- deraadt@cvs.openbsd.org 2001/03/18 23:30:55
[compat.c compat.h sshd.c]
specifically version match on ssh scanners. do not log scan
information to the console
diff --git a/ChangeLog b/ChangeLog
index 43f8080..57e246f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,10 @@
- djm@cvs.openbsd.org 2001/03/19 03:52:51
[sftp-client.c]
Report ssh connection closing correctly; ok deraadt@
+ - deraadt@cvs.openbsd.org 2001/03/18 23:30:55
+ [compat.c compat.h sshd.c]
+ specifically version match on ssh scanners. do not log scan
+ information to the console
20010318
- (bal) Fixed scp type casing issue which causes "scp: protocol error:
@@ -4616,4 +4620,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.980 2001/03/19 11:29:46 djm Exp $
+$Id: ChangeLog,v 1.981 2001/03/19 11:36:20 djm Exp $
diff --git a/compat.c b/compat.c
index 9d23f9a..4fb2b44 100644
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.38 2001/03/10 15:31:00 deraadt Exp $");
+RCSID("$OpenBSD: compat.c,v 1.39 2001/03/18 23:30:55 deraadt Exp $");
#ifdef HAVE_LIBPCRE
# include <pcreposix.h>
@@ -97,6 +97,8 @@
{ "^OSU_1\\.[0-4]", SSH_BUG_PASSWORDPAD },
{ "^OSU_1\\.5alpha[1-3]",
SSH_BUG_PASSWORDPAD },
+ { "^SSH_Version_Mapper",
+ SSH_BUG_SCANNER },
{ NULL, 0 }
};
/* process table, return first match */
diff --git a/compat.h b/compat.h
index a1fdbe7..41d6af0 100644
--- a/compat.h
+++ b/compat.h
@@ -21,7 +21,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* RCSID("$OpenBSD: compat.h,v 1.17 2001/03/10 15:31:00 deraadt Exp $"); */
+/* RCSID("$OpenBSD: compat.h,v 1.18 2001/03/18 23:30:55 deraadt Exp $"); */
#ifndef COMPAT_H
#define COMPAT_H
@@ -42,6 +42,7 @@
#define SSH_BUG_IGNOREMSG 0x0100
#define SSH_BUG_PKOK 0x0200
#define SSH_BUG_PASSWORDPAD 0x0400
+#define SSH_BUG_SCANNER 0x0800
void enable_compat13(void);
void enable_compat20(void);
diff --git a/sshd.c b/sshd.c
index 0a1048c..384d408 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.174 2001/03/09 12:30:29 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.175 2001/03/18 23:30:55 deraadt Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@@ -381,6 +381,12 @@
compat_datafellows(remote_version);
+ if (datafellows & SSH_BUG_SCANNER) {
+ log("scanned from %s with %s. Don't panic.",
+ get_remote_ipaddr(), client_version_string);
+ fatal_cleanup();
+ }
+
mismatch = 0;
switch(remote_major) {
case 1: