packet); |
2654 | type = cp[5]; |
2655 | if (ssh_packet_log_type(type)) |
2656 | debug3_f("type %u", type)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 2656 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "type %u", type); |
2657 | /* drop everything, but the connection protocol */ |
2658 | if (type >= SSH2_MSG_CONNECTION_MIN80 && |
2659 | type <= SSH2_MSG_CONNECTION_MAX127) { |
2660 | POKE_U32(cp, len - 4)do { const u_int32_t __v = (len - 4); ((u_char *)(cp))[0] = ( __v >> 24) & 0xff; ((u_char *)(cp))[1] = (__v >> 16) & 0xff; ((u_char *)(cp))[2] = (__v >> 8) & 0xff; ((u_char *)(cp))[3] = __v & 0xff; } while (0); |
2661 | if ((r = sshbuf_putb(state->output, |
2662 | state->outgoing_packet)) != 0) |
2663 | return r; |
2664 | /* sshbuf_dump(state->output, stderr); */ |
2665 | } |
2666 | sshbuf_reset(state->outgoing_packet); |
2667 | return 0; |
2668 | } |
2669 | |
2670 | /* |
2671 | * 9.2. Ignored Data Message |
2672 | * |
2673 | * byte SSH_MSG_IGNORE |
2674 | * string data |
2675 | * |
2676 | * All implementations MUST understand (and ignore) this message at any |
2677 | * time (after receiving the protocol version). No implementation is |
2678 | * required to send them. This message can be used as an additional |
2679 | * protection measure against advanced traffic analysis techniques. |
2680 | */ |
2681 | int |
2682 | sshpkt_msg_ignore(struct ssh *ssh, u_int nbytes) |
2683 | { |
2684 | u_int32_t rnd = 0; |
2685 | int r; |
2686 | u_int i; |
2687 | |
2688 | if ((r = sshpkt_start(ssh, SSH2_MSG_IGNORE2)) != 0 || |
2689 | (r = sshpkt_put_u32(ssh, nbytes)) != 0) |
2690 | return r; |
2691 | for (i = 0; i < nbytes; i++) { |
2692 | if (i % 4 == 0) |
2693 | rnd = arc4random(); |
2694 | if ((r = sshpkt_put_u8(ssh, (u_char)rnd & 0xff)) != 0) |
2695 | return r; |
2696 | rnd >>= 8; |
2697 | } |
2698 | return 0; |
2699 | } |
2700 | |
2701 | /* send it */ |
2702 | |
2703 | int |
2704 | sshpkt_send(struct ssh *ssh) |
2705 | { |
2706 | if (ssh->state && ssh->state->mux) |
2707 | return ssh_packet_send_mux(ssh); |
2708 | return ssh_packet_send2(ssh); |
2709 | } |
2710 | |
2711 | int |
2712 | sshpkt_disconnect(struct ssh *ssh, const char *fmt,...) |
2713 | { |
2714 | char buf[1024]; |
2715 | va_list args; |
2716 | int r; |
2717 | |
2718 | va_start(args, fmt)__builtin_va_start((args), fmt); |
2719 | vsnprintf(buf, sizeof(buf), fmt, args); |
2720 | va_end(args)__builtin_va_end((args)); |
2721 | |
2722 | debug2_f("sending SSH2_MSG_DISCONNECT: %s", buf)sshlog("/usr/src/usr.bin/ssh/ssh/../packet.c", __func__, 2722 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "sending SSH2_MSG_DISCONNECT: %s" , buf); |
2723 | if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT1)) != 0 || |
2724 | (r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_PROTOCOL_ERROR2)) != 0 || |
2725 | (r = sshpkt_put_cstring(ssh, buf)) != 0 || |
2726 | (r = sshpkt_put_cstring(ssh, "")) != 0 || |
2727 | (r = sshpkt_send(ssh)) != 0) |
2728 | return r; |
2729 | return 0; |
2730 | } |
2731 | |
2732 | /* roundup current message to pad bytes */ |
2733 | int |
2734 | sshpkt_add_padding(struct ssh *ssh, u_char pad) |
2735 | { |
2736 | ssh->state->extra_pad = pad; |
2737 | return 0; |
2738 | } |