Mercurial > dropbear
changeset 1069:2fa71c3b2827 pam
merge pam branch up to date
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Mon, 16 Mar 2015 21:34:05 +0800 (2015-03-16) |
parents | 9a6395ddb1b6 (current diff) ce21d0bfaf98 (diff) |
children | 16379795f80b |
files | auth.h buffer.c buffer.h cli-session.c common-session.c options.h session.h svr-session.c sysoptions.h |
diffstat | 85 files changed, 1409 insertions(+), 824 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgsigs Fri Jan 23 22:32:49 2015 +0800 +++ b/.hgsigs Mon Mar 16 21:34:05 2015 +0800 @@ -13,3 +13,4 @@ 96584b934d04ebab443f603e78d38fe692d36313 0 iEYEABECAAYFAlPVFrQACgkQjPn4sExkf7xr6ACglRiLE21vRrS1rJ809o2yMADIKtwAn1f5SyZUngSde8eE55JxCMwtMC5m caac692b366c153cea0e9cd59aa2d79a7d843d4e 0 iEYEABECAAYFAlPk1mcACgkQjPn4sExkf7wLpgCeOqMYqpkf4lYUuyrn9VYThNpc7PkAn3JOSNgIqkKUcmSy6FstrI8jwJzq 2d421bc0545d1be6d59a4ebfe61606d94b124b0c 0 iEYEABECAAYFAlRJDCQACgkQjPn4sExkf7xUYACcCwVJkYWXJn5x/D5A+qMupy778lEAn0rg1oNiq96YU/4jOPsS5IMItihu +1d2d81b1b7c1b100e9c369e40b9fa5b2d491eea9 0 iEYEABECAAYFAlTKOKUACgkQjPn4sExkf7xWMACfYFozyHiRk5GaocTa5z6Ws1uyB4kAoLubxoxcnM3E7AA9mHAzc3OB5M0Y
--- a/.hgtags Fri Jan 23 22:32:49 2015 +0800 +++ b/.hgtags Mon Mar 16 21:34:05 2015 +0800 @@ -46,3 +46,4 @@ 0d2d39957c029adb7f4327d37fe6b4900f0736d9 DROPBEAR_2014.64 e9579816f20ea85affc6135e87f8477992808948 DROPBEAR_2014.65 735511a4c761141416ad0e6728989d2dafa55bc2 DROPBEAR_2014.66 +cbd674d63cd4f3781464a8d4056a5506c8ae926f DROPBEAR_2015.67
--- a/CHANGES Fri Jan 23 22:32:49 2015 +0800 +++ b/CHANGES Mon Mar 16 21:34:05 2015 +0800 @@ -1,3 +1,48 @@ +- Improve efficiency of writing data to local program/pipes, measured 30% for + connections to localhost + +- Use TCP Fast Open on Linux if available. saves a round trip at connection + to hosts that have previously been connected. + Needs a recent Linux kernel and possibly "sysctl -w net.ipv4.tcp_fastopen=3" + +- Forwarded TCP ports connect asynchronously and retry with other available + addresses (IPv4 or IPv6) + +- Free memory before exiting, patch from Thorsten Horstmann. Useful for + Dropbear ports to embedded systems and for checking memory leaks + with valgrind. Only partially implemented for client side. + +- Fix small ECC memory leaks + +2015.67 - Wednesday 28 January 2015 + +- Call fsync() after generating private keys to ensure they aren't lost if a + reboot occurs. Thanks to Peter Korsgaard + +- Disable non-delayed zlib compression by default on the server. Can be + enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB + +- Default client key path ~/.ssh/id_dropbear + +- Prefer stronger algorithms by default, from Fedor Brunner. + AES256 over 3DES + Diffie-hellman group14 over group1 + +- Add option to disable CBC ciphers. + +- Disable twofish in default options.h + +- Enable sha2 HMAC algorithms by default, the code was already required + for ECC key exchange. sha1 is the first preference still for performance. + +- Fix installing dropbear.8 in a separate build directory, from Like Ma + +- Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusamäe + +- Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea + +- Minor bug fixes, a few issues found by Coverity scan + 2014.66 - Thursday 23 October 2014 - Use the same keepalive handling behaviour as OpenSSH. This will work better
--- a/Makefile.in Fri Jan 23 22:32:49 2015 +0800 +++ b/Makefile.in Mon Mar 16 21:34:05 2015 +0800 @@ -40,12 +40,12 @@ CLIOBJS=cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o \ cli-session.o cli-runopts.o cli-chansession.o \ cli-authpubkey.o cli-tcpfwd.o cli-channel.o cli-authinteract.o \ - cli-agentfwd.o list.o + cli-agentfwd.o CLISVROBJS=common-session.o packet.o common-algo.o common-kex.o \ common-channel.o common-chansession.o termcodes.o loginrec.o \ tcp-accept.o listener.o process-packet.o \ - common-runopts.o circbuffer.o curve25519-donna.o + common-runopts.o circbuffer.o curve25519-donna.o list.o netio.o KEYOBJS=dropbearkey.o @@ -131,7 +131,7 @@ -rm -f $(DESTDIR)$(sbindir)/dropbear$(EXEEXT) -ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(sbindir)/dropbear$(EXEEXT) $(INSTALL) -d $(DESTDIR)$(mandir)/man8 - $(INSTALL) -m 644 dropbear.8 $(DESTDIR)$(mandir)/man8/dropbear.8 + $(INSTALL) -m 644 $(srcdir)/dropbear.8 $(DESTDIR)$(mandir)/man8/dropbear.8 insmulti%: dropbearmulti $(INSTALL) -d $(DESTDIR)$(bindir) @@ -140,12 +140,12 @@ $(INSTALL) -d $(DESTDIR)$(mandir)/man1 if test -e $*.1; then $(INSTALL) -m 644 $*.1 $(DESTDIR)$(mandir)/man1/$*.1; fi -# dropbear should go in sbin, so it needs a seperate rule +# dropbear should go in sbin, so it needs a separate rule inst_dropbear: dropbear $(INSTALL) -d $(DESTDIR)$(sbindir) $(INSTALL) dropbear$(EXEEXT) $(DESTDIR)$(sbindir) $(INSTALL) -d $(DESTDIR)$(mandir)/man8 - $(INSTALL) -m 644 dropbear.8 $(DESTDIR)$(mandir)/man8/dropbear.8 + $(INSTALL) -m 644 $(srcdir)/dropbear.8 $(DESTDIR)$(mandir)/man8/dropbear.8 inst_%: % $(INSTALL) -d $(DESTDIR)$(bindir)
--- a/agentfwd.h Fri Jan 23 22:32:49 2015 +0800 +++ b/agentfwd.h Mon Mar 16 21:34:05 2015 +0800 @@ -21,8 +21,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _AGENTFWD_H_ -#define _AGENTFWD_H_ +#ifndef DROPBEAR_AGENTFWD_H_ +#define DROPBEAR_AGENTFWD_H_ #include "includes.h" #include "chansession.h" @@ -60,4 +60,4 @@ #endif /* ENABLE_SVR_AGENTFWD */ -#endif /* _AGENTFWD_H_ */ +#endif /* DROPBEAR_AGENTFWD_H_ */
--- a/algo.h Fri Jan 23 22:32:49 2015 +0800 +++ b/algo.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _ALGO_H_ +#ifndef DROPBEAR_ALGO_H_ -#define _ALGO_H_ +#define DROPBEAR_ALGO_H_ #include "includes.h" #include "buffer.h" @@ -51,6 +51,7 @@ extern algo_type sshciphers[]; extern algo_type sshhashes[]; extern algo_type ssh_compress[]; +extern algo_type ssh_delaycompress[]; extern algo_type ssh_nocompress[]; extern const struct dropbear_cipher dropbear_nocipher; @@ -133,4 +134,4 @@ DROPBEAR_COMP_ZLIB_DELAY, }; -#endif /* _ALGO_H_ */ +#endif /* DROPBEAR_ALGO_H_ */
--- a/auth.h Fri Jan 23 22:32:49 2015 +0800 +++ b/auth.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _AUTH_H_ -#define _AUTH_H_ +#ifndef DROPBEAR_AUTH_H_ +#define DROPBEAR_AUTH_H_ #include "includes.h" #include "signkey.h" @@ -143,4 +143,4 @@ unsigned char * forced_command; }; -#endif /* _AUTH_H_ */ +#endif /* DROPBEAR_AUTH_H_ */
--- a/bignum.h Fri Jan 23 22:32:49 2015 +0800 +++ b/bignum.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _BIGNUM_H_ -#define _BIGNUM_H_ +#ifndef DROPBEAR_BIGNUM_H_ +#define DROPBEAR_BIGNUM_H_ #include "includes.h" #include "dbutil.h" @@ -35,4 +35,4 @@ void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, hash_state *hs, mp_int *mp); -#endif /* _BIGNUM_H_ */ +#endif /* DROPBEAR_BIGNUM_H_ */
--- a/buffer.c Fri Jan 23 22:32:49 2015 +0800 +++ b/buffer.c Mon Mar 16 21:34:05 2015 +0800 @@ -46,17 +46,15 @@ dropbear_exit("buf->size too big"); } - buf = (buffer*)m_malloc(sizeof(buffer)); + buf = (buffer*)m_malloc(sizeof(buffer)+size); if (size > 0) { - buf->data = (unsigned char*)m_malloc(size); + buf->data = (unsigned char*)buf + sizeof(buffer); } else { buf->data = NULL; } buf->size = size; - buf->pos = 0; - buf->len = 0; return buf; @@ -65,7 +63,6 @@ /* free the buffer's data and the buffer itself */ void buf_free(buffer* buf) { - m_free(buf->data) m_free(buf); } @@ -78,17 +75,18 @@ /* resize a buffer, pos and len will be repositioned if required when * downsizing */ -void buf_resize(buffer *buf, unsigned int newsize) { +buffer* buf_resize(buffer *buf, unsigned int newsize) { if (newsize > BUF_MAX_SIZE) { dropbear_exit("buf->size too big"); } - buf->data = m_realloc(buf->data, newsize); + buf = m_realloc(buf, sizeof(buffer)+newsize); + buf->data = (unsigned char*)buf + sizeof(buffer); buf->size = newsize; buf->len = MIN(newsize, buf->len); buf->pos = MIN(newsize, buf->pos); - + return buf; } /* Create a copy of buf, allocating required memory etc. */ @@ -99,7 +97,9 @@ ret = buf_new(buf->len); ret->len = buf->len; - memcpy(ret->data, buf->data, buf->len); + if (buf->len > 0) { + memcpy(ret->data, buf->data, buf->len); + } return ret; } @@ -127,7 +127,7 @@ buf->pos = pos; } -/* increment the postion by incr, increasing the buffer length if required */ +/* increment the position by incr, increasing the buffer length if required */ void buf_incrwritepos(buffer* buf, unsigned int incr) { if (incr > BUF_MAX_INCR || buf->pos + incr > buf->size) { dropbear_exit("Bad buf_incrwritepos"); @@ -230,15 +230,15 @@ /* Return a string as a newly allocated buffer */ buffer * buf_getstringbuf(buffer *buf) { - buffer *ret; - unsigned char* str; - unsigned int len; - str = buf_getstring(buf, &len); - ret = m_malloc(sizeof(*ret)); - ret->data = str; - ret->len = len; - ret->size = len; - ret->pos = 0; + buffer *ret = NULL; + unsigned int len = buf_getint(buf); + if (len > MAX_STRING_LEN) { + dropbear_exit("String too long"); + } + ret = buf_new(len); + memcpy(buf_getwriteptr(ret, len), buf_getptr(buf, len), len); + buf_incrpos(buf, len); + buf_incrlen(ret, len); return ret; }
--- a/buffer.h Fri Jan 23 22:32:49 2015 +0800 +++ b/buffer.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,14 +22,15 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _BUFFER_H_ +#ifndef DROPBEAR_BUFFER_H_ -#define _BUFFER_H_ +#define DROPBEAR_BUFFER_H_ #include "includes.h" struct buf { - + /* don't manipulate data member outside of buffer.c - it + is a pointer into the malloc holding buffer itself */ unsigned char * data; unsigned int len; /* the used size */ unsigned int pos; @@ -40,7 +41,8 @@ typedef struct buf buffer; buffer * buf_new(unsigned int size); -void buf_resize(buffer *buf, unsigned int newsize); +/* Possibly returns a new buffer*, like realloc() */ +buffer * buf_resize(buffer *buf, unsigned int newsize); void buf_free(buffer* buf); void buf_burn(buffer* buf); buffer* buf_newcopy(buffer* buf); @@ -66,4 +68,4 @@ int buf_getmpint(buffer* buf, mp_int* mp); unsigned int buf_getint(buffer* buf); -#endif /* _BUFFER_H_ */ +#endif /* DROPBEAR_BUFFER_H_ */
--- a/channel.h Fri Jan 23 22:32:49 2015 +0800 +++ b/channel.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _CHANNEL_H_ -#define _CHANNEL_H_ +#ifndef DROPBEAR_CHANNEL_H_ +#define DROPBEAR_CHANNEL_H_ #include "includes.h" #include "buffer.h" @@ -73,6 +73,7 @@ * to ensure we don't run it twice (nor type->checkclose()). */ int close_handler_done; + struct dropbear_progress_connection *conn_pending; int initconn; /* used for TCP forwarding, whether the channel has been fully initialised */ @@ -92,7 +93,7 @@ struct ChanType { - int sepfds; /* Whether this channel has seperate pipes for in/out or not */ + int sepfds; /* Whether this channel has separate pipes for in/out or not */ char *name; int (*inithandler)(struct Channel*); int (*check_close)(struct Channel*); @@ -100,6 +101,9 @@ void (*closehandler)(struct Channel*); }; +/* Callback for connect_remote */ +void channel_connect_done(int result, int sock, void* user_data, const char* errstring); + void chaninitialise(const struct ChanType *chantypes[]); void chancleanup(); void setchannelfds(fd_set *readfd, fd_set *writefd); @@ -137,4 +141,4 @@ void send_msg_request_failure(); -#endif /* _CHANNEL_H_ */ +#endif /* DROPBEAR_CHANNEL_H_ */
--- a/chansession.h Fri Jan 23 22:32:49 2015 +0800 +++ b/chansession.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _CHANSESSION_H_ -#define _CHANSESSION_H_ +#ifndef DROPBEAR_CHANSESSION_H_ +#define DROPBEAR_CHANSESSION_H_ #include "loginrec.h" #include "channel.h" @@ -103,4 +103,4 @@ extern const struct SigMap signames[]; -#endif /* _CHANSESSION_H_ */ +#endif /* DROPBEAR_CHANSESSION_H_ */
--- a/circbuffer.c Fri Jan 23 22:32:49 2015 +0800 +++ b/circbuffer.c Mon Mar 16 21:34:05 2015 +0800 @@ -110,6 +110,21 @@ return &cbuf->data[cbuf->readpos]; } +void cbuf_readptrs(circbuffer *cbuf, + unsigned char **p1, unsigned int *len1, + unsigned char **p2, unsigned int *len2) { + *p1 = &cbuf->data[cbuf->readpos]; + *len1 = MIN(cbuf->used, cbuf->size - cbuf->readpos); + + if (*len1 < cbuf->used) { + *p2 = cbuf->data; + *len2 = cbuf->used - *len1; + } else { + *p2 = NULL; + *len2 = 0; + } +} + unsigned char* cbuf_writeptr(circbuffer *cbuf, unsigned int len) { if (len > cbuf_writelen(cbuf)) { @@ -131,9 +146,11 @@ void cbuf_incrread(circbuffer *cbuf, unsigned int len) { +#if 0 if (len > cbuf_readlen(cbuf)) { dropbear_exit("Bad cbuf read"); } +#endif dropbear_assert(cbuf->used >= len); cbuf->used -= len;
--- a/circbuffer.h Fri Jan 23 22:32:49 2015 +0800 +++ b/circbuffer.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _CIRCBUFFER_H_ -#define _CIRCBUFFER_H_ +#ifndef DROPBEAR_CIRCBUFFER_H_ +#define DROPBEAR_CIRCBUFFER_H_ struct circbuf { unsigned int size; @@ -44,6 +44,9 @@ unsigned int cbuf_writelen(circbuffer *cbuf); /* max linear write len */ unsigned char* cbuf_readptr(circbuffer *cbuf, unsigned int len); +void cbuf_readptrs(circbuffer *cbuf, + unsigned char **p1, unsigned int *len1, + unsigned char **p2, unsigned int *len2); unsigned char* cbuf_writeptr(circbuffer *cbuf, unsigned int len); void cbuf_incrwrite(circbuffer *cbuf, unsigned int len); void cbuf_incrread(circbuffer *cbuf, unsigned int len);
--- a/cli-agentfwd.c Fri Jan 23 22:32:49 2015 +0800 +++ b/cli-agentfwd.c Mon Mar 16 21:34:05 2015 +0800 @@ -155,7 +155,7 @@ goto out; } - buf_resize(inbuf, readlen); + inbuf = buf_resize(inbuf, readlen); buf_setpos(inbuf, 0); ret = atomicio(read, fd, buf_getwriteptr(inbuf, readlen), readlen); if ((size_t)ret != readlen) {
--- a/cli-authpubkey.c Fri Jan 23 22:32:49 2015 +0800 +++ b/cli-authpubkey.c Mon Mar 16 21:34:05 2015 +0800 @@ -58,7 +58,7 @@ buffer* keybuf = NULL; char* algotype = NULL; unsigned int algolen; - int keytype; + enum signkey_type keytype; unsigned int remotelen; TRACE(("enter recv_msg_userauth_pk_ok"))
