- OpenBSD CVS updates:
- [readpass.c]
avoid stdio; based on work by markus, millert, and I
- [sshd.c]
make sure the client selects a supported cipher
- [sshd.c]
fix sighup handling. accept would just restart and daemon handled
sighup only after the next connection was accepted. use poll on
listen sock now.
- [sshd.c]
make that a fatal
diff --git a/ChangeLog b/ChangeLog
index 39304e2..c51d212 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,17 @@
- "uninstall" rule for Makefile
- utmpx support
- Should fix PAM problems on Solaris
+ - OpenBSD CVS updates:
+ - [readpass.c]
+ avoid stdio; based on work by markus, millert, and I
+ - [sshd.c]
+ make sure the client selects a supported cipher
+ - [sshd.c]
+ fix sighup handling. accept would just restart and daemon handled
+ sighup only after the next connection was accepted. use poll on
+ listen sock now.
+ - [sshd.c]
+ make that a fatal
19991208
- Compile fix for Solaris with /dev/ptmx from
diff --git a/readpass.c b/readpass.c
index 5b7119f..5ea3b22 100644
--- a/readpass.c
+++ b/readpass.c
@@ -1,119 +1,94 @@
/*
- *
- * readpass.c
- *
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- * All rights reserved
- *
- * Created: Mon Jul 10 22:08:59 1995 ylo
- *
- * Functions for reading passphrases and passwords.
- *
+ * Copyright (c) 1988, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$Id: readpass.c,v 1.3 1999/11/25 00:54:59 damien Exp $");
+RCSID("$Id: readpass.c,v 1.4 1999/12/08 23:31:37 damien Exp $");
#include "xmalloc.h"
#include "ssh.h"
-/* Saved old terminal mode for read_passphrase. */
-static struct termios saved_tio;
-
-/* Old interrupt signal handler for read_passphrase. */
-static void (*old_handler) (int sig) = NULL;
-
-/* Interrupt signal handler for read_passphrase. */
-
-void
-intr_handler(int sig)
-{
- /* Restore terminal modes. */
- tcsetattr(fileno(stdin), TCSANOW, &saved_tio);
- /* Restore the old signal handler. */
- signal(sig, old_handler);
- /* Resend the signal, with the old handler. */
- kill(getpid(), sig);
-}
-
/*
* Reads a passphrase from /dev/tty with echo turned off. Returns the
- * passphrase (allocated with xmalloc). Exits if EOF is encountered. The
- * passphrase if read from stdin if from_stdin is true (as is the case with
- * ssh-keygen).
+ * passphrase (allocated with xmalloc), being very careful to ensure that
+ * no other userland buffer is storing the password.
*/
-
char *
read_passphrase(const char *prompt, int from_stdin)
{
- char buf[1024], *cp;
- struct termios tio;
- FILE *f;
+ char buf[1024], *p, ch;
+ struct termios tio, saved_tio;
+ sigset_t oset, nset;
+ int input, output, echo = 0;
+
+ if (from_stdin) {
+ input = STDIN_FILENO;
+ output = STDERR_FILENO;
+ } else
+ input = output = open("/dev/tty", O_RDWR);
- if (from_stdin)
- f = stdin;
- else {
- /*
- * Read the passphrase from /dev/tty to make it possible to
- * ask it even when stdin has been redirected.
