- deraadt@cvs.openbsd.org 2001/03/10 15:31:00
[compat.c compat.h sshconnect.c]
all known netscreen ssh versions, and older versions of OSU ssh cannot
handle password padding (newer OSU is fixed)
diff --git a/ChangeLog b/ChangeLog
index 9141564..5810944 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,10 @@
- stevesk@cvs.openbsd.org 2001/03/10 15:02:05
[ttymodes.c ttymodes.h]
remove unused sgtty macros; ok markus@
+ - deraadt@cvs.openbsd.org 2001/03/10 15:31:00
+ [compat.c compat.h sshconnect.c]
+ all known netscreen ssh versions, and older versions of OSU ssh cannot
+ handle password padding (newer OSU is fixed)
20010310
- OpenBSD CVS Sync
@@ -4480,4 +4484,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.936 2001/03/10 17:17:28 mouring Exp $
+$Id: ChangeLog,v 1.937 2001/03/10 17:22:20 mouring Exp $
diff --git a/compat.c b/compat.c
index 38fc526..5f0d7cd 100644
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.37 2001/03/08 21:42:31 markus Exp $");
+RCSID("$OpenBSD: compat.c,v 1.38 2001/03/10 15:31:00 deraadt Exp $");
#ifdef HAVE_LIBPCRE
# include <pcreposix.h>
@@ -84,13 +84,19 @@
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKAUTH|SSH_BUG_PKOK },
- { "^2\\.[23]\\.0", SSH_BUG_HMAC},
+ { "^2\\.[23]\\.0", SSH_BUG_HMAC },
{ "^2\\.[2-9]\\.", 0 },
- { "^2\\.4$", SSH_OLD_SESSIONID}, /* Van Dyke */
- { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID},
- { "^1\\.7 SecureFX", SSH_OLD_SESSIONID},
- { "^1\\.2\\.1[89]", SSH_BUG_IGNOREMSG},
- { "^1\\.2\\.2[012]", SSH_BUG_IGNOREMSG},
+ { "^2\\.4$", SSH_OLD_SESSIONID }, /* Van Dyke */
+ { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID },
+ { "^1\\.7 SecureFX", SSH_OLD_SESSIONID },
+ { "^1\\.2\\.1[89]", SSH_BUG_IGNOREMSG },
+ { "^1\\.2\\.2[012]", SSH_BUG_IGNOREMSG },
+ { "^SSH Compatible Server", /* Netscreen */
+ SSH_BUG_PASSWORDPAD },
+ { "^OSU_0", SSH_BUG_PASSWORDPAD },
+ { "^OSU_1\\.[0-4]", SSH_BUG_PASSWORDPAD },
+ { "^OSU_1\\.5alpha[1-3]",
+ SSH_BUG_PASSWORDPAD },
{ NULL, 0 }
};
/* process table, return first match */
diff --git a/compat.h b/compat.h
index 9359d4b..a1fdbe7 100644
--- a/compat.h
+++ b/compat.h
@@ -21,7 +21,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* RCSID("$OpenBSD: compat.h,v 1.16 2001/03/08 21:42:32 markus Exp $"); */
+/* RCSID("$OpenBSD: compat.h,v 1.17 2001/03/10 15:31:00 deraadt Exp $"); */
#ifndef COMPAT_H
#define COMPAT_H
@@ -41,6 +41,7 @@
#define SSH_BUG_BANNER 0x0080
#define SSH_BUG_IGNOREMSG 0x0100
#define SSH_BUG_PKOK 0x0200
+#define SSH_BUG_PASSWORDPAD 0x0400
void enable_compat13(void);
void enable_compat20(void);
diff --git a/sshconnect.c b/sshconnect.c
index 9962d49..573ae76 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.98 2001/03/04 17:42:28 millert Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.99 2001/03/10 15:31:00 deraadt Exp $");
#include <openssl/bn.h>
@@ -777,6 +777,10 @@
int size;
char *padded;
+ if (datafellows & SSH_BUG_PASSWORDPAD) {
+ packet_put_string(password, strlen(password));
+ return;
+ }
size = roundup(strlen(password) + 1, 32);
padded = xmalloc(size);
memset(padded, 0, size);