--- a/cli-main.c Fri Jan 23 22:32:49 2015 +0800 +++ b/cli-main.c Mon Mar 16 21:34:05 2015 +0800 @@ -30,6 +30,7 @@ #include "session.h" #include "dbrandom.h" #include "crypto_desc.h" +#include "netio.h" static void cli_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN; static void cli_dropbear_log(int priority, const char* format, va_list param); @@ -46,7 +47,7 @@ #endif int sock_in, sock_out; - char* error = NULL; + struct dropbear_progress_connection *progress = NULL; _dropbear_exit = cli_dropbear_exit; _dropbear_log = cli_dropbear_log; @@ -72,16 +73,11 @@ } else #endif { - int sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, - 0, &error); - sock_in = sock_out = sock; + progress = connect_remote(cli_opts.remotehost, cli_opts.remoteport, cli_connected, &ses); + sock_in = sock_out = -1; } - if (sock_in < 0) { - dropbear_exit("%s", error); - } - - cli_session(sock_in, sock_out); + cli_session(sock_in, sock_out, progress); /* not reached */ return -1; @@ -91,6 +87,7 @@ static void cli_dropbear_exit(int exitcode, const char* format, va_list param) { char fmtbuf[300]; + char exitmsg[500]; if (!sessinitdone) { snprintf(fmtbuf, sizeof(fmtbuf), "Exited: %s", @@ -102,12 +99,15 @@ cli_opts.remoteport, format); } + /* Arguments to the exit printout may be unsafe to use after session_cleanup() */ + vsnprintf(exitmsg, sizeof(exitmsg), fmtbuf, param); + /* Do the cleanup first, since then the terminal will be reset */ session_cleanup(); /* Avoid printing onwards from terminal cruft */ fprintf(stderr, "\n"); - _dropbear_log(LOG_INFO, fmtbuf, param); + dropbear_log(LOG_INFO, "%s", exitmsg);; exit(exitcode); }
--- a/cli-runopts.c Fri Jan 23 22:32:49 2015 +0800 +++ b/cli-runopts.c Mon Mar 16 21:34:05 2015 +0800 @@ -38,7 +38,7 @@ static void parse_multihop_hostname(const char* orighostarg, const char* argv0); static void fill_own_user(); #ifdef ENABLE_CLI_PUBKEY_AUTH -static void loadidentityfile(const char* filename); +static void loadidentityfile(const char* filename, int warnfail); #endif #ifdef ENABLE_CLI_ANYTCPFWD static void addforward(const char* str, m_list *fwdlist); @@ -65,7 +65,7 @@ "-y -y Don't perform any remote host key checking (caution)\n" "-s Request a subsystem (use by external sftp)\n" #ifdef ENABLE_CLI_PUBKEY_AUTH - "-i <identityfile> (multiple allowed)\n" + "-i <identityfile> (multiple allowed, default %s)\n" #endif #ifdef ENABLE_CLI_AGENTFWD "-A Enable agent auth forwarding\n" @@ -95,6 +95,9 @@ "-v verbose (compiled with DEBUG_TRACE)\n" #endif ,DROPBEAR_VERSION, cli_opts.progname, +#ifdef ENABLE_CLI_PUBKEY_AUTH + DROPBEAR_DEFAULT_CLI_AUTHKEY, +#endif DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); } @@ -153,7 +156,7 @@ cli_opts.proxycmd = NULL; #endif #ifndef DISABLE_ZLIB - opts.enable_compress = 1; + opts.compress_mode = DROPBEAR_COMPRESS_ON; #endif #ifdef ENABLE_USER_ALGO_LIST opts.cipher_list = NULL; @@ -174,7 +177,7 @@ #ifdef ENABLE_CLI_PUBKEY_AUTH if (nextiskey) { /* Load a hostkey since the previous argument was "-i" */ - loadidentityfile(argv[i]); + loadidentityfile(argv[i], 1); nextiskey = 0; continue; } @@ -231,7 +234,7 @@ case 'i': /* an identityfile */ /* Keep scp happy when it changes "-i file" to "-ifile" */ if (strlen(argv[i]) > 2) { - loadidentityfile(&argv[i][2]); + loadidentityfile(&argv[i][2], 1); } else { nextiskey = 1; } @@ -444,6 +447,14 @@ } #endif +#ifdef DROPBEAR_DEFAULT_CLI_AUTHKEY + { + char *expand_path = expand_tilde(DROPBEAR_DEFAULT_CLI_AUTHKEY); + loadidentityfile(expand_path, 0); + m_free(expand_path); + } +#endif + /* The hostname gets set up last, since * in multi-hop mode it will require knowledge * of other flags such as -i */ @@ -455,14 +466,18 @@ } #ifdef ENABLE_CLI_PUBKEY_AUTH -static void loadidentityfile(const char* filename) { +static void loadidentityfile(const char* filename, int warnfail) { sign_key *key; enum signkey_type keytype; + TRACE(("loadidentityfile %s", filename)) + key = new_sign_key(); keytype = DROPBEAR_SIGNKEY_ANY; if ( readhostkey(filename, key, &keytype) != DROPBEAR_SUCCESS ) { - fprintf(stderr, "Failed loading keyfile '%s'\n", filename); + if (warnfail) { + fprintf(stderr, "Failed loading keyfile '%s'\n", filename); + } sign_key_free(key); } else { key->type = keytype; @@ -594,7 +609,7 @@ passthrough_args, remainder); #ifndef DISABLE_ZLIB /* The stream will be incompressible since it's encrypted. */ - opts.enable_compress = 0; + opts.compress_mode = DROPBEAR_COMPRESS_OFF; #endif m_free(passthrough_args); }
--- a/cli-session.c Fri Jan 23 22:32:49 2015 +0800 +++ b/cli-session.c Mon Mar 16 21:34:05 2015 +0800 @@ -37,11 +37,12 @@ #include "chansession.h" #include "agentfwd.h" #include "crypto_desc.h" +#include "netio.h" -static void cli_remoteclosed(); +static void cli_remoteclosed() ATTRIB_NORETURN; static void cli_sessionloop(); static void cli_session_init(); -static void cli_finished(); +static void cli_finished() ATTRIB_NORETURN; static void recv_msg_service_accept(void); static void cli_session_cleanup(void); static void recv_msg_global_request_cli(void); @@ -93,15 +94,30 @@ NULL /* Null termination */ }; -void cli_session(int sock_in, int sock_out) { +void cli_connected(int result, int sock, void* userdata, const char *errstring) +{ + struct sshsession *myses = userdata; + if (result == DROPBEAR_FAILURE) { + dropbear_exit("Connect failed: %s", errstring); + } + myses->sock_in = myses->sock_out = sock; + update_channel_prio(); +} + +void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress) { common_session_init(sock_in, sock_out); + if (progress) { + connect_set_writequeue(progress, &ses.writequeue); + } + chaninitialise(cli_chantypes); /* Set up cli_ses vars */ cli_session_init(); + /* Ready to go */ sessinitdone = 1;
--- a/cli-tcpfwd.c Fri Jan 23 22:32:49 2015 +0800 +++ b/cli-tcpfwd.c Mon Mar 16 21:34:05 2015 +0800 @@ -30,6 +30,7 @@ #include "runopts.h" #include "session.h" #include "ssh.h" +#include "netio.h" #ifdef ENABLE_CLI_REMOTETCPFWD static int newtcpforwarded(struct Channel * channel); @@ -215,7 +216,6 @@ m_list_elem * iter = NULL; struct TCPFwdEntry *fwd; char portstring[NI_MAXSERV]; - int sock; int err = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED; origaddr = buf_getstring(ses.payload, NULL); @@ -254,19 +254,7 @@ } snprintf(portstring, sizeof(portstring), "%d", fwd->connectport); - sock = connect_remote(fwd->connectaddr, portstring, 1, NULL); - if (sock < 0) { - TRACE(("leave newtcpdirect: sock failed")) - err = SSH_OPEN_CONNECT_FAILED; - goto out; - } - - ses.maxfd = MAX(ses.maxfd, sock); - - /* We don't set readfd, that will get set after the connection's - * progress succeeds */ - channel->writefd = sock; - channel->initconn = 1; + channel->conn_pending = connect_remote(fwd->connectaddr, portstring, channel_connect_done, channel); channel->prio = DROPBEAR_CHANNEL_PRIO_UNKNOWABLE;
--- a/common-algo.c Fri Jan 23 22:32:49 2015 +0800 +++ b/common-algo.c Mon Mar 16 21:34:05 2015 +0800 @@ -84,10 +84,14 @@ /* A few void* s are required to silence warnings * about the symmetric_CBC vs symmetric_CTR cipher_state pointer */ +#ifdef DROPBEAR_ENABLE_CBC_MODE const struct dropbear_cipher_mode dropbear_mode_cbc = {(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt}; +#endif /* DROPBEAR_ENABLE_CBC_MODE */ + const struct dropbear_cipher_mode dropbear_mode_none = {void_start, void_cipher, void_cipher}; + #ifdef DROPBEAR_ENABLE_CTR_MODE /* a wrapper to make ctr_start and cbc_start look the same */ static int dropbear_big_endian_ctr_start(int cipher, @@ -98,7 +102,7 @@ } const struct dropbear_cipher_mode dropbear_mode_ctr = {(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt}; -#endif +#endif /* DROPBEAR_ENABLE_CTR_MODE */ /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc. {&hash_desc, keysize, hashsize} */ @@ -137,21 +141,21 @@ #ifdef DROPBEAR_AES128 {"aes128-ctr", 0, &dropbear_aes128, 1, &dropbear_mode_ctr}, #endif -#ifdef DROPBEAR_3DES - {"3des-ctr", 0, &dropbear_3des, 1, &dropbear_mode_ctr}, -#endif #ifdef DROPBEAR_AES256 {"aes256-ctr", 0, &dropbear_aes256, 1, &dropbear_mode_ctr}, #endif +#ifdef DROPBEAR_TWOFISH256 + {"twofish256-ctr", 0, &dropbear_twofish256, 1, &dropbear_mode_ctr}, +#endif +#ifdef DROPBEAR_TWOFISH128 + {"twofish128-ctr", 0, &dropbear_twofish128, 1, &dropbear_mode_ctr}, +#endif #endif /* DROPBEAR_ENABLE_CTR_MODE */ -/* CBC modes are always enabled */ +#ifdef DROPBEAR_ENABLE_CBC_MODE #ifdef DROPBEAR_AES128 {"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc}, #endif -#ifdef DROPBEAR_3DES - {"3des-cbc", 0, &dropbear_3des, 1, &dropbear_mode_cbc}, -#endif #ifdef DROPBEAR_AES256 {"aes256-cbc", 0, &dropbear_aes256, 1, &dropbear_mode_cbc}, #endif @@ -162,9 +166,16 @@ #ifdef DROPBEAR_TWOFISH128 {"twofish128-cbc", 0, &dropbear_twofish128, 1, &dropbear_mode_cbc}, #endif +#ifdef DROPBEAR_3DES + {"3des-ctr", 0, &dropbear_3des, 1, &dropbear_mode_ctr}, +#endif +#ifdef DROPBEAR_3DES + {"3des-cbc", 0, &dropbear_3des, 1, &dropbear_mode_cbc}, +#endif #ifdef DROPBEAR_BLOWFISH {"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc}, #endif +#endif /* DROPBEAR_ENABLE_CBC_MODE */ #ifdef DROPBEAR_NONE_CIPHER {"none", 0, (void*)&dropbear_nocipher, 1, &dropbear_mode_none}, #endif @@ -172,18 +183,18 @@ }; algo_type sshhashes[] = { +#ifdef DROPBEAR_SHA1_96_HMAC + {"hmac-sha1-96", 0, &dropbear_sha1_96, 1, NULL}, +#endif +#ifdef DROPBEAR_SHA1_HMAC + {"hmac-sha1", 0, &dropbear_sha1, 1, NULL}, +#endif #ifdef DROPBEAR_SHA2_256_HMAC {"hmac-sha2-256", 0, &dropbear_sha2_256, 1, NULL}, #endif #ifdef DROPBEAR_SHA2_512_HMAC {"hmac-sha2-512", 0, &dropbear_sha2_512, 1, NULL}, #endif -#ifdef DROPBEAR_SHA1_96_HMAC - {"hmac-sha1-96", 0, &dropbear_sha1_96, 1, NULL}, -#endif -#ifdef DROPBEAR_SHA1_HMAC - {"hmac-sha1", 0, &dropbear_sha1, 1, NULL}, -#endif #ifdef DROPBEAR_MD5_HMAC {"hmac-md5", 0, (void*)&dropbear_md5, 1, NULL}, #endif @@ -195,7 +206,13 @@ #ifndef DISABLE_ZLIB algo_type ssh_compress[] = { + {"zlib@openssh.com", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL}, {"zlib", DROPBEAR_COMP_ZLIB, NULL, 1, NULL}, + {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL}, + {NULL, 0, NULL, 0, NULL} +}; + +algo_type ssh_delaycompress[] = { {"zlib@openssh.com", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL}, {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL}, {NULL, 0, NULL, 0, NULL} @@ -265,8 +282,8 @@ {"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL}, #endif #endif + {"diffie-hellman-group14-sha1", 0, &kex_dh_group14, 1, NULL}, {"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL}, - {"diffie-hellman-group14-sha1", 0, &kex_dh_group14, 1, NULL}, #ifdef USE_KEXGUESS2 {KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL}, #endif
--- a/common-channel.c Fri Jan 23 22:32:49 2015 +0800 +++ b/common-channel.c Mon Mar 16 21:34:05 2015 +0800 @@ -35,20 +35,21 @@ #include "ssh.h" #include "listener.h" #include "runopts.h" +#include "netio.h" static void send_msg_channel_open_failure(unsigned int remotechan, int reason, const unsigned char *text, const unsigned char *lang); static void send_msg_channel_open_confirmation(struct Channel* channel, unsigned int recvwindow, unsigned int recvmaxpacket); -static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf); +static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf, + const unsigned char *moredata, unsigned int *morelen); static void send_msg_channel_window_adjust(struct Channel *channel, unsigned int incr); static void send_msg_channel_data(struct Channel *channel, int isextended); static void send_msg_channel_eof(struct Channel *channel); static void send_msg_channel_close(struct Channel *channel); static void remove_channel(struct Channel *channel); -static void check_in_progress(struct Channel *channel); static unsigned int write_pending(struct Channel * channel); static void check_close(struct Channel *channel); static void close_chan_fd(struct Channel *channel, int fd, int how); @@ -163,7 +164,6 @@ newchan->writefd = FD_UNINIT; newchan->readfd = FD_UNINIT; newchan->errfd = FD_CLOSED; /* this isn't always set to start with */ - newchan->initconn = 0; newchan->await_open = 0; newchan->flushing = 0; @@ -242,20 +242,14 @@ /* write to program/pipe stdin */ if (channel->writefd >= 0 && FD_ISSET(channel->writefd, writefds)) { - if (channel->initconn) { - /* XXX should this go somewhere cleaner? */ - check_in_progress(channel); - continue; /* Important not to use the channel after - check_in_progress(), as it may be NULL */ - } - writechannel(channel, channel->writefd, channel->writebuf); + writechannel(channel, channel->writefd, channel->writebuf, NULL, NULL); do_check_close = 1; } /* stderr for client mode */ if (ERRFD_IS_WRITE(channel) && channel->errfd >= 0 && FD_ISSET(channel->errfd, writefds)) { - writechannel(channel, channel->errfd, channel->extrabuf); + writechannel(channel, channel->errfd, channel->extrabuf, NULL, NULL); do_check_close = 1; } @@ -374,27 +368,27 @@ * if so, set up the channel properly. Otherwise, the channel is cleaned up, so * it is important that the channel reference isn't used after a call to this * function */ -static void check_in_progress(struct Channel *channel) { +void channel_connect_done(int result, int sock, void* user_data, const char* UNUSED(errstring)) { - int val; - socklen_t vallen = sizeof(val); - - TRACE(("enter check_in_progress")) + struct Channel *channel = user_data; - if (getsockopt(channel->writefd, SOL_SOCKET, SO_ERROR, &val, &vallen) - || val != 0) { - send_msg_channel_open_failure(channel->remotechan, - SSH_OPEN_CONNECT_FAILED, "", ""); - close(channel->writefd); - remove_channel(channel); - TRACE(("leave check_in_progress: fail")) - } else { + TRACE(("enter channel_connect_done")) + + if (result == DROPBEAR_SUCCESS) + { + channel->readfd = channel->writefd = sock; + channel->conn_pending = NULL; chan_initwritebuf(channel); send_msg_channel_open_confirmation(channel, channel->recvwindow, channel->recvmaxpacket); - channel->readfd = channel->writefd; - channel->initconn = 0; - TRACE(("leave check_in_progress: success")) + TRACE(("leave channel_connect_done: success")) + } + else + { + send_msg_channel_open_failure(channel->remotechan, + SSH_OPEN_CONNECT_FAILED, "", ""); + remove_channel(channel); + TRACE(("leave check_in_progress: fail")) } } @@ -402,7 +396,7 @@ /* Send the close message and set the channel as closed */ static void send_msg_channel_close(struct Channel *channel) { - TRACE(("enter send_msg_channel_close %p", channel)) + TRACE(("enter send_msg_channel_close %p", (void*)channel)) if (channel->type->closehandler && !channel->close_handler_done) { channel->type->closehandler(channel); @@ -441,14 +435,67 @@ } /* Called to write data out to the local side of the channel. - * Only called when we know we can write to a channel, writes as much as - * possible */ -static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) { + Writes the circular buffer contents and also the "moredata" buffer + if not null. Will ignore EAGAIN */ +static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf, + const unsigned char *moredata, unsigned int *morelen) { - int len, maxlen; + struct iovec iov[3]; + unsigned char *circ_p1, *circ_p2; + unsigned int circ_len1, circ_len2; + int io_count = 0; + + int written; TRACE(("enter writechannel fd %d", fd)) + cbuf_readptrs(cbuf, &circ_p1, &circ_len1, &circ_p2, &circ_len2); + + if (circ_len1 > 0) { + TRACE(("circ1 %d", circ_len1)) + iov[io_count].iov_base = circ_p1; + iov[io_count].iov_len = circ_len1; + io_count++; + } + + if (circ_len2 > 0) { + TRACE(("circ2 %d", circ_len2)) + iov[io_count].iov_base = circ_p2; + iov[io_count].iov_len = circ_len2; + io_count++; + } + + if (morelen) { + assert(moredata); + TRACE(("more %d", *morelen)) + iov[io_count].iov_base = (void*)moredata; + iov[io_count].iov_len = *morelen; + io_count++; + } + + if (morelen) { + /* Default return value, none consumed */ + *morelen = 0; + } + + written = writev(fd, iov, io_count); + + if (written < 0) { + if (errno != EINTR && errno != EAGAIN) { + TRACE(("errno %d len %d", errno, len)) + close_chan_fd(channel, fd, SHUT_WR); + } + } else { + int cbuf_written = MIN(circ_len1+circ_len2, (unsigned int)written); + cbuf_incrread(cbuf, cbuf_written); + if (morelen) { + *morelen = written - cbuf_written; + } + channel->recvdonelen += written; + } + +#if 0 + maxlen = cbuf_readlen(cbuf); /* Write the data out */ @@ -465,10 +512,10 @@ cbuf_incrread(cbuf, len); channel->recvdonelen += len; +#endif /* Window adjust handling */ if (channel->recvdonelen >= RECV_WINDOWEXTEND) { - /* Set it back to max window */ send_msg_channel_window_adjust(channel, channel->recvdonelen); channel->recvwindow += channel->recvdonelen; channel->recvdonelen = 0; @@ -514,8 +561,7 @@ } /* Stuff from the wire */ - if (channel->initconn - ||(channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0)) { + if (channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0) { FD_SET(channel->writefd, writefds); } @@ -586,11 +632,11 @@ /* close the FDs in case they haven't been done * yet (they might have been shutdown etc) */ TRACE(("CLOSE writefd %d", channel->writefd)) - close(channel->writefd); + m_close(channel->writefd); TRACE(("CLOSE readfd %d", channel->readfd)) - close(channel->readfd); + m_close(channel->readfd); TRACE(("CLOSE errfd %d", channel->errfd)) - close(channel->errfd); + m_close(channel->errfd); } if (!channel->close_handler_done @@ -599,6 +645,10 @@ channel->close_handler_done = 1; } + if (channel->conn_pending) { + cancel_connect(channel->conn_pending); + } + ses.channels[channel->index] = NULL; m_free(channel); ses.chancount--; @@ -616,7 +666,7 @@ channel = getchannel(); - TRACE(("enter recv_msg_channel_request %p", channel)) + TRACE(("enter recv_msg_channel_request %p", (void*)channel)) if (channel->sent_close) { TRACE(("leave recv_msg_channel_request: already closed channel")) @@ -749,6 +799,7 @@ unsigned int maxdata; unsigned int buflen; unsigned int len; + unsigned int consumed; TRACE(("enter recv_msg_channel_data")) @@ -775,6 +826,17 @@ dropbear_exit("Oversized packet"); } + dropbear_assert(channel->recvwindow >= datalen); + channel->recvwindow -= datalen; + dropbear_assert(channel->recvwindow <= opts.recv_window); + + consumed = datalen; + writechannel(channel, fd, cbuf, buf_getptr(ses.payload, datalen), &consumed); + + datalen -= consumed; + buf_incrpos(ses.payload, consumed); + + /* We may have to run throught twice, if the buffer wraps around. Can't * just "leave it for next time" like with writechannel, since this * is payload data */ @@ -790,10 +852,6 @@ len -= buflen; } - dropbear_assert(channel->recvwindow >= datalen); - channel->recvwindow -= datalen; - dropbear_assert(channel->recvwindow <= opts.recv_window); - TRACE(("leave recv_msg_channel_data")) } @@ -1001,7 +1059,7 @@ } } else { TRACE(("CLOSE some fd %d", fd)) - close(fd); + m_close(fd); closein = closeout = 1; } @@ -1024,7 +1082,7 @@ if (channel->type->sepfds && channel->readfd == FD_CLOSED && channel->writefd == FD_CLOSED && channel->errfd == FD_CLOSED) { TRACE(("CLOSE (finally) of %d", fd)) - close(fd); + m_close(fd); } } @@ -1141,15 +1199,15 @@ } struct Channel* get_any_ready_channel() { + size_t i; if (ses.chancount == 0) { return NULL; } - size_t i; for (i = 0; i < ses.chansize; i++) { struct Channel *chan = ses.channels[i]; if (chan && !(chan->sent_eof || chan->recv_eof) - && !(chan->await_open || chan->initconn)) { + && !(chan->await_open)) { return chan; } }
--- a/common-kex.c Fri Jan 23 22:32:49 2015 +0800 +++ b/common-kex.c Mon Mar 16 21:34:05 2015 +0800 @@ -238,14 +238,24 @@ void kexfirstinitialise() { ses.kexstate.donefirstkex = 0; -#ifndef DISABLE_ZLIB - if (opts.enable_compress) { - ses.compress_algos = ssh_compress; - } else +#ifdef DISABLE_ZLIB + ses.compress_algos = ssh_nocompress; +#else + switch (opts.compress_mode) + { + case DROPBEAR_COMPRESS_DELAYED: + ses.compress_algos = ssh_delaycompress; + break; + + case DROPBEAR_COMPRESS_ON: + ses.compress_algos = ssh_compress; + break; + + case DROPBEAR_COMPRESS_OFF: + ses.compress_algos = ssh_nocompress; + break; + } #endif - { - ses.compress_algos = ssh_nocompress; - } kexinitialise(); } @@ -524,8 +534,10 @@ buf_putstring(ses.kexhashbuf, ses.transkexinit->data, ses.transkexinit->len); /* I_S, the payload of the server's SSH_MSG_KEXINIT */ - buf_setpos(ses.payload, 0); - buf_putstring(ses.kexhashbuf, ses.payload->data, ses.payload->len); + buf_setpos(ses.payload, ses.payload_beginning); + buf_putstring(ses.kexhashbuf, + buf_getptr(ses.payload, ses.payload->len-ses.payload->pos), + ses.payload->len-ses.payload->pos); ses.requirenext = SSH_MSG_KEXDH_REPLY; } else { /* SERVER */ @@ -539,8 +551,10 @@ (unsigned char*)LOCAL_IDENT, local_ident_len); /* I_C, the payload of the client's SSH_MSG_KEXINIT */ - buf_setpos(ses.payload, 0); - buf_putstring(ses.kexhashbuf, ses.payload->data, ses.payload->len); + buf_setpos(ses.payload, ses.payload_beginning); + buf_putstring(ses.kexhashbuf, + buf_getptr(ses.payload, ses.payload->len-ses.payload->pos), + ses.payload->len-ses.payload->pos); /* I_S, the payload of the server's SSH_MSG_KEXINIT */ buf_putstring(ses.kexhashbuf, @@ -619,16 +633,20 @@ void kexdh_comb_key(struct kex_dh_param *param, mp_int *dh_pub_them, sign_key *hostkey) { - mp_int dh_p; + DEF_MP_INT(dh_p); + DEF_MP_INT(dh_p_min1); mp_int *dh_e = NULL, *dh_f = NULL; - /* read the prime and generator*/ - m_mp_init(&dh_p); + m_mp_init_multi(&dh_p, &dh_p_min1, NULL); load_dh_p(&dh_p); - /* Check that dh_pub_them (dh_e or dh_f) is in the range [1, p-1] */ - if (mp_cmp(dh_pub_them, &dh_p) != MP_LT - || mp_cmp_d(dh_pub_them, 0) != MP_GT) { + if (mp_sub_d(&dh_p, 1, &dh_p_min1) != MP_OKAY) { + dropbear_exit("Diffie-Hellman error"); + } + + /* Check that dh_pub_them (dh_e or dh_f) is in the range [2, p-2] */ + if (mp_cmp(dh_pub_them, &dh_p_min1) != MP_LT + || mp_cmp_d(dh_pub_them, 1) != MP_GT) { dropbear_exit("Diffie-Hellman error"); } @@ -639,7 +657,7 @@ } /* clear no longer needed vars */ - mp_clear_multi(&dh_p, NULL); + mp_clear_multi(&dh_p, &dh_p_min1, NULL); /* From here on, the code needs to work with the _same_ vars on each side, * not vice-versaing for client/server */
--- a/common-session.c Fri Jan 23 22:32:49 2015 +0800 +++ b/common-session.c Mon Mar 16 21:34:05 2015 +0800 @@ -34,6 +34,7 @@ #include "kex.h" #include "channel.h" #include "runopts.h" +#include "netio.h" static void checktimeouts(); static long select_timeout(); @@ -53,6 +54,10 @@ void common_session_init(int sock_in, int sock_out) { time_t now; +#ifdef DEBUG_TRACE + debug_start_net(); +#endif + TRACE(("enter session_init")) ses.sock_in = sock_in; @@ -150,8 +155,10 @@ FD_ZERO(&readfd); dropbear_assert(ses.payload == NULL); - /* during initial setup we flush out the KEXINIT packet before - * attempting to read the remote version string, which might block */ + /* We delay reading from the input socket during initial setup until + after we have written out our initial KEXINIT packet (empty writequeue). + This means our initial packet can be in-flight while we're doing a blocking + read for the remote ident */ if (ses.sock_in != -1 && (ses.remoteident || isempty(&ses.writequeue))) { FD_SET(ses.sock_in, &readfd); } @@ -166,6 +173,9 @@ /* set up for channels which can be read/written */ setchannelfds(&readfd, &writefd); + /* Pending connections to test */ + set_connect_fds(&writefd); + val = select(ses.maxfd+1, &readfd, &writefd, NULL, &timeout); if (exitflag) { @@ -213,11 +223,13 @@ process_packet(); } } - + /* if required, flush out any queued reply packets that were being held up during a KEX */ maybe_flush_reply_queue(); + handle_connect_fds(&writefd); + /* process pipes etc for the channels, ses.dataallowed == 0 * during rekeying ) */ channelio(&readfd, &writefd); @@ -239,6 +251,15 @@ ses.exit_recursion = 0; } +static void cleanup_buf(buffer **buf) { + if (!*buf) { + return; + } + buf_burn(*buf); + buf_free(*buf); + *buf = NULL; +} + /* clean up a session on exit */ void session_cleanup() { @@ -250,24 +271,47 @@ return; } + /* Beware of changing order of functions here. */ + + /* Must be before extra_session_cleanup() */ + chancleanup(); + if (ses.extra_session_cleanup) { ses.extra_session_cleanup(); } - chancleanup(); - - /* Cleaning up keys must happen after other cleanup - functions which might queue packets */ - if (ses.session_id) { - buf_burn(ses.session_id); - buf_free(ses.session_id); - ses.session_id = NULL; + /* After these are freed most functions will exit */ +#ifdef DROPBEAR_CLEANUP + /* listeners call cleanup functions, this should occur before + other session state is freed. */ + remove_all_listeners(); + + remove_connect_pending(); + + while (!isempty(&ses.writequeue)) { + buf_free(dequeue(&ses.writequeue)); } - if (ses.hash) { - buf_burn(ses.hash); - buf_free(ses.hash); - ses.hash = NULL; + + m_free(ses.remoteident); + m_free(ses.authstate.pw_dir); + m_free(ses.authstate.pw_name); + m_free(ses.authstate.pw_shell); + m_free(ses.authstate.pw_passwd); + m_free(ses.authstate.username); +#endif + + cleanup_buf(&ses.session_id); + cleanup_buf(&ses.hash); + cleanup_buf(&ses.payload); + cleanup_buf(&ses.readbuf); + cleanup_buf(&ses.writepayload); + cleanup_buf(&ses.kexhashbuf); + cleanup_buf(&ses.transkexinit); + if (ses.dh_K) { + mp_clear(ses.dh_K); } + m_free(ses.dh_K); + m_burn(ses.keys, sizeof(struct key_context)); m_free(ses.keys); @@ -398,15 +442,15 @@ } void ignore_recv_response() { - // Do nothing + /* Do nothing */ TRACE(("Ignored msg_request_response")) } static void send_msg_keepalive() { + time_t old_time_idle = ses.last_packet_time_idle; + struct Channel *chan = get_any_ready_channel(); + CHECKCLEARTOWRITE(); - time_t old_time_idle = ses.last_packet_time_idle; - - struct Channel *chan = get_any_ready_channel(); if (chan) { /* Channel requests are preferable, more implementations @@ -546,6 +590,11 @@ TRACE(("update_channel_prio")) + if (ses.sock_out < 0) { + TRACE(("leave update_channel_prio: no socket")) + return; + } + new_prio = DROPBEAR_PRIO_BULK; for (i = 0; i < ses.chansize; i++) { struct Channel *channel = ses.channels[i]; @@ -576,7 +625,7 @@ } if (new_prio != ses.socket_prio) { - TRACE(("Dropbear priority transitioning %4.4s -> %4.4s", (char*)&ses.socket_prio, (char*)&new_prio)) + TRACE(("Dropbear priority transitioning %d -> %d", ses.socket_prio, new_prio)) set_sock_priority(ses.sock_out, new_prio); ses.socket_prio = new_prio; }
--- a/compat.h Fri Jan 23 22:32:49 2015 +0800 +++ b/compat.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _COMPAT_H_ -#define _COMPAT_H_ +#ifndef DROPBEAR_COMPAT_H_ +#define DROPBEAR_COMPAT_H_ #include "includes.h" @@ -49,8 +49,8 @@ void endusershell(); #endif -#ifndef _PATH_DEVNULL -#define _PATH_DEVNULL "/dev/null" +#ifndef DROPBEAR_PATH_DEVNULL +#define DROPBEAR_PATH_DEVNULL "/dev/null" #endif -#endif /* _COMPAT_H_ */ +#endif /* DROPBEAR_COMPAT_H_ */
--- a/configure.ac Fri Jan 23 22:32:49 2015 +0800 +++ b/configure.ac Mon Mar 16 21:34:05 2015 +0800 @@ -660,6 +660,7 @@ AC_EXEEXT # XXX there must be a nicer way to do this +if test $BUNDLED_LIBTOM = 1 ; then AS_MKDIR_P(libtomcrypt/src/ciphers/aes) AS_MKDIR_P(libtomcrypt/src/ciphers/safer) AS_MKDIR_P(libtomcrypt/src/ciphers/twofish) @@ -710,8 +711,10 @@ AS_MKDIR_P(libtomcrypt/src/pk/pkcs1) AS_MKDIR_P(libtomcrypt/src/pk/rsa) AS_MKDIR_P(libtomcrypt/src/prngs) +LIBTOM_FILES="libtomcrypt/Makefile libtommath/Makefile" +fi AC_CONFIG_HEADER(config.h) -AC_CONFIG_FILES(Makefile libtomcrypt/Makefile libtommath/Makefile) +AC_CONFIG_FILES(Makefile $LIBTOM_FILES) AC_OUTPUT AC_MSG_NOTICE()
--- a/crypto_desc.h Fri Jan 23 22:32:49 2015 +0800 +++ b/crypto_desc.h Mon Mar 16 21:34:05 2015 +0800 @@ -1,9 +1,9 @@ -#ifndef _CRYPTO_DESC_H -#define _CRYPTO_DESC_H +#ifndef DROPBEAR_CRYPTO_DESC_H +#define DROPBEAR_CRYPTO_DESC_H void crypto_init(); extern int dropbear_ltc_prng; -#endif /* _CRYPTO_DESC_H */ +#endif /* DROPBEAR_CRYPTO_DESC_H */
--- a/curve25519-donna.c Fri Jan 23 22:32:49 2015 +0800 +++ b/curve25519-donna.c Mon Mar 16 21:34:05 2015 +0800 @@ -527,7 +527,7 @@ memcpy(origx, x, 10 * sizeof(limb)); fsum(x, z); - fdifference(z, origx); // does x - z + fdifference(z, origx); /* does x - z */ memcpy(origxprime, xprime, sizeof(limb) * 10); fsum(xprime, zprime); @@ -554,7 +554,7 @@ fproduct(x2, xx, zz); freduce_degree(x2); freduce_coefficients(x2); - fdifference(zz, xx); // does zz = xx - zz + fdifference(zz, xx); /* does zz = xx - zz */ memset(zzz + 10, 0, sizeof(limb) * 9); fscalar_product(zzz, zz, 121665); /* No need to call freduce_degree here: @@ -641,9 +641,9 @@ memcpy(resultz, nqz, sizeof(limb) * 10); } -// ----------------------------------------------------------------------------- -// Shamelessly copied from djb's code -// ----------------------------------------------------------------------------- +/* ----------------------------------------------------------------------------- + * Shamelessly copied from djb's code + * ----------------------------------------------------------------------------- */ static void crecip(limb *out, const limb *z) { limb z2[10];
--- a/dbclient.1 Fri Jan 23 22:32:49 2015 +0800 +++ b/dbclient.1 Mon Mar 16 21:34:05 2015 +0800 @@ -33,7 +33,7 @@ Read the identity key from file .I idfile (multiple allowed). This file is created with dropbearkey(1) or converted -from OpenSSH with dropbearconvert(1). +from OpenSSH with dropbearconvert(1). The default path ~/.ssh/id_dropbear is used .TP .B \-L [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR Local port forwarding.
--- a/dbrandom.c Fri Jan 23 22:32:49 2015 +0800 +++ b/dbrandom.c Mon Mar 16 21:34:05 2015 +0800 @@ -306,7 +306,7 @@ /* keep regenerating until we get one satisfying * 0 < rand < max */ - } while (mp_cmp(rand, max) != MP_LT); + } while (!(mp_cmp(rand, max) == MP_LT && mp_cmp_d(rand, 0) == MP_GT)); m_burn(randbuf, len); m_free(randbuf); }
--- a/dbrandom.h Fri Jan 23 22:32:49 2015 +0800 +++ b/dbrandom.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _RANDOM_H_ -#define _RANDOM_H_ +#ifndef DROPBEAR_RANDOM_H_ +#define DROPBEAR_RANDOM_H_ #include "includes.h" @@ -32,4 +32,4 @@ void addrandom(char * buf, unsigned int len); void gen_random_mpint(mp_int *max, mp_int *rand); -#endif /* _RANDOM_H_ */ +#endif /* DROPBEAR_RANDOM_H_ */
--- a/dbutil.c Fri Jan 23 22:32:49 2015 +0800 +++ b/dbutil.c Mon Mar 16 21:34:05 2015 +0800 @@ -150,18 +150,44 @@ #ifdef DEBUG_TRACE + +static double debug_start_time = -1; + +void debug_start_net() +{ + if (getenv("DROPBEAR_DEBUG_NET_TIMESTAMP")) + { + /* Timestamps start from first network activity */ + struct timeval tv; + gettimeofday(&tv, NULL); + debug_start_time = tv.tv_sec + (tv.tv_usec / 1000000.0); + TRACE(("Resetting Dropbear TRACE timestamps")) + } +} + +static double time_since_start() +{ + double nowf; + struct timeval tv; + gettimeofday(&tv, NULL); + nowf = tv.tv_sec + (tv.tv_usec / 1000000.0); + if (debug_start_time < 0) + { + debug_start_time = nowf; + return 0; + } + return nowf - debug_start_time; +} + void dropbear_trace(const char* format, ...) { va_list param; - struct timeval tv; if (!debug_trace) { return; } - gettimeofday(&tv, NULL); - va_start(param, format); - fprintf(stderr, "TRACE (%d) %d.%d: ", getpid(), (int)tv.tv_sec, (int)tv.tv_usec); + fprintf(stderr, "TRACE (%d) %f: ", getpid(), time_since_start()); vfprintf(stderr, format, param); fprintf(stderr, "\n"); va_end(param); @@ -170,7 +196,6 @@ void dropbear_trace2(const char* format, ...) { static int trace_env = -1; va_list param; - struct timeval tv; if (trace_env == -1) { trace_env = getenv("DROPBEAR_TRACE2") ? 1 : 0; @@ -180,193 +205,14 @@ return; } - gettimeofday(&tv, NULL); - va_start(param, format); - fprintf(stderr, "TRACE2 (%d) %d.%d: ", getpid(), (int)tv.tv_sec, (int)tv.tv_usec); + fprintf(stderr, "TRACE2 (%d) %f: ", getpid(), time_since_start()); vfprintf(stderr, format, param); fprintf(stderr, "\n"); va_end(param); } #endif /* DEBUG_TRACE */ -void set_sock_nodelay(int sock) { - int val; - - /* disable nagle */ - val = 1; - setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void*)&val, sizeof(val)); -} - -void set_sock_priority(int sock, enum dropbear_prio prio) { - - int iptos_val = 0, so_prio_val = 0, rc; - - /* Don't log ENOTSOCK errors so that this can harmlessly be called - * on a client '-J' proxy pipe */ - - /* set the TOS bit for either ipv4 or ipv6 */ -#ifdef IPTOS_LOWDELAY - if (prio == DROPBEAR_PRIO_LOWDELAY) { - iptos_val = IPTOS_LOWDELAY; - } else if (prio == DROPBEAR_PRIO_BULK) { - iptos_val = IPTOS_THROUGHPUT; - } -#if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) - rc = setsockopt(sock, IPPROTO_IPV6, IPV6_TCLASS, (void*)&iptos_val, sizeof(iptos_val)); - if (rc < 0 && errno != ENOTSOCK) { - TRACE(("Couldn't set IPV6_TCLASS (%s)", strerror(errno))); - } -#endif - rc = setsockopt(sock, IPPROTO_IP, IP_TOS, (void*)&iptos_val, sizeof(iptos_val)); - if (rc < 0 && errno != ENOTSOCK) { - TRACE(("Couldn't set IP_TOS (%s)", strerror(errno))); - } -#endif - -#ifdef SO_PRIORITY - if (prio == DROPBEAR_PRIO_LOWDELAY) { - so_prio_val = TC_PRIO_INTERACTIVE; - } else if (prio == DROPBEAR_PRIO_BULK) { - so_prio_val = TC_PRIO_BULK; - } - /* linux specific, sets QoS class. see tc-prio(8) */ - rc = setsockopt(sock, SOL_SOCKET, SO_PRIORITY, (void*) &so_prio_val, sizeof(so_prio_val)); - if (rc < 0 && errno != ENOTSOCK) - dropbear_log(LOG_WARNING, "Couldn't set SO_PRIORITY (%s)", - strerror(errno)); -#endif - -} - -/* Listen on address:port. - * Special cases are address of "" listening on everything, - * and address of NULL listening on localhost only. - * Returns the number of sockets bound on success, or -1 on failure. On - * failure, if errstring wasn't NULL, it'll be a newly malloced error - * string.*/ -int dropbear_listen(const char* address, const char* port, - int *socks, unsigned int sockcount, char **errstring, int *maxfd) { - - struct addrinfo hints, *res = NULL, *res0 = NULL; - int err; - unsigned int nsock; - struct linger linger; - int val; - int sock; - - TRACE(("enter dropbear_listen")) - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = AF_UNSPEC; /* TODO: let them flag v4 only etc */ - hints.ai_socktype = SOCK_STREAM; - - /* for calling getaddrinfo: - address == NULL and !AI_PASSIVE: local loopback - address == NULL and AI_PASSIVE: all interfaces - address != NULL: whatever the address says */ - if (!address) { - TRACE(("dropbear_listen: local loopback")) - } else { - if (address[0] == '\0') { - TRACE(("dropbear_listen: all interfaces")) - address = NULL; - } - hints.ai_flags = AI_PASSIVE; - } - err = getaddrinfo(address, port, &hints, &res0); - - if (err) { - if (errstring != NULL && *errstring == NULL) { - int len; - len = 20 + strlen(gai_strerror(err)); - *errstring = (char*)m_malloc(len); - snprintf(*errstring, len, "Error resolving: %s", gai_strerror(err)); - } - if (res0) { - freeaddrinfo(res0); - res0 = NULL; - } - TRACE(("leave dropbear_listen: failed resolving")) - return -1; - } - - - nsock = 0; - for (res = res0; res != NULL && nsock < sockcount; - res = res->ai_next) { - - /* Get a socket */ - socks[nsock] = socket(res->ai_family, res->ai_socktype, - res->ai_protocol); - - sock = socks[nsock]; /* For clarity */ - - if (sock < 0) { - err = errno; - TRACE(("socket() failed")) - continue; - } - - /* Various useful socket options */ - val = 1; - /* set to reuse, quick timeout */ - setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &val, sizeof(val)); - linger.l_onoff = 1; - linger.l_linger = 5; - setsockopt(sock, SOL_SOCKET, SO_LINGER, (void*)&linger, sizeof(linger)); - -#if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY) - if (res->ai_family == AF_INET6) { - int on = 1; - if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, - &on, sizeof(on)) == -1) { - dropbear_log(LOG_WARNING, "Couldn't set IPV6_V6ONLY"); - } - } -#endif - - set_sock_nodelay(sock); - - if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) { - err = errno; - close(sock); - TRACE(("bind(%s) failed", port)) - continue; - } - - if (listen(sock, DROPBEAR_LISTEN_BACKLOG) < 0) { - err = errno; - close(sock); - TRACE(("listen() failed")) - continue; - } - - *maxfd = MAX(*maxfd, sock); - - nsock++; - } - - if (res0) { - freeaddrinfo(res0); - res0 = NULL; - } - - if (nsock == 0) { - if (errstring != NULL && *errstring == NULL) { - int len; - len = 20 + strlen(strerror(err)); - *errstring = (char*)m_malloc(len); - snprintf(*errstring, len, "Error listening: %s", strerror(err)); - } - TRACE(("leave dropbear_listen: failure, %s", strerror(err))) - return -1; - } - - TRACE(("leave dropbear_listen: success, %d socks bound", nsock)) - return nsock; -} - /* Connect to a given unix socket. The socket is blocking */ #ifdef ENABLE_CONNECT_UNIX int connect_unix(const char* path) { @@ -390,93 +236,6 @@ } #endif -/* Connect via TCP to a host. Connection will try ipv4 or ipv6, will - * return immediately if nonblocking is set. On failure, if errstring - * wasn't null, it will be a newly malloced error message */ - -/* TODO: maxfd */ -int connect_remote(const char* remotehost, const char* remoteport, - int nonblocking, char ** errstring) { - - struct addrinfo *res0 = NULL, *res = NULL, hints; - int sock; - int err; - - TRACE(("enter connect_remote")) - - if (errstring != NULL) { - *errstring = NULL; - } - - memset(&hints, 0, sizeof(hints)); - hints.ai_socktype = SOCK_STREAM; - hints.ai_family = PF_UNSPEC; - - err = getaddrinfo(remotehost, remoteport, &hints, &res0); - if (err) { - if (errstring != NULL && *errstring == NULL) { - int len; - len = 100 + strlen(gai_strerror(err)); - *errstring = (char*)m_malloc(len); - snprintf(*errstring, len, "Error resolving '%s' port '%s'. %s", - remotehost, remoteport, gai_strerror(err)); - } - TRACE(("Error resolving: %s", gai_strerror(err))) - return -1; - } - - sock = -1; - err = EADDRNOTAVAIL; - for (res = res0; res; res = res->ai_next) { - - sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol); - if (sock < 0) { - err = errno; - continue; - } - - if (nonblocking) { - setnonblocking(sock); - } - - if (connect(sock, res->ai_addr, res->ai_addrlen) < 0) { - if (errno == EINPROGRESS && nonblocking) { - TRACE(("Connect in progress")) - break; - } else { - err = errno; - close(sock); - sock = -1; - continue; - } - } - - break; /* Success */ - } - - if (sock < 0 && !(errno == EINPROGRESS && nonblocking)) { - /* Failed */ - if (errstring != NULL && *errstring == NULL) { - int len; - len = 20 + strlen(strerror(err)); - *errstring = (char*)m_malloc(len); - snprintf(*errstring, len, "Error connecting: %s", strerror(err)); - } - TRACE(("Error connecting: %s", strerror(err))) - } else { - /* Success */ - set_sock_nodelay(sock); - } - - freeaddrinfo(res0); - if (sock > 0 && errstring != NULL && *errstring != NULL) { - m_free(*errstring); - } - - TRACE(("leave connect_remote: sock %d\n", sock)) - return sock; -} - /* Sets up a pipe for a, returning three non-blocking file descriptors * and the pid. exec_fn is the function that will actually execute the child process, * it will be run after the child has fork()ed, and is passed exec_data. @@ -612,88 +371,6 @@ execv(usershell, argv); } -void get_socket_address(int fd, char **local_host, char **local_port, - char **remote_host, char **remote_port, int host_lookup) -{ - struct sockaddr_storage addr; - socklen_t addrlen; - - if (local_host || local_port) { - addrlen = sizeof(addr); - if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) < 0) { - dropbear_exit("Failed socket address: %s", strerror(errno)); - } - getaddrstring(&addr, local_host, local_port, host_lookup); - } - if (remote_host || remote_port) { - addrlen = sizeof(addr); - if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) < 0) { - dropbear_exit("Failed socket address: %s", strerror(errno)); - } - getaddrstring(&addr, remote_host, remote_port, host_lookup); - } -} - -/* Return a string representation of the socket address passed. The return - * value is allocated with malloc() */ -void getaddrstring(struct sockaddr_storage* addr, - char **ret_host, char **ret_port, - int host_lookup) { - - char host[NI_MAXHOST+1], serv[NI_MAXSERV+1]; - unsigned int len; - int ret; - - int flags = NI_NUMERICSERV | NI_NUMERICHOST; - -#ifndef DO_HOST_LOOKUP - host_lookup = 0; -#endif - - if (host_lookup) { - flags = NI_NUMERICSERV; - } - - len = sizeof(struct sockaddr_storage); - /* Some platforms such as Solaris 8 require that len is the length - * of the specific structure. Some older linux systems (glibc 2.1.3 - * such as debian potato) have sockaddr_storage.__ss_family instead - * but we'll ignore them */ -#ifdef HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY - if (addr->ss_family == AF_INET) { - len = sizeof(struct sockaddr_in); - } -#ifdef AF_INET6 - if (addr->ss_family == AF_INET6) { - len = sizeof(struct sockaddr_in6); - } -#endif -#endif - - ret = getnameinfo((struct sockaddr*)addr, len, host, sizeof(host)-1, - serv, sizeof(serv)-1, flags); - - if (ret != 0) { - if (host_lookup) { - /* On some systems (Darwin does it) we get EINTR from getnameinfo - * somehow. Eew. So we'll just return the IP, since that doesn't seem - * to exhibit that behaviour. */ - getaddrstring(addr, ret_host, ret_port, 0); - return; - } else { - /* if we can't do a numeric lookup, something's gone terribly wrong */ - dropbear_exit("Failed lookup: %s", gai_strerror(ret)); - } - } - - if (ret_host) { - *ret_host = m_strdup(host); - } - if (ret_port) { - *ret_port = m_strdup(serv); - } -} - #ifdef DEBUG_TRACE void printhex(const char * label, const unsigned char * buf, int len) { @@ -827,12 +504,12 @@ /* make sure that the socket closes */ void m_close(int fd) { + int val; if (fd == -1) { return; } - int val; do { val = close(fd); } while (val < 0 && errno == EINTR); @@ -936,6 +613,23 @@ } } +/* Returns malloced path. Only expands ~ in first character */ +char * expand_tilde(const char *inpath) { + struct passwd *pw = NULL; + if (inpath[0] == '~') { + pw = getpwuid(getuid()); + if (pw && pw->pw_dir) { + int len = strlen(inpath) + strlen(pw->pw_dir) + 1; + char *buf = m_malloc(len); + snprintf(buf, len, "%s/%s", pw->pw_dir, &inpath[1]); + return buf; + } + } + + /* Fallback */ + return m_strdup(inpath); +} + int constant_time_memcmp(const void* a, const void *b, size_t n) { const char *xa = a, *xb = b; @@ -1001,3 +695,4 @@ return time(NULL); } +
--- a/dbutil.h Fri Jan 23 22:32:49 2015 +0800 +++ b/dbutil.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,12 +22,13 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _DBUTIL_H_ +#ifndef DROPBEAR_DBUTIL_H_ -#define _DBUTIL_H_ +#define DROPBEAR_DBUTIL_H_ #include "includes.h" #include "buffer.h" +#include "queue.h" #ifndef DISABLE_SYSLOG void startsyslog(); @@ -58,32 +59,18 @@ void dropbear_trace2(const char* format, ...) ATTRIB_PRINTF(1,2); void printhex(const char * label, const unsigned char * buf, int len); void printmpint(const char *label, mp_int *mp); +void debug_start_net(); extern int debug_trace; #endif -enum dropbear_prio { - DROPBEAR_PRIO_DEFAULT = 10, - DROPBEAR_PRIO_LOWDELAY = 11, - DROPBEAR_PRIO_BULK = 12, -}; +char * stripcontrol(const char * text); -char * stripcontrol(const char * text); -void get_socket_address(int fd, char **local_host, char **local_port, - char **remote_host, char **remote_port, int host_lookup); -void getaddrstring(struct sockaddr_storage* addr, - char **ret_host, char **ret_port, int host_lookup); -void set_sock_nodelay(int sock); -void set_sock_priority(int sock, enum dropbear_prio prio); -int dropbear_listen(const char* address, const char* port, - int *socks, unsigned int sockcount, char **errstring, int *maxfd); int spawn_command(void(*exec_fn)(void *user_data), void *exec_data, int *writefd, int *readfd, int *errfd, pid_t *pid); void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell); #ifdef ENABLE_CONNECT_UNIX int connect_unix(const char* addr); #endif -int connect_remote(const char* remotehost, const char* remoteport, - int nonblocking, char ** errstring); int buf_readfile(buffer* buf, const char* filename); int buf_getline(buffer * line, FILE * authfile); @@ -91,7 +78,7 @@ void * m_malloc(size_t size); void * m_strdup(const char * str); void * m_realloc(void* ptr, size_t size); -#define m_free(X) free(X); (X) = NULL; +#define m_free(X) do {free(X); (X) = NULL;} while (0); void m_burn(void* data, unsigned int len); void setnonblocking(int fd); void disallow_core(); @@ -110,5 +97,6 @@ a real-world clock */ time_t monotonic_now(); +char * expand_tilde(const char *inpath); -#endif /* _DBUTIL_H_ */ +#endif /* DROPBEAR_DBUTIL_H_ */
--- a/debian/changelog Fri Jan 23 22:32:49 2015 +0800 +++ b/debian/changelog Mon Mar 16 21:34:05 2015 +0800 @@ -1,3 +1,9 @@ +dropbear (2015.67-0.1) unstable; urgency=low + + * New upstream release. + + -- Matt Johnston <matt@ucc.asn.au> Wed, 28 Jan 2015 22:53:59 +0800 + dropbear (2014.66-0.1) unstable; urgency=low * New upstream release.
