From 4893f9515da2696490e6bbe9aaf51f2ef9678b0f Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 24 Aug 2017 16:28:39 +0200 Subject: [PATCH 2/2] ssh_options_set_algo: ensure we only set known algorithms internally That way, we will not fail later on key exchange phase when something unknown is negotiated. Fixes T37 Signed-off-by: Nikos Mavrogiannopoulos Reviewed-by: Andreas Schneider (cherry picked from commit 895055ab38e7716390019aae5e11771a88b99d26) Signed-off-by: Mihai Moldovan --- include/libssh/kex.h | 1 + src/kex.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++ src/options.c | 11 ++++---- 3 files changed, 81 insertions(+), 6 deletions(-) diff --git a/include/libssh/kex.h b/include/libssh/kex.h index 1a5b6d41..23594985 100644 --- a/include/libssh/kex.h +++ b/include/libssh/kex.h @@ -41,6 +41,7 @@ void ssh_list_kex(struct ssh_kex_struct *kex); int set_client_kex(ssh_session session); int ssh_kex_select_methods(ssh_session session); int verify_existing_algo(int algo, const char *name); +char *keep_known_algos(int algo, const char *list); char **space_tokenize(const char *chain); int ssh_get_kex1(ssh_session session); char *ssh_find_matching(const char *in_d, const char *what_d); diff --git a/src/kex.c b/src/kex.c index 519d79ce..f0c9d067 100644 --- a/src/kex.c +++ b/src/kex.c @@ -281,6 +281,71 @@ char *ssh_find_matching(const char *available_d, const char *preferred_d){ return NULL; } +static char *ssh_find_all_matching(const char *available_d, + const char *preferred_d) +{ + char **tok_available, **tok_preferred; + int i_avail, i_pref; + char *ret; + unsigned max, len, pos = 0; + + if ((available_d == NULL) || (preferred_d == NULL)) { + return NULL; /* don't deal with null args */ + } + + max = MAX(strlen(available_d), strlen(preferred_d)); + + ret = malloc(max+1); + if (ret == NULL) { + return NULL; + } + ret[0] = 0; + + tok_available = tokenize(available_d); + if (tok_available == NULL) { + SAFE_FREE(ret); + return NULL; + } + + tok_preferred = tokenize(preferred_d); + if (tok_preferred == NULL) { + SAFE_FREE(ret); + SAFE_FREE(tok_available[0]); + SAFE_FREE(tok_available); + return NULL; + } + + for (i_pref = 0; tok_preferred[i_pref] ; ++i_pref) { + for (i_avail = 0; tok_available[i_avail]; ++i_avail) { + int cmp = strcmp(tok_available[i_avail],tok_preferred[i_pref]); + if (cmp == 0) { + /* match */ + if (pos != 0) { + ret[pos] = ','; + pos++; + } + + len = strlen(tok_available[i_avail]); + memcpy(&ret[pos], tok_available[i_avail], len); + pos += len; + ret[pos] = '\0'; + } + } + } + + if (ret[0] == '\0') { + SAFE_FREE(ret); + ret = NULL; + } + + SAFE_FREE(tok_available[0]); + SAFE_FREE(tok_preferred[0]); + SAFE_FREE(tok_available); + SAFE_FREE(tok_preferred); + + return ret; +} + /** * @internal * @brief returns whether the first client key exchange algorithm or @@ -668,4 +733,14 @@ int verify_existing_algo(int algo, const char *name){ return 0; } +/* returns a copy of the provided list if everything is supported, + * otherwise a new list of the supported algorithms */ +char *keep_known_algos(int algo, const char *list) +{ + if ((algo > 9) || (algo < 0)) { + return NULL; + } + + return ssh_find_all_matching(supported_methods[algo], list); +} /* vim: set ts=2 sw=2 et cindent: */ diff --git a/src/options.c b/src/options.c index aed2dda5..34fe9cc7 100644 --- a/src/options.c +++ b/src/options.c @@ -164,7 +164,10 @@ int ssh_options_copy(ssh_session src, ssh_session *dest) { int ssh_options_set_algo(ssh_session session, int algo, const char *list) { - if (!verify_existing_algo(algo, list)) { + char *p = NULL; + + p = keep_known_algos(algo, list); + if (p == NULL) { ssh_set_error(session, SSH_REQUEST_DENIED, "Setting method: no algorithm for method \"%s\" (%s)\n", ssh_kex_get_description(algo), list); @@ -172,11 +175,7 @@ int ssh_options_set_algo(ssh_session session, int algo, } SAFE_FREE(session->opts.wanted_methods[algo]); - session->opts.wanted_methods[algo] = strdup(list); - if (session->opts.wanted_methods[algo] == NULL) { - ssh_set_error_oom(session); - return -1; - } + session->opts.wanted_methods[algo] = p; return 0; } -- 2.15.1