[Ttssh2-commit] [3319] 暗号化アルゴリズムを正しく決定できないことがある問題を修正した。

svnno****@sourc***** svnno****@sourc*****
2009年 4月 15日 (水) 23:28:55 JST


Revision: 3319
          http://svn.sourceforge.jp/view?root=ttssh2&view=rev&rev=3319
Author:   maya
Date:     2009-04-15 23:28:55 +0900 (Wed, 15 Apr 2009)

Log Message:
-----------
暗号化アルゴリズムを正しく決定できないことがある問題を修正した。
  暗号化アルゴリズムに限らず、KEX の proposal をつきあわせる処理に問題があった。

Modified Paths:
--------------
    trunk/doc/en/html/about/history.html
    trunk/doc/ja/html/about/history.html
    trunk/ttssh2/ttxssh/ssh.c


-------------- next part --------------
Modified: trunk/doc/en/html/about/history.html
===================================================================
--- trunk/doc/en/html/about/history.html	2009-04-15 13:49:16 UTC (rev 3318)
+++ trunk/doc/en/html/about/history.html	2009-04-15 14:28:55 UTC (rev 3319)
@@ -1248,6 +1248,7 @@
       <ul>
         <li>Some Japanese characters can not use in the host name.</li>
         <li>TTSSH does not work when the command line option(/FD=, /K=, /M=, /L=, /R=, /W=) includes the space character.</li>
+      <!--li>SSH2 ‚ÌŒ®ŒðŠ·‚ŁAƒAƒ‹ƒSƒŠƒYƒ€ƒlƒSƒVƒG[ƒVƒ‡ƒ“‚ÉŽ¸”s‚·‚邱‚Æ‚ª‚ ‚é‚Ì‚ðC³‚µ‚½B</li-->
     </ul></li>
 
   <li>Misc

Modified: trunk/doc/ja/html/about/history.html
===================================================================
--- trunk/doc/ja/html/about/history.html	2009-04-15 13:49:16 UTC (rev 3318)
+++ trunk/doc/ja/html/about/history.html	2009-04-15 14:28:55 UTC (rev 3319)
@@ -1250,6 +1250,7 @@
     <ul>
       <li>Ú‘±æƒzƒXƒg–¼‚Ɉꕔ‚ÌŠ¿Žš‚ªŽg‚¦‚È‚¢‚Ì‚ðC³‚µ‚½B</li>
       <li>Tera Term‚Ì/FD=, /K=, /M=, /L=, /R=, /W=ƒIƒvƒVƒ‡ƒ“‚Å’l‚É‹ó”’‚ªŠÜ‚Ü‚ê‚éê‡A³‚µ‚­Žæ‚舵‚¦‚È‚¢Ž–‚ª‚ ‚é‚Ì‚ðC³‚µ‚½B</li>
+      <li>SSH2 ‚ÌŒ®ŒðŠ·‚ŁAƒAƒ‹ƒSƒŠƒYƒ€ƒlƒSƒVƒG[ƒVƒ‡ƒ“‚ÉŽ¸”s‚·‚邱‚Æ‚ª‚ ‚é‚Ì‚ðC³‚µ‚½B</li>
     </ul></li>
 
   <li>‚»‚Ì‘¼

Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c	2009-04-15 13:49:16 UTC (rev 3318)
+++ trunk/ttssh2/ttxssh/ssh.c	2009-04-15 14:28:55 UTC (rev 3319)
@@ -4158,50 +4158,69 @@
 }
 
 
-static SSHCipher choose_SSH2_cipher_algorithm(char *server_proposal, char *my_proposal)
+static void choose_SSH2_proposal(char *server_proposal,
+                                 char *my_proposal,
+                                 char *dest,
+                                 int dest_len)
 {
-	char tmp[1024], *ptr;
+	char tmp_cli[1024], *ptr_cli, *ctc_cli;
+	char tmp_svr[1024], *ptr_svr, *ctc_svr;
 	SSHCipher cipher = SSH_CIPHER_NONE;
 