--- a/debug.h Fri Jan 23 22:32:49 2015 +0800 +++ b/debug.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _DEBUG_H_ -#define _DEBUG_H_ +#ifndef DROPBEAR_DEBUG_H_ +#define DROPBEAR_DEBUG_H_ #include "includes.h" @@ -39,7 +39,7 @@ * Caution: Don't use this in an unfriendly environment (ie unfirewalled), * since the printing may not sanitise strings etc. This will add a reasonable * amount to your executable size. */ -/* #define DEBUG_TRACE */ +/*#define DEBUG_TRACE*/ /* All functions writing to the cleartext payload buffer call * CHECKCLEARTOWRITE() before writing. This is only really useful if you're
--- a/dropbearconvert.1 Fri Jan 23 22:32:49 2015 +0800 +++ b/dropbearconvert.1 Mon Mar 16 21:34:05 2015 +0800 @@ -39,9 +39,9 @@ An existing Dropbear or OpenSSH private key file .TP .B output file -The path to write the converted private key file +The path to write the converted private key file. For client authentication ~/.ssh/id_dropbear is loaded by default .SH EXAMPLE - # dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/dropbear_priv + # dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/id_dropbear .SH AUTHOR Matt Johnston (matt@ucc.asn.au). .SH SEE ALSO
--- a/dropbearkey.1 Fri Jan 23 22:32:49 2015 +0800 +++ b/dropbearkey.1 Mon Mar 16 21:34:05 2015 +0800 @@ -33,7 +33,7 @@ .TP .B \-f \fIfile Write the secret key to the file -.IR file . +.IR file . For client authentication ~/.ssh/id_dropbear is loaded by default .TP .B \-s \fIbits Set the key size to
--- a/dropbearkey.c Fri Jan 23 22:32:49 2015 +0800 +++ b/dropbearkey.c Mon Mar 16 21:34:05 2015 +0800 @@ -76,7 +76,8 @@ #ifdef DROPBEAR_ECDSA " ecdsa\n" #endif - "-f filename Use filename for the secret key\n" + "-f filename Use filename for the secret key.\n" + " ~/.ssh/id_dropbear is recommended for client keys.\n" "-s bits Key size in bits, should be a multiple of 8 (optional)\n" #ifdef DROPBEAR_DSS " DSS has a fixed size of 1024 bits\n"
--- a/dss.h Fri Jan 23 22:32:49 2015 +0800 +++ b/dss.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _DSS_H_ -#define _DSS_H_ +#ifndef DROPBEAR_DSS_H_ +#define DROPBEAR_DSS_H_ #include "includes.h" #include "buffer.h" @@ -53,4 +53,4 @@ #endif /* DROPBEAR_DSS */ -#endif /* _DSS_H_ */ +#endif /* DROPBEAR_DSS_H_ */
--- a/ecc.c Fri Jan 23 22:32:49 2015 +0800 +++ b/ecc.c Mon Mar 16 21:34:05 2015 +0800 @@ -86,11 +86,6 @@ { mp_int *prime, *b, *t1, *t2; int err; - - prime = m_malloc(sizeof(mp_int)); - b = m_malloc(sizeof(mp_int)); - t1 = m_malloc(sizeof(mp_int)); - t2 = m_malloc(sizeof(mp_int)); m_mp_alloc_init_multi(&prime, &b, &t1, &t2, NULL);
--- a/ecc.h Fri Jan 23 22:32:49 2015 +0800 +++ b/ecc.h Mon Mar 16 21:34:05 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _DROPBEAR_ECC_H -#define _DROPBEAR_ECC_H +#ifndef DROPBEAR_DROPBEAR_ECC_H +#define DROPBEAR_DROPBEAR_ECC_H #include "includes.h" #include "options.h" @@ -33,4 +33,4 @@ #endif -#endif /* _DROPBEAR_ECC_H */ +#endif /* DROPBEAR_DROPBEAR_ECC_H */
--- a/ecdsa.c Fri Jan 23 22:32:49 2015 +0800 +++ b/ecdsa.c Mon Mar 16 21:34:05 2015 +0800 @@ -131,6 +131,7 @@ if (buf_getmpint(buf, new_key->k) != DROPBEAR_SUCCESS) { ecc_free(new_key); + m_free(new_key); return NULL; } @@ -408,7 +409,7 @@ out: ltc_ecc_del_point(mG); ltc_ecc_del_point(mQ); - mp_clear_multi(r, s, v, w, u1, u2, p, e, m, NULL); + ltc_deinit_multi(r, s, v, w, u1, u2, p, e, m, NULL); if (mp != NULL) { ltc_mp.montgomery_deinit(mp); }
--- a/ecdsa.h Fri Jan 23 22:32:49 2015 +0800 +++ b/ecdsa.h Mon Mar 16 21:34:05 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _ECDSA_H_ -#define _ECDSA_H_ +#ifndef DROPBEAR_ECDSA_H_ +#define DROPBEAR_ECDSA_H_ #include "includes.h" #include "buffer.h" @@ -32,4 +32,4 @@ #endif -#endif /* _ECDSA_H_ */ +#endif /* DROPBEAR_ECDSA_H_ */
--- a/fake-rfc2553.h Fri Jan 23 22:32:49 2015 +0800 +++ b/fake-rfc2553.h Mon Mar 16 21:34:05 2015 +0800 @@ -39,8 +39,8 @@ * that ai_family is AF_INET. Don't use it for another purpose. */ -#ifndef _FAKE_RFC2553_H -#define _FAKE_RFC2553_H +#ifndef DROPBEAR_FAKE_RFC2553_H +#define DROPBEAR_FAKE_RFC2553_H #include "includes.h" #include <sys/types.h>
--- a/gendss.h Fri Jan 23 22:32:49 2015 +0800 +++ b/gendss.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _GENDSS_H_ -#define _GENDSS_H_ +#ifndef DROPBEAR_GENDSS_H_ +#define DROPBEAR_GENDSS_H_ #include "dss.h" @@ -33,4 +33,4 @@ #endif /* DROPBEAR_DSS */ -#endif /* _GENDSS_H_ */ +#endif /* DROPBEAR_GENDSS_H_ */
--- a/genrsa.h Fri Jan 23 22:32:49 2015 +0800 +++ b/genrsa.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _GENRSA_H_ -#define _GENRSA_H_ +#ifndef DROPBEAR_GENRSA_H_ +#define DROPBEAR_GENRSA_H_ #include "rsa.h" @@ -33,4 +33,4 @@ #endif /* DROPBEAR_RSA */ -#endif /* _GENRSA_H_ */ +#endif /* DROPBEAR_GENRSA_H_ */
--- a/gensignkey.h Fri Jan 23 22:32:49 2015 +0800 +++ b/gensignkey.h Mon Mar 16 21:34:05 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _GENSIGNKEY_H -#define _GENSIGNKEY_H +#ifndef DROPBEAR_GENSIGNKEY_H +#define DROPBEAR_GENSIGNKEY_H #include "signkey.h"
--- a/includes.h Fri Jan 23 22:32:49 2015 +0800 +++ b/includes.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _INCLUDES_H_ -#define _INCLUDES_H_ +#ifndef DROPBEAR_INCLUDES_H_ +#define DROPBEAR_INCLUDES_H_ #include "config.h" @@ -177,4 +177,4 @@ # define UNUSED(x) x #endif -#endif /* _INCLUDES_H_ */ +#endif /* DROPBEAR_INCLUDES_H_ */
--- a/kex.h Fri Jan 23 22:32:49 2015 +0800 +++ b/kex.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _KEX_H_ -#define _KEX_H_ +#ifndef DROPBEAR_KEX_H_ +#define DROPBEAR_KEX_H_ #include "includes.h" #include "algo.h" @@ -113,4 +113,4 @@ #define MAX_KEXHASHBUF 2000 -#endif /* _KEX_H_ */ +#endif /* DROPBEAR_KEX_H_ */
--- a/keyimport.c Fri Jan 23 22:32:49 2015 +0800 +++ b/keyimport.c Mon Mar 16 21:34:05 2015 +0800 @@ -464,17 +464,16 @@ goto error; } - memset(buffer, 0, sizeof(buffer)); + m_burn(buffer, sizeof(buffer)); return ret; error: - memset(buffer, 0, sizeof(buffer)); + m_burn(buffer, sizeof(buffer)); if (ret) { if (ret->keyblob) { - memset(ret->keyblob, 0, ret->keyblob_size); + m_burn(ret->keyblob, ret->keyblob_size); m_free(ret->keyblob); } - memset(&ret, 0, sizeof(ret)); m_free(ret); } if (fp) { @@ -494,9 +493,8 @@ if (!key) return 0; ret = key->encrypted; - memset(key->keyblob, 0, key->keyblob_size); + m_burn(key->keyblob, key->keyblob_size); m_free(key->keyblob); - memset(&key, 0, sizeof(key)); m_free(key); return ret; } @@ -627,7 +625,7 @@ if (i == 0) { /* First integer is a version indicator */ - int expected; + int expected = -1; switch (key->type) { case OSSH_RSA: case OSSH_DSA: @@ -810,7 +808,7 @@ } m_burn(key->keyblob, key->keyblob_size); m_free(key->keyblob); - m_burn(key, sizeof(key)); + m_burn(key, sizeof(*key)); m_free(key); if (errmsg) { fprintf(stderr, "Error: %s\n", errmsg); @@ -826,7 +824,7 @@ unsigned char *outblob = NULL; int outlen = -9999; struct mpint_pos numbers[9]; - int nnumbers = -1, pos, len, seqlen, i; + int nnumbers = -1, pos = 0, len = 0, seqlen, i; char *header = NULL, *footer = NULL; char zero[1]; int ret = 0; @@ -1046,6 +1044,7 @@ const void* curve_oid = NULL; unsigned long pubkey_size = 2*curve_size+1; unsigned int k_size; + int err = 0; /* version. less than 10 bytes */ buf_incrwritepos(seq_buf, @@ -1091,7 +1090,7 @@ buf_incrwritepos(seq_buf, ber_write_id_len(buf_getwriteptr(seq_buf, 10), 3, 1+pubkey_size, 0)); buf_putbyte(seq_buf, 0); - int err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size); + err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size); if (err != CRYPT_OK) { dropbear_exit("ECC error"); }
--- a/keyimport.h Fri Jan 23 22:32:49 2015 +0800 +++ b/keyimport.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _KEYIMPORT_H_ -#define _KEYIMPORT_H_ +#ifndef DROPBEAR_KEYIMPORT_H_ +#define DROPBEAR_KEYIMPORT_H_ #include "includes.h" #include "signkey.h" @@ -39,4 +39,4 @@ sign_key *import_read(const char *filename, char *passphrase, int filetype); int import_encrypted(const char* filename, int filetype); -#endif /* _KEYIMPORT_H_ */ +#endif /* DROPBEAR_KEYIMPORT_H_ */
--- a/libtomcrypt/src/headers/tomcrypt_argchk.h Fri Jan 23 22:32:49 2015 +0800 +++ b/libtomcrypt/src/headers/tomcrypt_argchk.h Mon Mar 16 21:34:05 2015 +0800 @@ -4,8 +4,16 @@ #include <signal.h> +/* portability macros for compiler-specific code attributes */ +#ifdef __GNUC__ +#define ATTRIB_NORETURN __attribute__((noreturn)) +#else +#define ATTRIB_NORETURN +#endif + + /* this is the default LibTomCrypt macro */ -void crypt_argchk(char *v, char *s, int d); +void crypt_argchk(char *v, char *s, int d) ATTRIB_NORETURN; #define LTC_ARGCHK(x) if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } #define LTC_ARGCHKVD(x) LTC_ARGCHK(x)
--- a/libtomcrypt/src/mac/hmac/hmac_done.c Fri Jan 23 22:32:49 2015 +0800 +++ b/libtomcrypt/src/mac/hmac/hmac_done.c Mon Mar 16 21:34:05 2015 +0800 @@ -28,7 +28,7 @@ */ int hmac_done(hmac_state *hmac, unsigned char *out, unsigned long *outlen) { - unsigned char *buf, *isha; + unsigned char buf[MAXBLOCKSIZE], isha[MAXBLOCKSIZE]; unsigned long hashsize, i; int hash, err; @@ -44,19 +44,6 @@ /* get the hash message digest size */ hashsize = hash_descriptor[hash].hashsize; - /* allocate buffers */ - buf = XMALLOC(HMAC_BLOCKSIZE); - isha = XMALLOC(hashsize); - if (buf == NULL || isha == NULL) { - if (buf != NULL) { - XFREE(buf); - } - if (isha != NULL) { - XFREE(isha); - } - return CRYPT_MEM; - } - /* Get the hash of the first HMAC vector plus the data */ if ((err = hash_descriptor[hash].done(&hmac->md, isha)) != CRYPT_OK) { goto LBL_ERR; @@ -96,9 +83,6 @@ zeromem(hmac, sizeof(*hmac)); #endif - XFREE(isha); - XFREE(buf); - return err; }
--- a/libtomcrypt/src/mac/hmac/hmac_init.c Fri Jan 23 22:32:49 2015 +0800 +++ b/libtomcrypt/src/mac/hmac/hmac_init.c Mon Mar 16 21:34:05 2015 +0800 @@ -29,7 +29,7 @@ */ int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned long keylen) { - unsigned char *buf; + unsigned char buf[MAXBLOCKSIZE]; unsigned long hashsize; unsigned long i, z; int err; @@ -49,16 +49,9 @@ return CRYPT_INVALID_KEYSIZE; } - /* allocate ram for buf */ - buf = XMALLOC(HMAC_BLOCKSIZE); - if (buf == NULL) { - return CRYPT_MEM; - } - /* allocate memory for key */ hmac->key = XMALLOC(HMAC_BLOCKSIZE); if (hmac->key == NULL) { - XFREE(buf); return CRYPT_MEM; } @@ -101,7 +94,6 @@ zeromem(buf, HMAC_BLOCKSIZE); #endif - XFREE(buf); return err; }
--- a/list.h Fri Jan 23 22:32:49 2015 +0800 +++ b/list.h Mon Mar 16 21:34:05 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _DROPBEAR_LIST_H -#define _DROPBEAR_LIST_H +#ifndef DROPBEAR_DROPBEAR_LIST_H +#define DROPBEAR_DROPBEAR_LIST_H struct _m_list; @@ -25,4 +25,4 @@ void * list_remove(m_list_elem *elem); -#endif /* _DROPBEAR_LIST_H */ +#endif /* DROPBEAR_DROPBEAR_LIST_H */
--- a/listener.c Fri Jan 23 22:32:49 2015 +0800 +++ b/listener.c Mon Mar 16 21:34:05 2015 +0800 @@ -161,5 +161,14 @@ } ses.listeners[listener->index] = NULL; m_free(listener); +} +void remove_all_listeners(void) { + unsigned int i; + for (i = 0; i < ses.listensize; i++) { + if (ses.listeners[i]) { + remove_listener(ses.listeners[i]); + } + } + m_free(ses.listeners); }
--- a/listener.h Fri Jan 23 22:32:49 2015 +0800 +++ b/listener.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _LISTENER_H -#define _LISTENER_H +#ifndef DROPBEAR_LISTENER_H +#define DROPBEAR_LISTENER_H #define MAX_LISTENERS 20 #define LISTENER_EXTEND_SIZE 1 @@ -60,4 +60,6 @@ void remove_listener(struct Listener* listener); -#endif /* _LISTENER_H */ +void remove_all_listeners(void); + +#endif /* DROPBEAR_LISTENER_H */
--- a/loginrec.h Fri Jan 23 22:32:49 2015 +0800 +++ b/loginrec.h Mon Mar 16 21:34:05 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _HAVE_LOGINREC_H_ -#define _HAVE_LOGINREC_H_ +#ifndef DROPBEAR_HAVE_LOGINREC_H_ +#define DROPBEAR_HAVE_LOGINREC_H_ /* * Copyright (c) 2000 Andre Lucas. All rights reserved. @@ -182,4 +182,4 @@ char *line_stripname(char *dst, const char *src, size_t dstsize); char *line_abbrevname(char *dst, const char *src, size_t dstsize); -#endif /* _HAVE_LOGINREC_H_ */ +#endif /* DROPBEAR_HAVE_LOGINREC_H_ */
--- a/ltc_prng.h Fri Jan 23 22:32:49 2015 +0800 +++ b/ltc_prng.h Mon Mar 16 21:34:05 2015 +0800 @@ -1,5 +1,5 @@ -#ifndef _LTC_PRNG_H_DROPBEAR -#define _LTC_PRNG_H_DROPBEAR +#ifndef DROPBEAR_LTC_PRNG_H_DROPBEAR +#define DROPBEAR_LTC_PRNG_H_DROPBEAR #include "options.h" #include "includes.h" @@ -10,4 +10,4 @@ #endif /* DROPBEAR_LTC_PRNG */ -#endif /* _LTC_PRNG_H_DROPBEAR */ +#endif /* DROPBEAR_LTC_PRNG_H_DROPBEAR */