- */
- f = fopen("/dev/tty", "r");
- if (!f) {
- /* No controlling terminal and no DISPLAY. Nowhere to read. */
- fprintf(stderr, "You have no controlling tty and no DISPLAY. Cannot read passphrase.\n");
- exit(1);
- }
+ if (input == -1)
+ fatal("You have no controlling tty. Cannot read passphrase.\n");
+
+ /* block signals, get terminal modes and turn off echo */
+ sigemptyset(&nset);
+ sigaddset(&nset, SIGINT);
+ sigaddset(&nset, SIGTSTP);
+ (void) sigprocmask(SIG_BLOCK, &nset, &oset);
+
+ if (tcgetattr(input, &tio) == 0 && (tio.c_lflag & ECHO)) {
+ echo = 1;
+ saved_tio = tio;
+ tio.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
+ (void) tcsetattr(input, TCSANOW, &tio);
}
- /* Display the prompt (on stderr because stdout might be redirected). */
fflush(stdout);
- fprintf(stderr, "%s", prompt);
- fflush(stderr);
- /* Get terminal modes. */
- tcgetattr(fileno(f), &tio);
- saved_tio = tio;
- /* Save signal handler and set the new handler. */
- old_handler = signal(SIGINT, intr_handler);
+ (void)write(output, prompt, strlen(prompt));
+ for (p = buf; read(input, &ch, 1) == 1 && ch != '\n';)
+ if (p < buf + sizeof(buf) - 1)
+ *p++ = ch;
+ *p = '\0';
+ (void)write(output, "\n", 1);
- /* Set new terminal modes disabling all echo. */
- tio.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
- tcsetattr(fileno(f), TCSANOW, &tio);
+ /* restore terminal modes and allow signals */
+ if (echo)
+ tcsetattr(input, TCSANOW, &saved_tio);
+ (void) sigprocmask(SIG_SETMASK, &oset, NULL);
- /* Read the passphrase from the terminal. */
- if (fgets(buf, sizeof(buf), f) == NULL) {
- /* Got EOF. Just exit. */
- /* Restore terminal modes. */
- tcsetattr(fileno(f), TCSANOW, &saved_tio);
- /* Restore the signal handler. */
- signal(SIGINT, old_handler);
- /* Print a newline (the prompt probably didn\'t have one). */
- fprintf(stderr, "\n");
- /* Close the file. */
- if (f != stdin)
- fclose(f);
- exit(1);
- }
- /* Restore terminal modes. */
- tcsetattr(fileno(f), TCSANOW, &saved_tio);
- /* Restore the signal handler. */
- (void) signal(SIGINT, old_handler);
- /* Remove newline from the passphrase. */
- if (strchr(buf, '\n'))
- *strchr(buf, '\n') = 0;
- /* Allocate a copy of the passphrase. */
- cp = xstrdup(buf);
- /*
- * Clear the buffer so we don\'t leave copies of the passphrase
- * laying around.
- */
+ if (!from_stdin)
+ (void)close(input);
+ p = xstrdup(buf);
memset(buf, 0, sizeof(buf));
- /* Print a newline since the prompt probably didn\'t have one. */
- fprintf(stderr, "\n");
- /* Close the file. */
- if (f != stdin)
- fclose(f);
- return cp;
+ return (p);
}
diff --git a/sshd.c b/sshd.c
index 2ff8f45..55608c0 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,9 @@
*/
#include "includes.h"
-RCSID("$Id: sshd.c,v 1.36 1999/12/08 23:16:55 damien Exp $");
+RCSID("$Id: sshd.c,v 1.37 1999/12/08 23:31:37 damien Exp $");
+
+#include <poll.h>
#include "xmalloc.h"
#include "rsa.h"
@@ -419,6 +421,7 @@
int opt, aux, sock_in, sock_out, newsock, i, pid, on = 1;
int remote_major, remote_minor;
int silentrsa = 0;
+ struct pollfd fds;
struct sockaddr_in sin;
char buf[100]; /* Must not be larger than remote_version. */
char remote_version[100]; /* Must be at least as big as buf. */
@@ -688,7 +691,18 @@
for (;;) {
if (received_sighup)
sighup_restart();
- /* Wait in accept until there is a connection. */
+ /* Wait in poll until there is a connection. */
+ memset(&fds, 0, sizeof(fds));
+ fds.fd = listen_sock;
+ fds.events = POLLIN;
+ if (poll(&fds, 1, -1) == -1) {
+ if (errno == EINTR)
+ continue;
+ fatal("poll: %.100s", strerror(errno));
+ /*NOTREACHED*/
+ }
+ if (fds.revents == 0)
+ continue;
aux = sizeof(sin);
newsock = accept(listen_sock, (struct sockaddr *) & sin, &aux);
if (received_sighup)
@@ -1026,9 +1040,12 @@
/* Read clients reply (cipher type and session key). */
packet_read_expect(&plen, SSH_CMSG_SESSION_KEY);
- /* Get cipher type. */
+ /* Get cipher type and check whether we accept this. */
cipher_type = packet_get_char();
+ if (!(cipher_mask() & (1 << cipher_type)))
+ packet_disconnect("Warning: client selects unsupported cipher.");
+
/* Get check bytes from the packet. These must match those we
sent earlier with the public key packet. */
for (i = 0; i < 8; i++)