1 /* 2 * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 25 #include "includes.h" 26 RCSID("$OpenBSD: compat.c,v 1.51 2001/06/25 08:25:37 markus Exp $"); 27 28 #include <regex.h> 29 30 #include "packet.h" 31 #include "xmalloc.h" 32 #include "compat.h" 33 #include "log.h" 34 35 int compat13 = 0; 36 int compat20 = 0; 37 int datafellows = 0; 38 39 void 40 enable_compat20(void) 41 { 42 verbose("Enabling compatibility mode for protocol 2.0"); 43 compat20 = 1; 44 } 45 void 46 enable_compat13(void) 47 { 48 verbose("Enabling compatibility mode for protocol 1.3"); 49 compat13 = 1; 50 } 51 /* datafellows bug compatibility */ 52 void 53 compat_datafellows(const char *version) 54 { 55 int i, ret; 56 char ebuf[1024]; 57 regex_t reg; 58 static struct { 59 char *pat; 60 int bugs; 61 } check[] = { 62 { "^OpenSSH[-_]2\\.[012]", 63 SSH_OLD_SESSIONID|SSH_BUG_BANNER| 64 SSH_OLD_DHGEX|SSH_BUG_NOREKEY }, 65 { "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES| 66 SSH_OLD_DHGEX|SSH_BUG_NOREKEY}, 67 { "^OpenSSH_2\\.3\\.", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| 68 SSH_BUG_NOREKEY}, 69 { "^OpenSSH_2\\.5\\.[01]p1", 70 SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| 71 SSH_BUG_NOREKEY }, 72 { "^OpenSSH_2\\.5\\.[012]", 73 SSH_OLD_DHGEX|SSH_BUG_NOREKEY }, 74 { "^OpenSSH_2\\.5\\.3", 75 SSH_BUG_NOREKEY }, 76 { "^OpenSSH", 0 }, 77 { "MindTerm", 0 }, 78 { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| 79 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 80 SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, 81 { "^2\\.1 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| 82 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 83 SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, 84 { "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| 85 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 86 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| 87 SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| 88 SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE }, 89 { "^2\\.0\\.1[1-2]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| 90 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 91 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| 92 SSH_BUG_PKAUTH|SSH_BUG_PKOK| 93 SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE }, 94 { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| 95 SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 96 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| 97 SSH_BUG_PKAUTH|SSH_BUG_PKOK| 98 SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| 99 SSH_BUG_DERIVEKEY }, 100 { "^2\\.[23]\\.0", SSH_BUG_HMAC|SSH_BUG_RSASIGMD5 }, 101 { "^2\\.3\\.", SSH_BUG_RSASIGMD5 }, 102 { "^2\\.[2-9]\\.", 0 }, 103 { "^2\\.4$", SSH_OLD_SESSIONID }, /* Van Dyke */ 104 { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID }, 105 { "^1\\.7 SecureFX", SSH_OLD_SESSIONID }, 106 { "^1\\.2\\.1[89]", SSH_BUG_IGNOREMSG }, 107 { "^1\\.2\\.2[012]", SSH_BUG_IGNOREMSG }, 108 { "^1\\.3\\.2", SSH_BUG_IGNOREMSG }, /* f-secure */ 109 { "^SSH Compatible Server", /* Netscreen */ 110 SSH_BUG_PASSWORDPAD }, 111 { "^OSU_0", SSH_BUG_PASSWORDPAD }, 112 { "^OSU_1\\.[0-4]", SSH_BUG_PASSWORDPAD }, 113 { "^OSU_1\\.5alpha[1-3]", 114 SSH_BUG_PASSWORDPAD }, 115 { "^SSH_Version_Mapper", 116 SSH_BUG_SCANNER }, 117 { NULL, 0 } 118 }; 119 /* process table, return first match */ 120 for (i = 0; check[i].pat; i++) { 121 ret = regcomp(®, check[i].pat, REG_EXTENDED|REG_NOSUB); 122 if (ret != 0) { 123 regerror(ret, ®, ebuf, sizeof(ebuf)); 124 ebuf[sizeof(ebuf)-1] = '\0'; 125 error("regerror: %s", ebuf); 126 continue; 127 } 128 ret = regexec(®, version, 0, NULL, 0); 129 regfree(®); 130 if (ret == 0) { 131 debug("match: %s pat %s", version, check[i].pat); 132 datafellows = check[i].bugs; 133 return; 134 } 135 } 136 debug("no match: %s", version); 137 } 138 139 #define SEP "," 140 int 141 proto_spec(const char *spec) 142 { 143 char *s, *p, *q; 144 int ret = SSH_PROTO_UNKNOWN; 145 146 if (spec == NULL) 147 return ret; 148 q = s = xstrdup(spec); 149 for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) { 150 switch(atoi(p)) { 151 case 1: 152 if (ret == SSH_PROTO_UNKNOWN) 153 ret |= SSH_PROTO_1_PREFERRED; 154 ret |= SSH_PROTO_1; 155 break; 156 case 2: 157 ret |= SSH_PROTO_2; 158 break; 159 default: 160 log("ignoring bad proto spec: '%s'.", p); 161 break; 162 } 163 } 164 xfree(s); 165 return ret; 166 } 167 168 char * 169 compat_cipher_proposal(char *cipher_prop) 170 { 171 char *orig_prop, *fix_ciphers; 172 char *cp, *tmp; 173 size_t len; 174 175 if (!(datafellows & SSH_BUG_BIGENDIANAES)) 176 return(cipher_prop); 177 178 len = strlen(cipher_prop) + 1; 179 fix_ciphers = xmalloc(len); 180 *fix_ciphers = '\0'; 181 tmp = orig_prop = xstrdup(cipher_prop); 182 while((cp = strsep(&tmp, ",")) != NULL) { 183 if (strncmp(cp, "aes", 3) && strncmp(cp, "rijndael", 8)) { 184 if (*fix_ciphers) 185 strlcat(fix_ciphers, ",", len); 186 strlcat(fix_ciphers, cp, len); 187 } 188 } 189 xfree(orig_prop); 190 debug2("Original cipher proposal: %s", cipher_prop); 191 debug2("Compat cipher proposal: %s", fix_ciphers); 192 if (!*fix_ciphers) 193 fatal("No available ciphers found."); 194 195 return(fix_ciphers); 196 } 197