📄 ssh.c
字号:
(st->pktin->type == SSH1_SMSG_STDERR_DATA)) {
do_blank = TRUE; blank_prefix = 0;
} else if (st->pktin->type == SSH1_MSG_CHANNEL_DATA) {
do_blank = TRUE; blank_prefix = 4;
}
if (do_blank) {
blank.offset = blank_prefix;
blank.len = st->pktin->length;
blank.type = PKTLOG_OMIT;
nblanks = 1;
}
}
log_packet(ssh->logctx,
PKT_INCOMING, st->pktin->type,
ssh1_pkt_type(st->pktin->type),
st->pktin->body, st->pktin->length,
nblanks, &blank);
}
crFinish(st->pktin);
}
static struct Packet *ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
{
struct rdpkt2_state_tag *st = &ssh->rdpkt2_state;
crBegin(ssh->ssh2_rdpkt_crstate);
st->pktin = ssh_new_packet();
st->pktin->type = 0;
st->pktin->length = 0;
if (ssh->sccipher)
st->cipherblk = ssh->sccipher->blksize;
else
st->cipherblk = 8;
if (st->cipherblk < 8)
st->cipherblk = 8;
st->pktin->data = snewn(st->cipherblk + APIEXTRA, unsigned char);
/*
* Acquire and decrypt the first block of the packet. This will
* contain the length and padding details.
*/
for (st->i = st->len = 0; st->i < st->cipherblk; st->i++) {
while ((*datalen) == 0)
crReturn(NULL);
st->pktin->data[st->i] = *(*data)++;
(*datalen)--;
}
if (ssh->sccipher)
ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
st->pktin->data, st->cipherblk);
/*
* Now get the length and padding figures.
*/
st->len = GET_32BIT(st->pktin->data);
st->pad = st->pktin->data[4];
/*
* _Completely_ silly lengths should be stomped on before they
* do us any more damage.
*/
if (st->len < 0 || st->len > 35000 || st->pad < 4 ||
st->len - st->pad < 1 || (st->len + 4) % st->cipherblk != 0) {
bombout(("Incoming packet was garbled on decryption"));
ssh_free_packet(st->pktin);
crStop(NULL);
}
/*
* This enables us to deduce the payload length.
*/
st->payload = st->len - st->pad - 1;
st->pktin->length = st->payload + 5;
/*
* So now we can work out the total packet length.
*/
st->packetlen = st->len + 4;
st->maclen = ssh->scmac ? ssh->scmac->len : 0;
/*
* Allocate memory for the rest of the packet.
*/
st->pktin->maxlen = st->packetlen + st->maclen;
st->pktin->data = sresize(st->pktin->data,
st->pktin->maxlen + APIEXTRA,
unsigned char);
/*
* Read and decrypt the remainder of the packet.
*/
for (st->i = st->cipherblk; st->i < st->packetlen + st->maclen;
st->i++) {
while ((*datalen) == 0)
crReturn(NULL);
st->pktin->data[st->i] = *(*data)++;
(*datalen)--;
}
/* Decrypt everything _except_ the MAC. */
if (ssh->sccipher)
ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
st->pktin->data + st->cipherblk,
st->packetlen - st->cipherblk);
st->pktin->encrypted_len = st->packetlen;
/*
* Check the MAC.
*/
if (ssh->scmac
&& !ssh->scmac->verify(ssh->sc_mac_ctx, st->pktin->data, st->len + 4,
st->incoming_sequence)) {
bombout(("Incorrect MAC received on packet"));
ssh_free_packet(st->pktin);
crStop(NULL);
}
st->pktin->sequence = st->incoming_sequence++;
/*
* Decompress packet payload.
*/
{
unsigned char *newpayload;
int newlen;
if (ssh->sccomp &&
ssh->sccomp->decompress(ssh->sc_comp_ctx,
st->pktin->data + 5, st->pktin->length - 5,
&newpayload, &newlen)) {
if (st->pktin->maxlen < newlen + 5) {
st->pktin->maxlen = newlen + 5;
st->pktin->data = sresize(st->pktin->data,
st->pktin->maxlen + APIEXTRA,
unsigned char);
}
st->pktin->length = 5 + newlen;
memcpy(st->pktin->data + 5, newpayload, newlen);
sfree(newpayload);
}
}
st->pktin->savedpos = 6;
st->pktin->body = st->pktin->data;
st->pktin->type = st->pktin->data[5];
/*
* Log incoming packet, possibly omitting sensitive fields.