-	_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, my_proposal);
-	ptr = strtok(tmp, ","); // not thread-safe
-	while (ptr != NULL) {
+	strncpy_s(tmp_cli, sizeof(tmp_cli), my_proposal, _TRUNCATE);
+	ptr_cli = strtok_s(tmp_cli, ",", &ctc_cli);
+	while (ptr_cli != NULL) {
 		// server_proposal‚ɂ̓T[ƒo‚Ìproposal‚ªƒJƒ“ƒ}•¶Žš—ñ‚ÅŠi”[‚³‚ê‚Ä‚¢‚é
-		if (strstr(server_proposal, ptr)) { // match
-			break;
+		strncpy_s(tmp_svr, sizeof(tmp_svr), server_proposal, _TRUNCATE);
+		ptr_svr = strtok_s(tmp_svr, ",", &ctc_svr);
+		while (ptr_svr != NULL) {
+			if (strcmp(ptr_svr, ptr_cli) == 0) { // match
+				goto found;
+			}
+			ptr_svr = strtok_s(NULL, ",", &ctc_svr);
 		}
-		ptr = strtok(NULL, ",");
+		ptr_cli = strtok_s(NULL, ",", &ctc_cli);
 	}
 
-	// ƒT[ƒo‚Ì proposal ‚ɁAƒNƒ‰ƒCƒAƒ“ƒg‚Ì proposal ‚ª‚ЂƂ‚à
-	// ŠÜ‚Ü‚ê‚Ä‚¢‚È‚¢ê‡ (2007.10.17 maya)
-	if (ptr == NULL) {
-		return (cipher);
+found:
+	if (ptr_cli != NULL) {
+		strncpy_s(dest, dest_len, ptr_cli, _TRUNCATE);
 	}
+	else {
+		strncpy_s(dest, dest_len, "", _TRUNCATE);
+	}
+}
 
-	if (strstr(ptr, "3des-cbc")) {
+static SSHCipher choose_SSH2_cipher_algorithm(char *server_proposal, char *my_proposal)
+{
+	SSHCipher cipher = SSH_CIPHER_NONE;
+	char str_cipher[16];
+
+	choose_SSH2_proposal(server_proposal, my_proposal, str_cipher, sizeof(str_cipher));
+
+	if (strcmp(str_cipher, "3des-cbc") == 0) {
 		cipher = SSH2_CIPHER_3DES_CBC;
-	} else if (strstr(ptr, "aes128-cbc")) {
+	} else if (strcmp(str_cipher, "aes128-cbc") == 0) {
 		cipher = SSH2_CIPHER_AES128_CBC;
-	} else if (strstr(ptr, "aes192-cbc")) {
+	} else if (strcmp(str_cipher, "aes192-cbc") == 0) {
 		cipher = SSH2_CIPHER_AES192_CBC;
-	} else if (strstr(ptr, "aes256-cbc")) {
+	} else if (strcmp(str_cipher, "aes256-cbc") == 0) {
 		cipher = SSH2_CIPHER_AES256_CBC;
-	} else if (strstr(ptr, "blowfish-cbc")) {
+	} else if (strcmp(str_cipher, "blowfish-cbc") == 0) {
 		cipher = SSH2_CIPHER_BLOWFISH_CBC;
-	} else if (strstr(ptr, "aes128-ctr")) {
+	} else if (strcmp(str_cipher, "aes128-ctr") == 0) {
 		cipher = SSH2_CIPHER_AES128_CTR;
-	} else if (strstr(ptr, "aes192-ctr")) {
+	} else if (strcmp(str_cipher, "aes192-ctr") == 0) {
 		cipher = SSH2_CIPHER_AES192_CTR;
-	} else if (strstr(ptr, "aes256-ctr")) {
+	} else if (strcmp(str_cipher, "aes256-ctr") == 0) {
 		cipher = SSH2_CIPHER_AES256_CTR;
-	} else if (strstr(ptr, "arcfour128")) {
+	} else if (strcmp(str_cipher, "arcfour128") == 0) {
 		cipher = SSH2_CIPHER_ARCFOUR128;
-	} else if (strstr(ptr, "arcfour256")) {
+	} else if (strcmp(str_cipher, "arcfour256") == 0) {
 		cipher = SSH2_CIPHER_ARCFOUR256;
-	} else if (strstr(ptr, "arcfour")) {
+	} else if (strcmp(str_cipher, "arcfour") == 0) {
 		cipher = SSH2_CIPHER_ARCFOUR;
-	} else if (strstr(ptr, "cast128-cbc")) {
+	} else if (strcmp(str_cipher, "cast128-cbc") == 0) {
 		cipher = SSH2_CIPHER_CAST128_CBC;
 	}
 
