-
Notifications
You must be signed in to change notification settings - Fork 31
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
とりあえず Strict KEX のネゴシエーションとシーケンス番号のリセットに対応。
- Loading branch information
Showing
3 changed files
with
22 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -146,8 +146,8 @@ void SSH2_update_kex_myproposal(PTInstVar pvar) | |
| // キー再作成の場合には、接続時に pvar->settings から組み立てられた myproposal を書き換える。 | ||
| // pvar->settings が 接続時に myproposal を作成したときの値から変わっていない保証がない。 | ||
| // 再度組み立てるのではなく既存の myproposal を書き換えることにした。 | ||
| int pos = strlen(myproposal[PROPOSAL_KEX_ALGS]) - strlen(",ext-info-c"); | ||
| if (strcmp(myproposal[PROPOSAL_KEX_ALGS] + pos, ",ext-info-c") == 0) { | ||
| int pos = strlen(myproposal[PROPOSAL_KEX_ALGS]) - strlen(",ext-info-c,[email protected]"); | ||
| if (strcmp(myproposal[PROPOSAL_KEX_ALGS] + pos, ",ext-info-c,[email protected]") == 0) { | ||
| myproposal[PROPOSAL_KEX_ALGS][pos] = '\0'; | ||
| } | ||
| } | ||
|
|
@@ -163,8 +163,8 @@ void SSH2_update_kex_myproposal(PTInstVar pvar) | |
| strncat_s(buf, sizeof(buf), ",", _TRUNCATE); | ||
| } | ||
|
|
||
| // RFC 8308 Extension Negotiation | ||
| strncat_s(buf, sizeof(buf), "ext-info-c", _TRUNCATE); | ||
| // Enables RFC 8308 Extension Negotiation & Strict KEX mode (for CVE-2023-48795) | ||
| strncat_s(buf, sizeof(buf), "ext-info-c,[email protected]", _TRUNCATE); | ||
|
|
||
| myproposal[PROPOSAL_KEX_ALGS] = buf; | ||
| } | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2997,6 +2997,7 @@ void SSH_init(PTInstVar pvar) | |
| pvar->use_subsystem = FALSE; | ||
| pvar->nosession = FALSE; | ||
| pvar->server_sig_algs = NULL; | ||
| pvar->server_strict_kex = FALSE; | ||
|
|
||
| } | ||
|
|
||
|
|
@@ -4813,7 +4814,7 @@ static BOOL handle_SSH2_kexinit(PTInstVar pvar) | |
| if (pvar->kex_status == KEX_FLAG_KEXDONE) { | ||
| pvar->kex_status = KEX_FLAG_REKEYING; | ||
|
|
||
| // キー再作成時は myproposal から ",ext-info-c" を削除する | ||
| // キー再作成時は myproposal から ",ext-info-c,[email protected]" を削除する | ||
| // 更新するのは KEX のみでよい | ||
| SSH2_update_kex_myproposal(pvar); | ||
|
|
||
|
|
@@ -4878,6 +4879,13 @@ static BOOL handle_SSH2_kexinit(PTInstVar pvar) | |
| goto error; | ||
| } | ||
|
|
||
| // サーバー側がStrict KEXに対応しているかの確認 | ||
| choose_SSH2_proposal(buf, "[email protected]", tmp, sizeof(tmp)); | ||
| if (tmp[0] != '\0') { | ||
| pvar->server_strict_kex = TRUE; | ||
| logprintf(LOG_LEVEL_INFO, "Server supports strict kex. Strict kex will be enabled."); | ||
| } | ||
|
|
||
| // ホスト鍵アルゴリズム | ||
| switch (get_namelist_from_payload(pvar, buf, sizeof(buf), &size)) { | ||
| case GetPayloadError: | ||
|
|
@@ -5644,6 +5652,10 @@ static void ssh2_send_newkeys(PTInstVar pvar) | |
|
|
||
| pvar->kex_status |= KEX_FLAG_NEWKEYS_SENT; | ||
|
|
||
| if (pvar->server_strict_kex) { | ||
| pvar->ssh_state.sender_sequence_number = 0; | ||
| } | ||
|
|
||
| // SSH2_MSG_NEWKEYS を既に受け取っていたらKEXは完了。次の処理に移る。 | ||
| if (pvar->kex_status & KEX_FLAG_NEWKEYS_RECEIVED) { | ||
| if ((pvar->kex_status & KEX_FLAG_REKEYING)) { | ||
|
|
@@ -6238,6 +6250,10 @@ static BOOL handle_SSH2_newkeys(PTInstVar pvar) | |
| pvar->ssh2_keys[MODE_IN].comp.enabled = 1; | ||
| enable_recv_compression(pvar); | ||
|
|
||
| if (pvar->server_strict_kex) { | ||
| pvar->ssh_state.receiver_sequence_number = 0; | ||
| } | ||
|
|
||
| SSH2_dispatch_add_message(SSH2_MSG_EXT_INFO); | ||
|
|
||
| // SSH2_MSG_NEWKEYS を既に送っていたらKEXは完了。次の処理に移る。 | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7279fbdThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you also need to drop debug and ignore messages in strict mode?
7279fbdThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think 4610656 do that.
7279fbdThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, thanks! 👍