*/
if (ssh->logctx) {
int nblanks = 0;
struct logblank_t blank;
if (ssh->cfg.logomitdata) {
int do_blank = FALSE, blank_prefix = 0;
/* "Session data" packets - omit the data field */
if (st->pktin->type == SSH2_MSG_CHANNEL_DATA) {
do_blank = TRUE; blank_prefix = 4;
} else if (st->pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA) {
do_blank = TRUE; blank_prefix = 8;
}
if (do_blank) {
blank.offset = blank_prefix;
blank.len = (st->pktin->length-6) - blank_prefix;
blank.type = PKTLOG_OMIT;
nblanks = 1;
}
}
log_packet(ssh->logctx, PKT_INCOMING, st->pktin->type,
ssh2_pkt_type(ssh->pkt_ctx, st->pktin->type),
st->pktin->data+6, st->pktin->length-6,
nblanks, &blank);
}
crFinish(st->pktin);
}
static int s_wrpkt_prepare(Ssh ssh, struct Packet *pkt, int *offset_p)
{
int pad, biglen, i, pktoffs;
unsigned long crc;
#ifdef __SC__
/*
* XXX various versions of SC (including 8.8.4) screw up the
* register allocation in this function and use the same register
* (D6) for len and as a temporary, with predictable results. The
* following sledgehammer prevents this.
*/
volatile
#endif
int len;
if (ssh->logctx)
log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[12],
ssh1_pkt_type(pkt->data[12]),
pkt->body, pkt->length - (pkt->body - pkt->data),
pkt->nblanks, pkt->blanks);
sfree(pkt->blanks); pkt->blanks = NULL;
pkt->nblanks = 0;
if (ssh->v1_compressing) {
unsigned char *compblk;
int complen;
zlib_compress_block(ssh->cs_comp_ctx,
pkt->data + 12, pkt->length - 12,
&compblk, &complen);
memcpy(pkt->data + 12, compblk, complen);
sfree(compblk);
pkt->length = complen + 12;
}
ssh_pkt_ensure(pkt, pkt->length + 4); /* space for CRC */
pkt->length += 4;
len = pkt->length - 4 - 8; /* len(type+data+CRC) */
pad = 8 - (len % 8);
pktoffs = 8 - pad;
biglen = len + pad; /* len(padding+type+data+CRC) */
for (i = pktoffs; i < 4+8; i++)
pkt->data[i] = random_byte();
crc = crc32_compute(pkt->data + pktoffs + 4, biglen - 4); /* all ex len */
PUT_32BIT(pkt->data + pktoffs + 4 + biglen - 4, crc);
PUT_32BIT(pkt->data + pktoffs, len);
if (ssh->cipher)
ssh->cipher->encrypt(ssh->v1_cipher_ctx,
pkt->data + pktoffs + 4, biglen);
if (offset_p) *offset_p = pktoffs;
return biglen + 4; /* len(length+padding+type+data+CRC) */
}
static int s_write(Ssh ssh, void *data, int len)
{
log_packet(ssh->logctx, PKT_OUTGOING, -1, NULL, data, len, 0, NULL);
return sk_write(ssh->s, (char *)data, len);
}
static void s_wrpkt(Ssh ssh, struct Packet *pkt)
{
int len, backlog, offset;
len = s_wrpkt_prepare(ssh, pkt, &offset);
backlog = s_write(ssh, pkt->data + offset, len);
if (backlog > SSH_MAX_BACKLOG)
ssh_throttle_all(ssh, 1, backlog);
ssh_free_packet(pkt);
}
static void s_wrpkt_defer(Ssh ssh, struct Packet *pkt)
{
int len, offset;
len = s_wrpkt_prepare(ssh, pkt, &offset);
if (ssh->deferred_len + len > ssh->deferred_size) {
ssh->deferred_size = ssh->deferred_len + len + 128;
ssh->deferred_send_data = sresize(ssh->deferred_send_data,
ssh->deferred_size,
unsigned char);
}
memcpy(ssh->deferred_send_data + ssh->deferred_len,
pkt->data + offset, len);
ssh->deferred_len += len;
ssh_free_packet(pkt);
}
/*
* Construct a SSH-1 packet with the specified contents.