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/netio.c Mon Mar 16 21:34:05 2015 +0800 @@ -0,0 +1,582 @@ +#include "netio.h" +#include "list.h" +#include "dbutil.h" +#include "session.h" +#include "debug.h" + +struct dropbear_progress_connection { + struct addrinfo *res; + struct addrinfo *res_iter; + + char *remotehost, *remoteport; /* For error reporting */ + + connect_callback cb; + void *cb_data; + + struct Queue *writequeue; /* A queue of encrypted packets to send with TCP fastopen, + or NULL. */ + + int sock; + + char* errstring; +}; + +#if defined(__linux__) && defined(TCP_DEFER_ACCEPT) +static void set_piggyback_ack(int sock) { + /* Undocumented Linux feature - set TCP_DEFER_ACCEPT and data will be piggybacked + on the 3rd packet (ack) of the TCP handshake. Saves a IP packet. + http://thread.gmane.org/gmane.linux.network/224627/focus=224727 + "Piggyback the final ACK of the three way TCP connection establishment with the data" */ + int val = 1; + /* No error checking, this is opportunistic */ + int err = setsockopt(sock, IPPROTO_TCP, TCP_DEFER_ACCEPT, (void*)&val, sizeof(val)); + if (err) + { + TRACE(("Failed setsockopt TCP_DEFER_ACCEPT: %s", strerror(errno))) + } +} +#endif + + +/* Deallocate a progress connection. Removes from the pending list if iter!=NULL. +Does not close sockets */ +static void remove_connect(struct dropbear_progress_connection *c, m_list_elem *iter) { + if (c->res) { + freeaddrinfo(c->res); + } + m_free(c->remotehost); + m_free(c->remoteport); + m_free(c->errstring); + m_free(c); + + if (iter) { + list_remove(iter); + } +} + +static void cancel_callback(int result, int sock, void* UNUSED(data), const char* UNUSED(errstring)) { + if (result == DROPBEAR_SUCCESS) + { + m_close(sock); + } +} + +void cancel_connect(struct dropbear_progress_connection *c) { + c->cb = cancel_callback; + c->cb_data = NULL; +} + +static void connect_try_next(struct dropbear_progress_connection *c) { + struct addrinfo *r; + int res = 0; + int fastopen = 0; +#ifdef DROPBEAR_TCP_FAST_OPEN + struct msghdr message; +#endif + + for (r = c->res_iter; r; r = r->ai_next) + { + dropbear_assert(c->sock == -1); + + c->sock = socket(c->res_iter->ai_family, c->res_iter->ai_socktype, c->res_iter->ai_protocol); + if (c->sock < 0) { + continue; + } + + ses.maxfd = MAX(ses.maxfd, c->sock); + set_sock_nodelay(c->sock); + setnonblocking(c->sock); + +#if defined(__linux__) && defined(TCP_DEFER_ACCEPT) + set_piggyback_ack(c->sock); +#endif + +#ifdef DROPBEAR_TCP_FAST_OPEN + fastopen = (c->writequeue != NULL); + + memset(&message, 0x0, sizeof(message)); + message.msg_name = r->ai_addr; + message.msg_namelen = r->ai_addrlen; + + if (c->writequeue) { + int iovlen; /* Linux msg_iovlen is a size_t */ + message.msg_iov = packet_queue_to_iovec(c->writequeue, &iovlen); + message.msg_iovlen = iovlen; + res = sendmsg(c->sock, &message, MSG_FASTOPEN); + if (res < 0 && errno != EINPROGRESS) { + m_free(c->errstring); + c->errstring = m_strdup(strerror(errno)); + /* Not entirely sure which kind of errors are normal - 2.6.32 seems to + return EPIPE for any (nonblocking?) sendmsg(). just fall back */ + TRACE(("sendmsg tcp_fastopen failed, falling back. %s", strerror(errno))); + /* No kernel MSG_FASTOPEN support. Fall back below */ + fastopen = 0; + /* Set to NULL to avoid trying again */ + c->writequeue = NULL; + } + m_free(message.msg_iov); + packet_queue_consume(c->writequeue, res); + } +#endif + + /* Normal connect(), used as fallback for TCP fastopen too */ + if (!fastopen) { + res = connect(c->sock, r->ai_addr, r->ai_addrlen); + } + + if (res < 0 && errno != EINPROGRESS) { + /* failure */ + m_free(c->errstring); + c->errstring = m_strdup(strerror(errno)); + close(c->sock); + c->sock = -1; + continue; + } else { + /* new connection was successful, wait for it to complete */ + break; + } + } + + if (r) { + c->res_iter = r->ai_next; + } else { + c->res_iter = NULL; + } +} + +/* Connect via TCP to a host. */ +struct dropbear_progress_connection *connect_remote(const char* remotehost, const char* remoteport, + connect_callback cb, void* cb_data) +{ + struct dropbear_progress_connection *c = NULL; + int err; + struct addrinfo hints; + + c = m_malloc(sizeof(*c)); + c->remotehost = m_strdup(remotehost); + c->remoteport = m_strdup(remoteport); + c->sock = -1; + c->cb = cb; + c->cb_data = cb_data; + + list_append(&ses.conn_pending, c); + + memset(&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_STREAM; + hints.ai_family = PF_UNSPEC; + + err = getaddrinfo(remotehost, remoteport, &hints, &c->res); + if (err) { + int len; + len = 100 + strlen(gai_strerror(err)); + c->errstring = (char*)m_malloc(len); + snprintf(c->errstring, len, "Error resolving '%s' port '%s'. %s", + remotehost, remoteport, gai_strerror(err)); + TRACE(("Error resolving: %s", gai_strerror(err))) + } else { + c->res_iter = c->res; + } + + return c; +} + +void remove_connect_pending() { + while (ses.conn_pending.first) { + struct dropbear_progress_connection *c = ses.conn_pending.first->item; + remove_connect(c, ses.conn_pending.first); + } +} + + +void set_connect_fds(fd_set *writefd) { + m_list_elem *iter; + TRACE(("enter handle_connect_fds")) + for (iter = ses.conn_pending.first; iter; iter = iter->next) { + struct dropbear_progress_connection *c = iter->item; + /* Set one going */ + while (c->res_iter && c->sock < 0) + { + connect_try_next(c); + } + if (c->sock >= 0) { + FD_SET(c->sock, writefd); + } else { + m_list_elem *remove_iter; + /* Final failure */ + if (!c->errstring) { + c->errstring = m_strdup("unexpected failure"); + } + c->cb(DROPBEAR_FAILURE, -1, c->cb_data, c->errstring); + /* Safely remove without invalidating iter */ + remove_iter = iter; + iter = iter->prev; + remove_connect(c, remove_iter); + } + } +} + +void handle_connect_fds(fd_set *writefd) { + m_list_elem *iter; + TRACE(("enter handle_connect_fds")) + for (iter = ses.conn_pending.first; iter; iter = iter->next) { + int val; + socklen_t vallen = sizeof(val); + struct dropbear_progress_connection *c = iter->item; + + if (c->sock < 0 || !FD_ISSET(c->sock, writefd)) { + continue; + } + + TRACE(("handling %s port %s socket %d", c->remotehost, c->remoteport, c->sock)); + + if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &val, &vallen) != 0) { + TRACE(("handle_connect_fds getsockopt(%d) SO_ERROR failed: %s", c->sock, strerror(errno))) + /* This isn't expected to happen - Unix has surprises though, continue gracefully. */ + m_close(c->sock); + c->sock = -1; + } else if (val != 0) { + /* Connect failed */ + TRACE(("connect to %s port %s failed.", c->remotehost, c->remoteport)) + m_close(c->sock); + c->sock = -1; + + m_free(c->errstring); + c->errstring = m_strdup(strerror(val)); + } else { + /* New connection has been established */ + c->cb(DROPBEAR_SUCCESS, c->sock, c->cb_data, NULL); + remove_connect(c, iter); + TRACE(("leave handle_connect_fds - success")) + /* Must return here - remove_connect() invalidates iter */ + return; + } + } + TRACE(("leave handle_connect_fds - end iter")) +} + +void connect_set_writequeue(struct dropbear_progress_connection *c, struct Queue *writequeue) { + c->writequeue = writequeue; +} + +struct iovec * packet_queue_to_iovec(struct Queue *queue, int *ret_iov_count) { + struct iovec *iov = NULL; + struct Link *l; + unsigned int i; + int len; + buffer *writebuf; + + #ifndef IOV_MAX + #define IOV_MAX UIO_MAXIOV + #endif + + *ret_iov_count = MIN(queue->count, IOV_MAX); + + iov = m_malloc(sizeof(*iov) * *ret_iov_count); + for (l = queue->head, i = 0; l; l = l->link, i++) + { + writebuf = (buffer*)l->item; + len = writebuf->len - 1 - writebuf->pos; + dropbear_assert(len > 0); + TRACE2(("write_packet writev #%d type %d len %d/%d", i, writebuf->data[writebuf->len-1], + len, writebuf->len-1)) + iov[i].iov_base = buf_getptr(writebuf, len); + iov[i].iov_len = len; + } + + return iov; +} + +void packet_queue_consume(struct Queue *queue, ssize_t written) { + buffer *writebuf; + int len; + while (written > 0) { + writebuf = (buffer*)examine(queue); + len = writebuf->len - 1 - writebuf->pos; + if (len > written) { + /* partial buffer write */ + buf_incrpos(writebuf, written); + written = 0; + } else { + written -= len; + dequeue(queue); + buf_free(writebuf); + } + } +} + +void set_sock_nodelay(int sock) { + int val; + + /* disable nagle */ + val = 1; + setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void*)&val, sizeof(val)); +} + +#ifdef DROPBEAR_TCP_FAST_OPEN +void set_listen_fast_open(int sock) { + int qlen = MAX(MAX_UNAUTH_PER_IP, 5); + if (setsockopt(sock, SOL_TCP, TCP_FASTOPEN, &qlen, sizeof(qlen)) != 0) { + TRACE(("set_listen_fast_open failed for socket %d: %s", sock, strerror(errno))) + } +} + +#endif + +void set_sock_priority(int sock, enum dropbear_prio prio) { + + int rc; +#ifdef IPTOS_LOWDELAY + int iptos_val = 0; +#endif +#ifdef SO_PRIORITY + int so_prio_val = 0; +#endif + + + /* Don't log ENOTSOCK errors so that this can harmlessly be called + * on a client '-J' proxy pipe */ + + /* set the TOS bit for either ipv4 or ipv6 */ +#ifdef IPTOS_LOWDELAY + if (prio == DROPBEAR_PRIO_LOWDELAY) { + iptos_val = IPTOS_LOWDELAY; + } else if (prio == DROPBEAR_PRIO_BULK) { + iptos_val = IPTOS_THROUGHPUT; + } +#if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) + rc = setsockopt(sock, IPPROTO_IPV6, IPV6_TCLASS, (void*)&iptos_val, sizeof(iptos_val)); + if (rc < 0 && errno != ENOTSOCK) { + TRACE(("Couldn't set IPV6_TCLASS (%s)", strerror(errno))); + } +#endif + rc = setsockopt(sock, IPPROTO_IP, IP_TOS, (void*)&iptos_val, sizeof(iptos_val)); + if (rc < 0 && errno != ENOTSOCK) { + TRACE(("Couldn't set IP_TOS (%s)", strerror(errno))); + } +#endif + +#ifdef SO_PRIORITY + if (prio == DROPBEAR_PRIO_LOWDELAY) { + so_prio_val = TC_PRIO_INTERACTIVE; + } else if (prio == DROPBEAR_PRIO_BULK) { + so_prio_val = TC_PRIO_BULK; + } + /* linux specific, sets QoS class. see tc-prio(8) */ + rc = setsockopt(sock, SOL_SOCKET, SO_PRIORITY, (void*) &so_prio_val, sizeof(so_prio_val)); + if (rc < 0 && errno != ENOTSOCK) + dropbear_log(LOG_WARNING, "Couldn't set SO_PRIORITY (%s)", + strerror(errno)); +#endif + +} + +/* Listen on address:port. + * Special cases are address of "" listening on everything, + * and address of NULL listening on localhost only. + * Returns the number of sockets bound on success, or -1 on failure. On + * failure, if errstring wasn't NULL, it'll be a newly malloced error + * string.*/ +int dropbear_listen(const char* address, const char* port, + int *socks, unsigned int sockcount, char **errstring, int *maxfd) { + + struct addrinfo hints, *res = NULL, *res0 = NULL; + int err; + unsigned int nsock; + struct linger linger; + int val; + int sock; + + TRACE(("enter dropbear_listen")) + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; /* TODO: let them flag v4 only etc */ + hints.ai_socktype = SOCK_STREAM; + + /* for calling getaddrinfo: + address == NULL and !AI_PASSIVE: local loopback + address == NULL and AI_PASSIVE: all interfaces + address != NULL: whatever the address says */ + if (!address) { + TRACE(("dropbear_listen: local loopback")) + } else { + if (address[0] == '\0') { + TRACE(("dropbear_listen: all interfaces")) + address = NULL; + } + hints.ai_flags = AI_PASSIVE; + } + err = getaddrinfo(address, port, &hints, &res0); + + if (err) { + if (errstring != NULL && *errstring == NULL) { + int len; + len = 20 + strlen(gai_strerror(err)); + *errstring = (char*)m_malloc(len); + snprintf(*errstring, len, "Error resolving: %s", gai_strerror(err)); + } + if (res0) { + freeaddrinfo(res0); + res0 = NULL; + } + TRACE(("leave dropbear_listen: failed resolving")) + return -1; + } + + + nsock = 0; + for (res = res0; res != NULL && nsock < sockcount; + res = res->ai_next) { + + /* Get a socket */ + socks[nsock] = socket(res->ai_family, res->ai_socktype, + res->ai_protocol); + + sock = socks[nsock]; /* For clarity */ + + if (sock < 0) { + err = errno; + TRACE(("socket() failed")) + continue; + } + + /* Various useful socket options */ + val = 1; + /* set to reuse, quick timeout */ + setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &val, sizeof(val)); + linger.l_onoff = 1; + linger.l_linger = 5; + setsockopt(sock, SOL_SOCKET, SO_LINGER, (void*)&linger, sizeof(linger)); + +#if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY) + if (res->ai_family == AF_INET6) { + int on = 1; + if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, + &on, sizeof(on)) == -1) { + dropbear_log(LOG_WARNING, "Couldn't set IPV6_V6ONLY"); + } + } +#endif + + set_sock_nodelay(sock); + + if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) { + err = errno; + close(sock); + TRACE(("bind(%s) failed", port)) + continue; + } + + if (listen(sock, DROPBEAR_LISTEN_BACKLOG) < 0) { + err = errno; + close(sock); + TRACE(("listen() failed")) + continue; + } + + *maxfd = MAX(*maxfd, sock); + + nsock++; + } + + if (res0) { + freeaddrinfo(res0); + res0 = NULL; + } + + if (nsock == 0) { + if (errstring != NULL && *errstring == NULL) { + int len; + len = 20 + strlen(strerror(err)); + *errstring = (char*)m_malloc(len); + snprintf(*errstring, len, "Error listening: %s", strerror(err)); + } + TRACE(("leave dropbear_listen: failure, %s", strerror(err))) + return -1; + } + + TRACE(("leave dropbear_listen: success, %d socks bound", nsock)) + return nsock; +} + +void get_socket_address(int fd, char **local_host, char **local_port, + char **remote_host, char **remote_port, int host_lookup) +{ + struct sockaddr_storage addr; + socklen_t addrlen; + + if (local_host || local_port) { + addrlen = sizeof(addr); + if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) < 0) { + dropbear_exit("Failed socket address: %s", strerror(errno)); + } + getaddrstring(&addr, local_host, local_port, host_lookup); + } + if (remote_host || remote_port) { + addrlen = sizeof(addr); + if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) < 0) { + dropbear_exit("Failed socket address: %s", strerror(errno)); + } + getaddrstring(&addr, remote_host, remote_port, host_lookup); + } +} + +/* Return a string representation of the socket address passed. The return + * value is allocated with malloc() */ +void getaddrstring(struct sockaddr_storage* addr, + char **ret_host, char **ret_port, + int host_lookup) { + + char host[NI_MAXHOST+1], serv[NI_MAXSERV+1]; + unsigned int len; + int ret; + + int flags = NI_NUMERICSERV | NI_NUMERICHOST; + +#ifndef DO_HOST_LOOKUP + host_lookup = 0; +#endif + + if (host_lookup) { + flags = NI_NUMERICSERV; + } + + len = sizeof(struct sockaddr_storage); + /* Some platforms such as Solaris 8 require that len is the length + * of the specific structure. Some older linux systems (glibc 2.1.3 + * such as debian potato) have sockaddr_storage.