Add more error checks to ssh_get_kex().
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@421 7dcaeef0-15fb-0310-b436-a5af3365683c
Этот коммит содержится в:
Andreas Schneider
родитель
efc3c494cc
Коммит
d51dc0d80e
@ -351,7 +351,7 @@ int ssh_connect(SSH_SESSION *session){
|
|||||||
set_status(options,0.5);
|
set_status(options,0.5);
|
||||||
switch(session->version){
|
switch(session->version){
|
||||||
case 2:
|
case 2:
|
||||||
if(ssh_get_kex(session,0)){
|
if(ssh_get_kex(session,0) < 0) {
|
||||||
ssh_socket_close(session->socket);
|
ssh_socket_close(session->socket);
|
||||||
session->alive=0;
|
session->alive=0;
|
||||||
leave_function();
|
leave_function();
|
||||||
|
|||||||
50
libssh/kex.c
50
libssh/kex.c
@ -230,36 +230,49 @@ char *ssh_find_matching(const char *in_d, const char *what_d){
|
|||||||
}
|
}
|
||||||
|
|
||||||
int ssh_get_kex(SSH_SESSION *session, int server_kex) {
|
int ssh_get_kex(SSH_SESSION *session, int server_kex) {
|
||||||
STRING *str;
|
STRING *str = NULL;
|
||||||
char *strings[10];
|
char *strings[10];
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
enter_function();
|
enter_function();
|
||||||
|
|
||||||
if (packet_wait(session, SSH2_MSG_KEXINIT, 1)) {
|
if (packet_wait(session, SSH2_MSG_KEXINIT, 1)) {
|
||||||
leave_function();
|
leave_function();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (buffer_get_data(session->in_buffer,session->server_kex.cookie,16) != 16) {
|
if (buffer_get_data(session->in_buffer,session->server_kex.cookie,16) != 16) {
|
||||||
ssh_set_error(session, SSH_FATAL, "get_kex(): no cookie in packet");
|
ssh_set_error(session, SSH_FATAL, "get_kex(): no cookie in packet");
|
||||||
leave_function();
|
leave_function();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (hashbufin_add_cookie(session, session->server_kex.cookie) < 0) {
|
if (hashbufin_add_cookie(session, session->server_kex.cookie) < 0) {
|
||||||
ssh_set_error(session, SSH_FATAL, "get_kex(): adding cookie failed");
|
ssh_set_error(session, SSH_FATAL, "get_kex(): adding cookie failed");
|
||||||
leave_function();
|
leave_function();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(strings, 0, sizeof(char *) * 10);
|
memset(strings, 0, sizeof(char *) * 10);
|
||||||
for(i=0;i<10;++i){
|
|
||||||
|
for (i = 0; i < 10; i++) {
|
||||||
str = buffer_get_ssh_string(session->in_buffer);
|
str = buffer_get_ssh_string(session->in_buffer);
|
||||||
if(!str)
|
if (str == NULL) {
|
||||||
break;
|
break;
|
||||||
if(str){
|
|
||||||
buffer_add_ssh_string(session->in_hashbuf,str);
|
|
||||||
strings[i]=string_to_char(str);
|
|
||||||
free(str);
|
|
||||||
} else
|
|
||||||
strings[i]=NULL;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (buffer_add_ssh_string(session->in_hashbuf, str) < 0) {
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
strings[i] = string_to_char(str);
|
||||||
|
if (strings[i] == NULL) {
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
string_free(str);
|
||||||
|
str = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
/* copy the server kex info into an array of strings */
|
/* copy the server kex info into an array of strings */
|
||||||
if (server_kex) {
|
if (server_kex) {
|
||||||
session->client_kex.methods = malloc(10 * sizeof(char **));
|
session->client_kex.methods = malloc(10 * sizeof(char **));
|
||||||
@ -267,19 +280,32 @@ int ssh_get_kex(SSH_SESSION *session,int server_kex ){
|
|||||||
leave_function();
|
leave_function();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
for(i=0;i<10;++i)
|
|
||||||
|
for (i = 0; i < 10; i++) {
|
||||||
session->client_kex.methods[i] = strings[i];
|
session->client_kex.methods[i] = strings[i];
|
||||||
} else { // client
|
}
|
||||||
|
} else { /* client */
|
||||||
session->server_kex.methods = malloc(10 * sizeof(char **));
|
session->server_kex.methods = malloc(10 * sizeof(char **));
|
||||||
if (session->server_kex.methods == NULL) {
|
if (session->server_kex.methods == NULL) {
|
||||||
leave_function();
|
leave_function();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
for(i=0;i<10;++i)
|
|
||||||
|
for (i = 0; i < 10; i++) {
|
||||||
session->server_kex.methods[i] = strings[i];
|
session->server_kex.methods[i] = strings[i];
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
leave_function();
|
leave_function();
|
||||||
return 0;
|
return 0;
|
||||||
|
error:
|
||||||
|
string_free(str);
|
||||||
|
for (i = 0; i < 10; i++) {
|
||||||
|
SAFE_FREE(strings[i]);
|
||||||
|
}
|
||||||
|
|
||||||
|
leave_function();
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void ssh_list_kex(struct ssh_session *session, KEX *kex) {
|
void ssh_list_kex(struct ssh_session *session, KEX *kex) {
|
||||||
|
|||||||
@ -339,8 +339,9 @@ int ssh_accept(SSH_SESSION *session){
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
ssh_send_kex(session,1);
|
ssh_send_kex(session,1);
|
||||||
if(ssh_get_kex(session,1))
|
if(ssh_get_kex(session,1) < 0) {
|
||||||
return -1;
|
return -1;
|
||||||
|
}
|
||||||
ssh_list_kex(session, &session->client_kex);
|
ssh_list_kex(session, &session->client_kex);
|
||||||
crypt_set_algorithms_server(session);
|
crypt_set_algorithms_server(session);
|
||||||
if(dh_handshake_server(session))
|
if(dh_handshake_server(session))
|
||||||
|
|||||||
Загрузка…
x
Ссылка в новой задаче
Block a user