1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
/*
20140126
20241215 - reformated using clang-format
Jan Mojzis
Public domain.
*/
#include <poll.h>
#include <unistd.h>
#include "byte.h"
#include "e.h"
#include "bug.h"
#include "crypto_uint32.h"
#include "purge.h"
#include "ssh.h"
#include "sshcrypto.h"
#include "numtostr.h"
#include "packet.h"
static int packet_get_plain_(struct buf *b) {
crypto_uint32 packet_length;
long long len;
struct buf *recvbuf = &packet.recvbuf;
unsigned char *pp;
long long l;
pp = recvbuf->buf + PACKET_ZEROBYTES;
l = recvbuf->len - PACKET_ZEROBYTES;
/* we need at least 4 bytes */
if (l < 4) return 1;
/* parse length */
packet_length = crypto_uint32_load_bigendian(pp);
if (packet_length > PACKET_LIMIT) {
char buf1[NUMTOSTR_LEN];
char buf2[NUMTOSTR_LEN];
errno = EPROTO;
log_f4("packet length ", numtostr(buf1, packet_length),
" > PACKET_LIMIT ", numtostr(buf2, PACKET_LIMIT));
global_die(111);
}
if (packet_length + 4 > l) return 1;
/* we have full packet */
len = packet_length;
len -= recvbuf->buf[PACKET_ZEROBYTES + 4] + 1;
if (len <= 0) bug_proto();
buf_put(b, recvbuf->buf + PACKET_ZEROBYTES + 5, len);
byte_copy(pp, l - packet_length + 4, pp + packet_length + 4);
purge(pp + l - packet_length + 4, packet_length + 4);
recvbuf->len -= packet_length + 4;
packet.receivepacketid++;
return 1;
}
static int packet_get_(struct buf *b) {
crypto_uint32 lastreceivepacketid = packet.receivepacketid;
int ret;
if (packet.flagkeys) { ret = sshcrypto_packet_get(b); }
else { ret = packet_get_plain_(b); }
/* overflow check */
if (lastreceivepacketid > packet.receivepacketid) {
log_f1("receivepacketid overflow");
global_die(111);
}
return ret;
}
int packet_get(struct buf *b, crypto_uint8 x) {
buf_purge(b);
if (!packet_get_(b)) return 0;
if (b->len <= 0) return 1;
if (!packet.flagauthorized)
if (packet.receivepacketid > PACKET_UNAUTHENTICATED_MESSAGES) {
errno = EPROTO;
log_f1("too many unauthenticated messages");
global_die(111);
}
switch (b->buf[0]) {
case SSH_MSG_DISCONNECT:
errno = 0;
return 0;
case SSH_MSG_IGNORE:
case SSH_MSG_DEBUG:
if (!packet.flagkeys) {
log_f1("SSH_MSG_IGNORE/SSH_MSG_DEBUG packet rejected in "
"plain-text mode");
global_die(111);
}
buf_purge(b);
break;
case SSH_MSG_NEWKEYS:
/* strict kex - reset receivepacketid */
if (sshcrypto_kex_flags & sshcrypto_FLAGSTRICTKEX) {
packet.receivepacketid = 0;
}
break;
default:
if (x && x != b->buf[0]) {
char buf1[NUMTOSTR_LEN];
char buf2[NUMTOSTR_LEN];
errno = EPROTO;
log_f4("expected packet type ", numtostr(buf1, x), ", got ",
numtostr(buf2, b->buf[0]));
global_die(111);
}
break;
}
return 1;
}
int packet_getall(struct buf *b, crypto_uint8 ch) {
struct pollfd x;
long long before;
buf_purge(b);
for (;;) {
before = packet.recvbuf.len;
if (!packet_get(b, ch)) return 0;
if (b->len > 0) break;
if (before != packet.recvbuf.len) continue;
x.fd = 0;
x.events = POLLIN | POLLERR;
poll(&x, 1, -1);
if (!packet_recv()) return 0;
}
return 1;
}
|