__ss_family instead + * but we'll ignore them */ +#ifdef HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY + if (addr->ss_family == AF_INET) { + len = sizeof(struct sockaddr_in); + } +#ifdef AF_INET6 + if (addr->ss_family == AF_INET6) { + len = sizeof(struct sockaddr_in6); + } +#endif +#endif + + ret = getnameinfo((struct sockaddr*)addr, len, host, sizeof(host)-1, + serv, sizeof(serv)-1, flags); + + if (ret != 0) { + if (host_lookup) { + /* On some systems (Darwin does it) we get EINTR from getnameinfo + * somehow. Eew. So we'll just return the IP, since that doesn't seem + * to exhibit that behaviour. */ + getaddrstring(addr, ret_host, ret_port, 0); + return; + } else { + /* if we can't do a numeric lookup, something's gone terribly wrong */ + dropbear_exit("Failed lookup: %s", gai_strerror(ret)); + } + } + + if (ret_host) { + *ret_host = m_strdup(host); + } + if (ret_port) { + *ret_port = m_strdup(serv); + } +} +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/netio.h Mon Mar 16 21:34:05 2015 +0800 @@ -0,0 +1,63 @@ +#ifndef DROPBEAR_NETIO_H +#define DROPBEAR_NETIO_H + +#include "includes.h" +#include "buffer.h" +#include "queue.h" + +enum dropbear_prio { + DROPBEAR_PRIO_DEFAULT = 10, + DROPBEAR_PRIO_LOWDELAY = 11, + DROPBEAR_PRIO_BULK = 12, +}; + +void set_sock_nodelay(int sock); +void set_sock_priority(int sock, enum dropbear_prio prio); + +void get_socket_address(int fd, char **local_host, char **local_port, + char **remote_host, char **remote_port, int host_lookup); +void getaddrstring(struct sockaddr_storage* addr, + char **ret_host, char **ret_port, int host_lookup); +int dropbear_listen(const char* address, const char* port, + int *socks, unsigned int sockcount, char **errstring, int *maxfd); + +struct dropbear_progress_connection; + +/* result is DROPBEAR_SUCCESS or DROPBEAR_FAILURE. +errstring is only set on DROPBEAR_FAILURE, returns failure message for the last attempted socket */ +typedef void(*connect_callback)(int result, int sock, void* data, const char* errstring); + +/* Always returns a progress connection, if it fails it will call the callback at a later point */ +struct dropbear_progress_connection * connect_remote (const char* remotehost, const char* remoteport, + connect_callback cb, void *cb_data); + +/* Sets up for select() */ +void set_connect_fds(fd_set *writefd); +/* Handles ready sockets after select() */ +void handle_connect_fds(fd_set *writefd); +/* Cleanup */ +void remove_connect_pending(); + +/* Doesn't actually stop the connect, but adds a dummy callback instead */ +void cancel_connect(struct dropbear_progress_connection *c); + +void connect_set_writequeue(struct dropbear_progress_connection *c, struct Queue *writequeue); + +/* TODO: writev #ifdef guard */ +struct iovec * packet_queue_to_iovec(struct Queue *queue, int *ret_iov_count); +void packet_queue_consume(struct Queue *queue, ssize_t written); + +#ifdef DROPBEAR_TCP_FAST_OPEN +/* Try for any Linux builds, will fall back if the kernel doesn't support it */ +void set_listen_fast_open(int sock); +/* Define values which may be supported by the kernel even if the libc is too old */ +#ifndef TCP_FASTOPEN +#define TCP_FASTOPEN 23 +#endif +#ifndef MSG_FASTOPEN +#define MSG_FASTOPEN 0x20000000 +#endif +#endif + +#endif +
--- a/options.h Fri Jan 23 22:32:49 2015 +0800 +++ b/options.h Mon Mar 16 21:34:05 2015 +0800 @@ -2,8 +2,8 @@ * Copyright (c) 2002,2003 Matt Johnston * All rights reserved. See LICENSE for the license. */ -#ifndef _OPTIONS_H_ -#define _OPTIONS_H_ +#ifndef DROPBEAR_OPTIONS_H_ +#define DROPBEAR_OPTIONS_H_ /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif" * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ @@ -98,6 +98,10 @@ #define DROPBEAR_TWOFISH256 #define DROPBEAR_TWOFISH128 +/* Enable CBC mode for ciphers. This has security issues though + * is the most compatible with older SSH implementations */ +#define DROPBEAR_ENABLE_CBC_MODE + /* Enable "Counter Mode" for ciphers. This is more secure than normal * CBC mode against certain attacks. This adds around 1kB to binary * size and is recommended for most cases */ @@ -170,6 +174,11 @@ #define DROPBEAR_ZLIB_WINDOW_BITS 15 #endif +/* Server won't allow zlib compression until after authentication. Prevents + flaws in the zlib library being unauthenticated exploitable flaws. + Some old ssh clients may not support the alternative zlib@openssh.com method */ +#define DROPBEAR_SERVER_DELAY_ZLIB 1 + /* Whether to do reverse DNS lookups. */ /*#define DO_HOST_LOOKUP */ @@ -200,6 +209,10 @@ #define ENABLE_CLI_PUBKEY_AUTH #define ENABLE_CLI_INTERACT_AUTH +/* A default argument for dbclient -i <privatekey>. + leading "~" is expanded */ +#define DROPBEAR_DEFAULT_CLI_AUTHKEY "~/.ssh/id_dropbear" + /* This variable can be used to set a password for client * authentication on the commandline. Beware of platforms * that don't protect environment variables of processes etc. Also @@ -269,7 +282,7 @@ /* This is used by the scp binary when used as a client binary. If you're * not using the Dropbear client, you'll need to change it */ -#define _PATH_SSH_PROGRAM "/usr/bin/dbclient" +#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient" /* Whether to log commands executed by a client. This only logs the * (single) command sent to the server, not what a user did in a @@ -317,4 +330,4 @@ * in sysoptions.h */ #include "sysoptions.h" -#endif /* _OPTIONS_H_ */ +#endif /* DROPBEAR_OPTIONS_H_ */
--- a/packet.c Fri Jan 23 22:32:49 2015 +0800 +++ b/packet.c Mon Mar 16 21:34:05 2015 +0800 @@ -34,6 +34,7 @@ #include "service.h" #include "auth.h" #include "channel.h" +#include "netio.h" static int read_packet_init(); static void make_mac(unsigned int seqno, const struct key_context_directional * key_state, @@ -55,14 +56,10 @@ /* non-blocking function writing out a current encrypted packet */ void write_packet() { - int len, written; - buffer * writebuf = NULL; - unsigned packet_type; + ssize_t written; #ifdef HAVE_WRITEV struct iovec *iov = NULL; - int i; - struct Link *l; - int iov_max_count; + int iov_count; #endif TRACE2(("enter write_packet")) @@ -70,62 +67,28 @@ #if defined(HAVE_WRITEV) && (defined(IOV_MAX) || defined(UIO_MAXIOV)) -#ifndef IOV_MAX -#define IOV_MAX UIO_MAXIOV -#endif - - /* Make sure the size of the iov is below the maximum allowed by the OS. */ - iov_max_count = ses.writequeue.count; - if (iov_max_count > IOV_MAX) - { - iov_max_count = IOV_MAX; - } - - iov = m_malloc(sizeof(*iov) * iov_max_count); - for (l = ses.writequeue.head, i = 0; l; l = l->link, i++) - { - writebuf = (buffer*)l->item; - packet_type = writebuf->data[writebuf->len-1]; - len = writebuf->len - 1 - writebuf->pos; - dropbear_assert(len > 0); - TRACE2(("write_packet writev #%d type %d len %d/%d", i, packet_type, - len, writebuf->len-1)) - iov[i].iov_base = buf_getptr(writebuf, len); - iov[i].iov_len = len; - } + iov = packet_queue_to_iovec(&ses.writequeue, &iov_count); /* This may return EAGAIN. The main loop sometimes calls write_packet() without bothering to test with select() since it's likely to be necessary */ - written = writev(ses.sock_out, iov, iov_max_count); + written = writev(ses.sock_out, iov, iov_count); if (written < 0) { if (errno == EINTR || errno == EAGAIN) { + TRACE2(("leave write_packet: EINTR")) m_free(iov); - TRACE2(("leave write_packet: EINTR")) return; } else { dropbear_exit("Error writing: %s", strerror(errno)); } } + m_free(iov); + + packet_queue_consume(&ses.writequeue, written); if (written == 0) { ses.remoteclosed(); } - while (written > 0) { - writebuf = (buffer*)examine(&ses.writequeue); - len = writebuf->len - 1 - writebuf->pos; - if (len > written) { - /* partial buffer write */ - buf_incrpos(writebuf, written); - written = 0; - } else { - written -= len; - dequeue(&ses.writequeue); - buf_free(writebuf); - } - } - - m_free(iov); #else /* No writev () */ /* Get the next buffer in the queue of encrypted packets to write*/ writebuf = (buffer*)examine(&ses.writequeue); @@ -283,18 +246,18 @@ } len = buf_getint(ses.readbuf) + 4 + macsize; - TRACE2(("packet size is %d, block %d mac %d", len, blocksize, macsize)) + TRACE2(("packet size is %u, block %u mac %u", len, blocksize, macsize)) /* check packet length */ if ((len > RECV_MAX_PACKET_LEN) || (len < MIN_PACKET_LEN + macsize) || ((len - macsize) % blocksize != 0)) { - dropbear_exit("Integrity error (bad packet size %d)", len); + dropbear_exit("Integrity error (bad packet size %u)", len); } if (len > ses.readbuf->size) { - buf_resize(ses.readbuf, len); + ses.readbuf = buf_resize(ses.readbuf, len); } buf_setlen(ses.readbuf, len); buf_setpos(ses.readbuf, blocksize); @@ -342,7 +305,7 @@ /* - 4 - 1 is for LEN and PADLEN values */ len = ses.readbuf->len - padlen - 4 - 1 - macsize; if ((len > RECV_MAX_PAYLOAD_LEN+ZLIB_COMPRESS_EXPANSION) || (len < 1)) { - dropbear_exit("Bad packet size %d", len); + dropbear_exit("Bad packet size %u", len); } buf_setpos(ses.readbuf, PACKET_PAYLOAD_OFF); @@ -351,18 +314,21 @@ if (is_compress_recv()) { /* decompress */ ses.payload = buf_decompress(ses.readbuf, len); + buf_setpos(ses.payload, 0); + ses.payload_beginning = 0; + buf_free(ses.readbuf); } else #endif { + ses.payload = ses.readbuf; + ses.payload_beginning = ses.payload->pos; + buf_setlen(ses.payload, ses.payload->pos + len); /* copy payload */ - ses.payload = buf_new(len); - memcpy(ses.payload->data, buf_getptr(ses.readbuf, len), len); - buf_incrlen(ses.payload, len); + //ses.payload = buf_new(len); + //memcpy(ses.payload->data, buf_getptr(ses.readbuf, len), len); + //buf_incrlen(ses.payload, len); } - - buf_free(ses.readbuf); ses.readbuf = NULL; - buf_setpos(ses.payload, 0); ses.recvseq++; @@ -435,7 +401,7 @@ dropbear_exit("bad packet, oversized decompressed"); } new_size = MIN(RECV_MAX_PAYLOAD_LEN, ret->size + ZLIB_DECOMPRESS_INCR); - buf_resize(ret, new_size); + ret = buf_resize(ret, new_size); } } } @@ -674,7 +640,8 @@ #ifndef DISABLE_ZLIB /* compresses len bytes from src, outputting to dest (starting from the - * respective current positions. */ + * respective current positions. dest must have sufficient space, + * len+ZLIB_COMPRESS_EXPANSION */ static void buf_compress(buffer * dest, buffer * src, unsigned int len) { unsigned int endpos = src->pos + len; @@ -682,38 +649,28 @@ TRACE2(("enter buf_compress")) - while (1) { - - ses.keys->trans.zstream->avail_in = endpos - src->pos; - ses.keys->trans.zstream->next_in = - buf_getptr(src, ses.keys->trans.zstream->avail_in); + dropbear_assert(dest->size - dest->pos >= len+ZLIB_COMPRESS_EXPANSION); - ses.keys->trans.zstream->avail_out = dest->size - dest->pos; - ses.keys->trans.zstream->next_out = - buf_getwriteptr(dest, ses.keys->trans.zstream->avail_out); + ses.keys->trans.zstream->avail_in = endpos - src->pos; + ses.keys->trans.zstream->next_in = + buf_getptr(src, ses.keys->trans.zstream->avail_in); - result = deflate(ses.keys->trans.zstream, Z_SYNC_FLUSH); - - buf_setpos(src, endpos - ses.keys->trans.zstream->avail_in); - buf_setlen(dest, dest->size - ses.keys->trans.zstream->avail_out); - buf_setpos(dest, dest->len); + ses.keys->trans.zstream->avail_out = dest->size - dest->pos; + ses.keys->trans.zstream->next_out = + buf_getwriteptr(dest, ses.keys->trans.zstream->avail_out); - if (result != Z_OK) { - dropbear_exit("zlib error"); - } + result = deflate(ses.keys->trans.zstream, Z_SYNC_FLUSH); - if (ses.keys->trans.zstream->avail_in == 0) { - break; - } + buf_setpos(src, endpos - ses.keys->trans.zstream->avail_in); + buf_setlen(dest, dest->size - ses.keys->trans.zstream->avail_out); + buf_setpos(dest, dest->len); - dropbear_assert(ses.keys->trans.zstream->avail_out == 0); + if (result != Z_OK) { + dropbear_exit("zlib error"); + } - /* the buffer has been filled, we must extend. This only happens in - * unusual circumstances where the data grows in size after deflate(), - * but it is possible */ - buf_resize(dest, dest->size + ZLIB_COMPRESS_EXPANSION); - - } + /* fails if destination buffer wasn't large enough */ + dropbear_assert(ses.keys->trans.zstream->avail_in == 0); TRACE2(("leave buf_compress")) } #endif
--- a/packet.h Fri Jan 23 22:32:49 2015 +0800 +++ b/packet.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,11 +22,12 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _PACKET_H_ +#ifndef DROPBEAR_PACKET_H_ -#define _PACKET_H_ +#define DROPBEAR_PACKET_H_ #include "includes.h" +#include "queue.h" void write_packet(); void read_packet(); @@ -46,4 +47,4 @@ #define INIT_READBUF 128 -#endif /* _PACKET_H_ */ +#endif /* DROPBEAR_PACKET_H_ */
--- a/queue.h Fri Jan 23 22:32:49 2015 +0800 +++ b/queue.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _QUEUE_H_ -#define _QUEUE_H_ +#ifndef DROPBEAR_QUEUE_H_ +#define DROPBEAR_QUEUE_H_ struct Link {
--- a/release.sh Fri Jan 23 22:32:49 2015 +0800 +++ b/release.sh Mon Mar 16 21:34:05 2015 +0800 @@ -7,7 +7,7 @@ fi if ! head -n1 debian/changelog | grep -q $VERSION ; then - echo "CHANGES needs updating" + echo "debian/changelog needs updating" exit 1 fi @@ -36,5 +36,5 @@ (cd $RELDIR/.. && tar cjf $ARCHIVE `basename "$RELDIR"`) || exit 2 ls -l $ARCHIVE -openssl sha1 $ARCHIVE +openssl sha -sha256 $ARCHIVE echo "Done to $ARCHIVE"
--- a/rsa.h Fri Jan 23 22:32:49 2015 +0800 +++ b/rsa.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _RSA_H_ -#define _RSA_H_ +#ifndef DROPBEAR_RSA_H_ +#define DROPBEAR_RSA_H_ #include "includes.h" #include "buffer.h" @@ -55,4 +55,4 @@ #endif /* DROPBEAR_RSA */ -#endif /* _RSA_H_ */ +#endif /* DROPBEAR_RSA_H_ */
--- a/runopts.h Fri Jan 23 22:32:49 2015 +0800 +++ b/runopts.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _RUNOPTS_H_ -#define _RUNOPTS_H_ +#ifndef DROPBEAR_RUNOPTS_H_ +#define DROPBEAR_RUNOPTS_H_ #include "includes.h" #include "signkey.h" @@ -44,7 +44,11 @@ /* TODO: add a commandline flag. Currently this is on by default if compression * is compiled in, but disabled for a client's non-final multihop stages. (The * intermediate stages are compressed streams, so are uncompressible. */ - int enable_compress; + enum { + DROPBEAR_COMPRESS_DELAYED, /* Server only */ + DROPBEAR_COMPRESS_ON, + DROPBEAR_COMPRESS_OFF, + } compress_mode; #endif #ifdef ENABLE_USER_ALGO_LIST @@ -166,4 +170,4 @@ void print_version(void); -#endif /* _RUNOPTS_H_ */ +#endif /* DROPBEAR_RUNOPTS_H_ */
--- a/scp.c Fri Jan 23 22:32:49 2015 +0800 +++ b/scp.c Mon Mar 16 21:34:05 2015 +0800 @@ -437,7 +437,7 @@ } /* * Finally check the exit status of the ssh process, if one was forked - * and no error has occured yet + * and no error has occurred yet */ if (do_cmd_pid != -1 && errs == 0) { if (remin != -1)
--- a/service.h Fri Jan 23 22:32:49 2015 +0800 +++ b/service.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,9 +22,9 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _SERVICE_H_ -#define _SERVICE_H_ +#ifndef DROPBEAR_SERVICE_H_ +#define DROPBEAR_SERVICE_H_ void recv_msg_service_request(); /* Server */ -#endif /* _SERVICE_H_ */ +#endif /* DROPBEAR_SERVICE_H_ */
--- a/session.h Fri Jan 23 22:32:49 2015 +0800 +++ b/session.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _SESSION_H_ -#define _SESSION_H_ +#ifndef DROPBEAR_SESSION_H_ +#define DROPBEAR_SESSION_H_ #include "includes.h" #include "options.h" @@ -38,12 +38,13 @@ #include "tcpfwd.h" #include "chansession.h" #include "dbutil.h" +#include "netio.h" extern int sessinitdone; /* Is set to 0 somewhere */ extern int exitflag; void common_session_init(int sock_in, int sock_out); -void session_loop(); +void session_loop(void(*loophandler)()) ATTRIB_NORETURN; void session_cleanup(); void send_session_identification(); void send_msg_ignore(); @@ -55,12 +56,13 @@ void fill_passwd(const char* username); /* Server */ -void svr_session(int sock, int childpipe); +void svr_session(int sock, int childpipe) ATTRIB_NORETURN; void svr_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN; void svr_dropbear_log(int priority, const char* format, va_list param); /* Client */ -void cli_session(int sock_in, int sock_out); +void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress) ATTRIB_NORETURN; +void cli_connected(int result, int sock, void* userdata, const char *errstring); void cleantext(unsigned char* dirtytext); /* crypto parameters that are stored individually for transmit and receive */ @@ -124,7 +126,11 @@ buffer with the packet to send. */ struct Queue writequeue; /* A queue of encrypted packets to send */ buffer *readbuf; /* From the wire, decrypted in-place */ - buffer *payload; /* Post-decompression, the actual SSH packet */ + buffer *payload; /* Post-decompression, the actual SSH packet. + May have extra data at the beginning, will be + passed to packet processing functions positioned past + that, see payload_beginning */ + unsigned int payload_beginning; unsigned int transseq, recvseq; /* Sequence IDs */ /* Packet-handling flags */ @@ -148,6 +154,8 @@ int signal_pipe[2]; /* stores endpoints of a self-pipe used for race-free signal handling */ + + m_list conn_pending; /* time of the last packet send/receive, for keepalive. Not real-world clock */ time_t last_packet_time_keepalive_sent; @@ -314,4 +322,4 @@ extern struct clientsession cli_ses; #endif /* DROPBEAR_CLIENT */ -#endif /* _SESSION_H_ */ +#endif /* DROPBEAR_SESSION_H_ */
--- a/signkey.c Fri Jan 23 22:32:49 2015 +0800 +++ b/signkey.c Mon Mar 16 21:34:05 2015 +0800 @@ -140,7 +140,7 @@ unsigned char* ident; unsigned int len; - int keytype; + enum signkey_type keytype; int ret = DROPBEAR_FAILURE; TRACE2(("enter buf_get_pub_key")) @@ -187,6 +187,7 @@ if (eck) { if (*eck) { ecc_free(*eck); + m_free(*eck); *eck = NULL; } *eck = buf_get_ecdsa_pub_key(buf); @@ -210,7 +211,7 @@ unsigned char* ident; unsigned int len; - int keytype; + enum signkey_type keytype; int ret = DROPBEAR_FAILURE; TRACE2(("enter buf_get_priv_key")) @@ -255,6 +256,7 @@ if (eck) { if (*eck) { ecc_free(*eck); + m_free(*eck); *eck = NULL; } *eck = buf_get_ecdsa_priv_key(buf); @@ -355,18 +357,21 @@ #ifdef DROPBEAR_ECC_256 if (key->ecckey256) { ecc_free(key->ecckey256); + m_free(key->ecckey256); key->ecckey256 = NULL; } #endif #ifdef DROPBEAR_ECC_384 if (key->ecckey384) { ecc_free(key->ecckey384); + m_free(key->ecckey384); key->ecckey384 = NULL; } #endif #ifdef DROPBEAR_ECC_521 if (key->ecckey521) { ecc_free(key->ecckey521); + m_free(key->ecckey521); key->ecckey521 = NULL; } #endif
--- a/signkey.h Fri Jan 23 22:32:49 2015 +0800 +++ b/signkey.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _SIGNKEY_H_ -#define _SIGNKEY_H_ +#ifndef DROPBEAR_SIGNKEY_H_ +#define DROPBEAR_SIGNKEY_H_ #include "buffer.h" #include "dss.h" @@ -101,4 +101,4 @@ void** signkey_key_ptr(sign_key *key, enum signkey_type type); -#endif /* _SIGNKEY_H_ */ +#endif /* DROPBEAR_SIGNKEY_H_ */
--- a/svr-agentfwd.c Fri Jan 23 22:32:49 2015 +0800 +++ b/svr-agentfwd.c Mon Mar 16 21:34:05 2015 +0800 @@ -117,7 +117,7 @@ } /* set up the environment variable pointing to the socket. This is called - * just before command/shell execution, after dropping priveleges */ + * just before command/shell execution, after dropping privileges */ void svr_agentset(struct ChanSess * chansess) { char *path = NULL;
--- a/svr-authpubkey.c Fri Jan 23 22:32:49 2015 +0800 +++ b/svr-authpubkey.c Mon Mar 16 21:34:05 2015 +0800 @@ -86,6 +86,7 @@ unsigned int algolen; unsigned char* keyblob = NULL; unsigned int keybloblen; + unsigned int sign_payload_length; buffer * signbuf = NULL; sign_key * key = NULL; char* fp = NULL; @@ -125,9 +126,18 @@ /* create the data which has been signed - this a string containing * session_id, concatenated with the payload packet up to the signature */ + assert(ses.payload_beginning <= ses.payload->pos); + sign_payload_length = ses.payload->pos - ses.payload_beginning; signbuf = buf_new(ses.payload->pos + 4 + ses.session_id->len); buf_putbufstring(signbuf, ses.session_id); - buf_putbytes(signbuf, ses.payload->data, ses.payload->pos); + + /* The entire contents of the payload prior. */ + buf_setpos(ses.payload, ses.payload_beginning); + buf_putbytes(signbuf, + buf_getptr(ses.payload, sign_payload_length), + sign_payload_length); + buf_incrpos(ses.payload, sign_payload_length); + buf_setpos(signbuf, 0); /* ... and finally verify the signature */
--- a/svr-chansession.c Fri Jan 23 22:32:49 2015 +0800 +++ b/svr-chansession.c Mon Mar 16 21:34:05 2015 +0800 @@ -234,7 +234,7 @@ struct ChanSess *chansess; - TRACE(("new chansess %p", channel)) + TRACE(("new chansess %p", (void*)channel)) dropbear_assert(channel->typedata == NULL);
--- a/svr-main.c Fri Jan 23 22:32:49 2015 +0800 +++ b/svr-main.c Mon Mar 16 21:34:05 2015 +0800 @@ -138,7 +138,6 @@ } for (i = 0; i < listensockcount; i++) { - set_sock_priority(listensocks[i], DROPBEAR_PRIO_LOWDELAY); FD_SET(listensocks[i], &fds); } @@ -343,6 +342,7 @@ sa_chld.sa_handler = sigchld_handler; sa_chld.sa_flags = SA_NOCLDSTOP; + sigemptyset(&sa_chld.sa_mask); if (sigaction(SIGCHLD, &sa_chld, NULL) < 0) { dropbear_exit("signal() error"); } @@ -402,9 +402,9 @@ } /* Set up listening sockets for all the requested ports */ -static size_t listensockets(int *sock, size_t sockcount, int *maxfd) { - - unsigned int i; +static size_t listensockets(int *socks, size_t sockcount, int *maxfd) { + + unsigned int i, n; char* errstring = NULL; size_t sockpos = 0; int nsock; @@ -415,7 +415,7 @@ TRACE(("listening on '%s:%s'", svr_opts.addresses[i], svr_opts.ports[i])) - nsock = dropbear_listen(svr_opts.addresses[i], svr_opts.ports[i], &sock[sockpos], + nsock = dropbear_listen(svr_opts.addresses[i], svr_opts.ports[i], &socks[sockpos], sockcount - sockpos, &errstring, maxfd); @@ -426,6 +426,14 @@ continue; } + for (n = 0; n < (unsigned int)nsock; n++) { + int sock = socks[sockpos + n]; + set_sock_priority(sock, DROPBEAR_PRIO_LOWDELAY); +#ifdef DROPBEAR_TCP_FAST_OPEN + set_listen_fast_open(sock); +#endif + } + sockpos += nsock; }
--- a/svr-runopts.c Fri Jan 23 22:32:49 2015 +0800 +++ b/svr-runopts.c Mon Mar 16 21:34:05 2015 +0800 @@ -140,9 +140,15 @@ #ifdef ENABLE_SVR_REMOTETCPFWD svr_opts.noremotetcp = 0; #endif + #ifndef DISABLE_ZLIB - opts.enable_compress = 1; +#if DROPBEAR_SERVER_DELAY_ZLIB + opts.compress_mode = DROPBEAR_COMPRESS_DELAYED; +#else + opts.compress_mode = DROPBEAR_COMPRESS_ON; #endif +#endif + /* not yet opts.ipv4 = 1; opts.ipv6 = 1;
--- a/svr-session.c Fri Jan 23 22:32:49 2015 +0800 +++ b/svr-session.c Mon Mar 16 21:34:05 2015 +0800 @@ -81,10 +81,14 @@ }; static void -svr_session_cleanup(void) -{ +svr_session_cleanup(void) { /* free potential public key options */ svr_pubkey_options_cleanup(); + + m_free(svr_ses.addrstring); + m_free(svr_ses.remotehost); + m_free(svr_ses.childpids); + svr_ses.childpidsize = 0; } static void @@ -153,6 +157,7 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) { char fmtbuf[300]; + int i; if (!sessinitdone) { /* before session init */ @@ -186,6 +191,15 @@ session_cleanup(); } + if (svr_opts.hostkey) { + sign_key_free(svr_opts.hostkey); + svr_opts.hostkey = NULL; + } + for (i = 0; i < DROPBEAR_MAX_PORTS; i++) { + m_free(svr_opts.addresses[i]); + m_free(svr_opts.ports[i]); + } + exit(exitcode); }
--- a/svr-tcpfwd.c Fri Jan 23 22:32:49 2015 +0800 +++ b/svr-tcpfwd.c Mon Mar 16 21:34:05 2015 +0800 @@ -33,6 +33,7 @@ #include "listener.h" #include "runopts.h" #include "auth.h" +#include "netio.h" #ifndef ENABLE_SVR_REMOTETCPFWD @@ -236,7 +237,6 @@ unsigned char* orighost = NULL; unsigned int origport; char portstring[NI_MAXSERV]; - int sock; int len; int err = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED; @@ -270,19 +270,7 @@ } snprintf(portstring, sizeof(portstring), "%d", destport); - sock = connect_remote(desthost, portstring, 1, NULL); - if (sock < 0) { - err = SSH_OPEN_CONNECT_FAILED; - TRACE(("leave newtcpdirect: sock failed")) - goto out; - } - - ses.maxfd = MAX(ses.maxfd, sock); - - /* We don't set readfd, that will get set after the connection's - * progress succeeds */ - channel->writefd = sock; - channel->initconn = 1; + channel->conn_pending = connect_remote(desthost, portstring, channel_connect_done, channel); channel->prio = DROPBEAR_CHANNEL_PRIO_UNKNOWABLE;
--- a/svr-x11fwd.c Fri Jan 23 22:32:49 2015 +0800 +++ b/svr-x11fwd.c Mon Mar 16 21:34:05 2015 +0800 @@ -175,7 +175,7 @@ m_free(chansess->x11authprot); m_free(chansess->x11authcookie); - TRACE(("chansess %p", chansess)) + TRACE(("chansess %p", (void*)chansess)) if (chansess->x11listener != NULL) { remove_listener(chansess->x11listener); chansess->x11listener = NULL;
--- a/sysoptions.h Fri Jan 23 22:32:49 2015 +0800 +++ b/sysoptions.h Mon Mar 16 21:34:05 2015 +0800 @@ -4,7 +4,7 @@ *******************************************************************/ #ifndef DROPBEAR_VERSION -#define DROPBEAR_VERSION "2014.66" +#define DROPBEAR_VERSION "2015.67" #endif #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION @@ -254,7 +254,15 @@ #define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS #endif +/* free memory before exiting */ +#define DROPBEAR_CLEANUP + /* Use this string since some implementations might special-case it */ #define DROPBEAR_KEEPALIVE_STRING "keepalive@openssh.com" +/* Linux will attempt TCP fast open, falling back if not supported by the kernel */ +#ifdef __linux__ +#define DROPBEAR_TCP_FAST_OPEN 1 +#endif + /* no include guard for this file */
--- a/tcpfwd.h Fri Jan 23 22:32:49 2015 +0800 +++ b/tcpfwd.h Mon Mar 16 21:34:05 2015 +0800 @@ -21,8 +21,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _TCPFWD_H -#define _TCPFWD_H +#ifndef DROPBEAR_TCPFWD_H +#define DROPBEAR_TCPFWD_H #include "channel.h" #include "list.h"
--- a/termcodes.h Fri Jan 23 22:32:49 2015 +0800 +++ b/termcodes.h Mon Mar 16 21:34:05 2015 +0800 @@ -22,8 +22,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _TERMCODES_H_ -#define _TERMCODES_H_ +#ifndef DROPBEAR_TERMCODES_H_ +#define DROPBEAR_TERMCODES_H_ #define TERMCODE_NONE 0 #define TERMCODE_CONTROL 1 @@ -43,4 +43,4 @@ extern const struct TermCode termcodes[]; -#endif /* _TERMCODES_H_ */ +#endif /* DROPBEAR_TERMCODES_H_ */
--- a/x11fwd.h Fri Jan 23 22:32:49 2015 +0800 +++ b/x11fwd.h Mon Mar 16 21:34:05 2015 +0800 @@ -21,8 +21,8 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#ifndef _X11FWD_H_ -#define _X11FWD_H_ +#ifndef DROPBEAR__X11FWD_H_ +#define DROPBEAR__X11FWD_H_ #ifndef DISABLE_X11FWD #include "includes.h" @@ -34,4 +34,4 @@ void x11cleanup(struct ChanSess *chansess); #endif /* DROPBEAR_X11FWD */ -#endif /* _X11FWD_H_ */ +#endif /* DROPBEAR__X11FWD_H_ */