@@ -4211,21 +4230,14 @@
 
 static enum hmac_type choose_SSH2_hmac_algorithm(char *server_proposal, char *my_proposal)
 {
-	char tmp[1024], *ptr;
 	enum hmac_type type = HMAC_UNKNOWN;
+	char str_hmac[16];
 
-	_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, my_proposal);
-	ptr = strtok(tmp, ","); // not thread-safe
-	while (ptr != NULL) {
-		// server_proposal‚ɂ̓T[ƒo‚Ìproposal‚ªƒJƒ“ƒ}•¶Žš—ñ‚ÅŠi”[‚³‚ê‚Ä‚¢‚é
-		if (strstr(server_proposal, ptr)) { // match
-			break;
-		}
-		ptr = strtok(NULL, ",");
-	}
-	if (strstr(ptr, "hmac-sha1")) {
+	choose_SSH2_proposal(server_proposal, my_proposal, str_hmac, sizeof(str_hmac));
+
+	if (strcmp(str_hmac, "hmac-sha1") == 0) {
 		type = HMAC_SHA1;
-	} else if (strstr(ptr, "hmac-md5")) {
+	} else if (strcmp(str_hmac, "hmac-md5") == 0) {
 		type = HMAC_MD5;
 	}
 
@@ -4233,10 +4245,10 @@
 }
 
 
-static int choose_SSH2_compression_algorithm(char *server_proposal, char *my_proposal)
+static enum compression_algorithm choose_SSH2_compression_algorithm(char *server_proposal, char *my_proposal)
 {
-	char tmp[1024], *ptr, *q, *index;
-	int ret = COMP_UNKNOWN;
+	enum compression_algorithm type = COMP_UNKNOWN;
+	char str_comp[20];
 
 	// OpenSSH 4.3‚Å‚Í’x‰„ƒpƒPƒbƒgˆ³k("zlib****@opens*****")‚ªV‹K’ljÁ‚³‚ê‚Ä‚¢‚邽‚߁A
 	// ƒ}ƒbƒ`‚µ‚È‚¢‚悤‚ɏC³‚µ‚½B
@@ -4245,32 +4257,18 @@
 	// ’x‰„ƒpƒPƒbƒgˆ³k‚ɑΉžB
 	// (2006.6.23 maya)
 
-	_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, my_proposal);
-	ptr = strtok(tmp, ","); // not thread-safe
-	while (ptr != NULL) {
-		// server_proposal‚ɂ̓T[ƒo‚Ìproposal‚ªƒJƒ“ƒ}•¶Žš—ñ‚ÅŠi”[‚³‚ê‚Ä‚¢‚é
-		for (index = server_proposal; index < server_proposal + strlen(server_proposal) ; index++) {
-			if (q = strstr(index, ptr)) { // match
-				q = q + strlen(ptr);
-				if (*q == '\0' || *q == ',')  // ’PŒê‚Ì‹æØ‚è‚Å‚ ‚ê‚΃}ƒbƒ`
-					goto found;
-				index = q;  // pointer update
-			}
-		}
-		ptr = strtok(NULL, ",");
-	}
+	choose_SSH2_proposal(server_proposal, my_proposal, str_comp, sizeof(str_comp));
 