* (This all-at-once interface used to be the only one, but now SSH-1
* packets can also be constructed incrementally.)
*/
static struct Packet *construct_packet(Ssh ssh, int pkttype, va_list ap)
{
int argtype;
Bignum bn;
struct Packet *pkt;
pkt = ssh1_pkt_init(pkttype);
while ((argtype = va_arg(ap, int)) != PKT_END) {
unsigned char *argp, argchar;
char *sargp;
unsigned long argint;
int arglen;
switch (argtype) {
/* Actual fields in the packet */
case PKT_INT:
argint = va_arg(ap, int);
ssh_pkt_adduint32(pkt, argint);
break;
case PKT_CHAR:
argchar = (unsigned char) va_arg(ap, int);
ssh_pkt_addbyte(pkt, argchar);
break;
case PKT_DATA:
argp = va_arg(ap, unsigned char *);
arglen = va_arg(ap, int);
ssh_pkt_adddata(pkt, argp, arglen);
break;
case PKT_STR:
sargp = va_arg(ap, char *);
ssh_pkt_addstring(pkt, sargp);
break;
case PKT_BIGNUM:
bn = va_arg(ap, Bignum);
ssh1_pkt_addmp(pkt, bn);
break;
/* Tokens for modifications to packet logging */
case PKTT_PASSWORD:
dont_log_password(ssh, pkt, PKTLOG_BLANK);
break;
case PKTT_DATA:
dont_log_data(ssh, pkt, PKTLOG_OMIT);
break;
case PKTT_OTHER:
end_log_omission(ssh, pkt);
break;
}
}
return pkt;
}
static void send_packet(Ssh ssh, int pkttype, ...)
{
struct Packet *pkt;
va_list ap;
va_start(ap, pkttype);
pkt = construct_packet(ssh, pkttype, ap);
va_end(ap);
s_wrpkt(ssh, pkt);
}
static void defer_packet(Ssh ssh, int pkttype, ...)
{
struct Packet *pkt;
va_list ap;
va_start(ap, pkttype);
pkt = construct_packet(ssh, pkttype, ap);
va_end(ap);
s_wrpkt_defer(ssh, pkt);
}
static int ssh_versioncmp(char *a, char *b)
{
char *ae, *be;
unsigned long av, bv;
av = strtoul(a, &ae, 10);
bv = strtoul(b, &be, 10);
if (av != bv)
return (av < bv ? -1 : +1);
if (*ae == '.')
ae++;
if (*be == '.')
be++;
av = strtoul(ae, &ae, 10);
bv = strtoul(be, &be, 10);
if (av != bv)
return (av < bv ? -1 : +1);
return 0;
}
/*
* Utility routines for putting an SSH-protocol `string' and
* `uint32' into a hash state.
*/
static void hash_string(const struct ssh_hash *h, void *s, void *str, int len)
{
unsigned char lenblk[4];
PUT_32BIT(lenblk, len);
h->bytes(s, lenblk, 4);
h->bytes(s, str, len);
}
static void hash_uint32(const struct ssh_hash *h, void *s, unsigned i)
{
unsigned char intblk[4];
PUT_32BIT(intblk, i);
h->bytes(s, intblk, 4);
}
/*
* Packet construction functions. Mostly shared between SSH-1 and SSH-2.
*/
static void ssh_pkt_ensure(struct Packet *pkt, int length)
{
if (pkt->maxlen < length) {
unsigned char *body = pkt->body;
int offset = body ? body - pkt->data : 0;
pkt->maxlen = length + 256;
pkt->data = sresize(pkt->data, pkt->maxlen + APIEXTRA, unsigned char);
if (body) pkt->body = pkt->data + offset;
}
}
static void ssh_pkt_adddata(struct Packet *pkt, void *data, int len)
{
if (pkt->logmode != PKTLOG_EMIT) {
pkt->nblanks++;
pkt->blanks = sresize(pkt->blanks, pkt->nblanks, struct logblank_t);
assert(pkt->body);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -