1
1

misc: relax fatal errors in ssh_analyze_banner

Relax the cases where `ssh_analyze_banner` fails to extract a
major and minor version from banners which appear like OpenSSH
banners.

Update the tests to demonstrate that now a banner as might be
sent by `ssh-keyscan(1)` ("SSH-2.0-OpenSSH-keyscan") no longer
returns failure.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Этот коммит содержится в:
Jon Simons 2017-07-11 19:34:18 -04:00 коммит произвёл Andreas Schneider
родитель e66f370682
Коммит 380390c4b6
2 изменённых файлов: 26 добавлений и 31 удалений

Просмотреть файл

@ -844,6 +844,7 @@ int ssh_analyze_banner(ssh_session session, int server, int *ssh1, int *ssh2) {
return -1; return -1;
} }
/* Make a best-effort to extract OpenSSH version numbers. */
openssh = strstr(banner, "OpenSSH"); openssh = strstr(banner, "OpenSSH");
if (openssh != NULL) { if (openssh != NULL) {
char *tmp = NULL; char *tmp = NULL;
@ -861,11 +862,8 @@ int ssh_analyze_banner(ssh_session session, int server, int *ssh1, int *ssh2) {
((errno == ERANGE) && (major == ULONG_MAX)) || ((errno == ERANGE) && (major == ULONG_MAX)) ||
((errno != 0) && (major == 0)) || ((errno != 0) && (major == 0)) ||
((major < 1) || (major > 100))) { ((major < 1) || (major > 100))) {
ssh_set_error(session, /* invalid major */
SSH_FATAL, goto done;
"Invalid major version number: %s",
banner);
return -1;
} }
minor = strtoul(openssh + 10, &tmp, 10); minor = strtoul(openssh + 10, &tmp, 10);
@ -873,12 +871,10 @@ int ssh_analyze_banner(ssh_session session, int server, int *ssh1, int *ssh2) {
((errno == ERANGE) && (major == ULONG_MAX)) || ((errno == ERANGE) && (major == ULONG_MAX)) ||
((errno != 0) && (major == 0)) || ((errno != 0) && (major == 0)) ||
(minor > 100)) { (minor > 100)) {
ssh_set_error(session, /* invalid minor */
SSH_FATAL, goto done;
"Invalid minor version number: %s",
banner);
return -1;
} }
session->openssh = SSH_VERSION_INT(((int) major), ((int) minor), 0); session->openssh = SSH_VERSION_INT(((int) major), ((int) minor), 0);
SSH_LOG(SSH_LOG_RARE, SSH_LOG(SSH_LOG_RARE,
@ -887,6 +883,7 @@ int ssh_analyze_banner(ssh_session session, int server, int *ssh1, int *ssh2) {
} }
} }
done:
return 0; return 0;
} }

Просмотреть файл

@ -315,35 +315,33 @@ static void torture_ssh_analyze_banner(void **state) {
assert_server_banner_accepted("SSH-2.0-OpenSSH_1.99", 0, 1); assert_server_banner_accepted("SSH-2.0-OpenSSH_1.99", 0, 1);
assert_int_equal(SSH_VERSION_INT(1, 99, 0), session->openssh); assert_int_equal(SSH_VERSION_INT(1, 99, 0), session->openssh);
/* OpenSSH banners: major, minor version limits */ /* OpenSSH banners: major, minor version limits result in zero */
reset_banner_test(); assert_client_banner_accepted("SSH-2.0-OpenSSH_0.99p1", 0, 1);
assert_client_banner_rejected("SSH-2.0-OpenSSH_0.99p1"); assert_int_equal(0, session->openssh);
reset_banner_test(); assert_server_banner_accepted("SSH-2.0-OpenSSH_0.99p1", 0, 1);
assert_server_banner_rejected("SSH-2.0-OpenSSH_0.99p1"); assert_int_equal(0, session->openssh);
reset_banner_test(); assert_client_banner_accepted("SSH-2.0-OpenSSH_1.101p1", 0, 1);
assert_client_banner_rejected("SSH-2.0-OpenSSH_1.101p1"); assert_int_equal(0, session->openssh);
reset_banner_test(); assert_server_banner_accepted("SSH-2.0-OpenSSH_1.101p1", 0, 1);
assert_server_banner_rejected("SSH-2.0-OpenSSH_1.101p1"); assert_int_equal(0, session->openssh);
/* OpenSSH banners: bogus major */ /* OpenSSH banners: bogus major results in zero */
reset_banner_test(); assert_client_banner_accepted("SSH-2.0-OpenSSH_X.9p1", 0, 1);
assert_client_banner_rejected("SSH-2.0-OpenSSH_X.9p1"); assert_int_equal(0, session->openssh);
reset_banner_test(); assert_server_banner_accepted("SSH-2.0-OpenSSH_X.9p1", 0, 1);
assert_server_banner_rejected("SSH-2.0-OpenSSH_X.9p1"); assert_int_equal(0, session->openssh);
/* OpenSSH banners: bogus minor */ /* OpenSSH banners: bogus minor results in zero */
reset_banner_test(); assert_server_banner_accepted("SSH-2.0-OpenSSH_5.Yp1", 0, 1);
assert_server_banner_rejected("SSH-2.0-OpenSSH_5.Yp1"); assert_int_equal(0, session->openssh);
reset_banner_test(); assert_client_banner_accepted("SSH-2.0-OpenSSH_5.Yp1", 0, 1);
assert_client_banner_rejected("SSH-2.0-OpenSSH_5.Yp1"); assert_int_equal(0, session->openssh);
/* OpenSSH banners: ssh-keyscan(1) */ /* OpenSSH banners: ssh-keyscan(1) */
#if 0 /* these don't pass */
assert_client_banner_accepted("SSH-2.0-OpenSSH-keyscan", 0, 1); assert_client_banner_accepted("SSH-2.0-OpenSSH-keyscan", 0, 1);
assert_int_equal(0, session->openssh); assert_int_equal(0, session->openssh);
assert_server_banner_accepted("SSH-2.0-OpenSSH-keyscan", 0, 1); assert_server_banner_accepted("SSH-2.0-OpenSSH-keyscan", 0, 1);
assert_int_equal(0, session->openssh); assert_int_equal(0, session->openssh);
#endif /* these don't pass */
ssh_free(session); ssh_free(session);
} }