-found:
 	// support of "Compression delayed" (2006.6.23 maya)
-	if (strstr(ptr, "zlib****@opens*****")) {
-		ret = COMP_DELAYED;
-	} else if (strstr(ptr, "zlib")) {
-		ret = COMP_ZLIB; // packet compression enabled
-	} else if (strstr(ptr, "none")) {
-		ret = COMP_NONE; // packet compression disabled
+	if (strcmp(str_comp, "zlib****@opens*****") == 0) {
+		type = COMP_DELAYED;
+	} else if (strcmp(str_comp, "zlib") == 0) {
+		type = COMP_ZLIB; // packet compression enabled
+	} else if (strcmp(str_comp, "none") == 0) {
+		type = COMP_NONE; // packet compression disabled
 	}
 
-	return (ret);
+	return (type);
 }
 
 // ˆÃ†ƒAƒ‹ƒSƒŠƒYƒ€‚̃L[ƒTƒCƒYAƒuƒƒbƒNƒTƒCƒYAMACƒTƒCƒY‚Ì‚¤‚¿Å‘å’l(we_need)‚ðŒˆ’è‚·‚éB
@@ -4348,7 +4346,8 @@
 	int offset = 0;
 	char *msg = NULL;
 	char tmp[1024+512];
-	char *ptr;
+	char str_kextype[40];
+	char str_keytype[10];
 
 	notify_verbose_message(pvar, "SSH2_MSG_KEXINIT was received.", LOG_LEVEL_VERBOSE);
 
@@ -4414,30 +4413,22 @@
 	// æ“ª‚©‚玩•ª‚Ì myproposal[] ‚Æ”äŠr‚ðs‚¢AÅ‰‚Ƀ}ƒbƒ`‚µ‚½‚à‚Ì‚ªKEXƒAƒ‹ƒSƒŠƒYƒ€‚Æ‚µ‚Ä
 	// ‘I‘ð‚³‚ê‚éB(2004.10.30 yutaka)
 	pvar->kex_type = -1;
-	_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, myproposal[PROPOSAL_KEX_ALGS]);
-	ptr = strtok(tmp, ","); // not thread-safe
-	while (ptr != NULL) {
-		// buf[]‚ɂ̓T[ƒo‚Ìproposal‚ªƒJƒ“ƒ}•¶Žš—ñ‚ÅŠi”[‚³‚ê‚Ä‚¢‚é
-		if (strstr(buf, ptr)) { // match
-			break;
-		}
-		ptr = strtok(NULL, ",");
-	}
-	if (ptr == NULL) { // not match
+	choose_SSH2_proposal(buf, myproposal[PROPOSAL_KEX_ALGS],str_kextype, sizeof(str_kextype));
+	if (strlen(str_kextype) == 0) { // not match
 		strncpy_s(tmp, sizeof(tmp), "unknown KEX algorithm: ", _TRUNCATE);
 		strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE);
 		msg = tmp;
 		goto error;
 	}
-	if (strstr(ptr, KEX_DH14)) {
+	if (strcmp(str_kextype, KEX_DH14) == 0) {
 		pvar->kex_type = KEX_DH_GRP14_SHA1;
-	} else if (strstr(ptr, KEX_DH1)) {
+	} else if (strcmp(str_kextype, KEX_DH1) == 0) {
 		pvar->kex_type = KEX_DH_GRP1_SHA1;
-	} else if (strstr(ptr, KEX_DHGEX)) {
+	} else if (strcmp(str_kextype, KEX_DHGEX) == 0) {
 		pvar->kex_type = KEX_DH_GEX_SHA1;
 	}
 
-	_snprintf_s(buf, sizeof(buf), _TRUNCATE, "KEX algorithm: %s", ptr);
+	_snprintf_s(buf, sizeof(buf), _TRUNCATE, "KEX algorithm: %s", str_kextype);
 	notify_verbose_message(pvar, buf, LOG_LEVEL_VERBOSE);
 
 	// ƒzƒXƒgƒL[ƒAƒ‹ƒSƒŠƒYƒ€ƒ`ƒFƒbƒN
@@ -4449,31 +4440,22 @@
 	buf[i] = 0;
 	offset += size;
 	pvar->hostkey_type = -1;
-	_snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
-	            myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]);
-	ptr = strtok(tmp, ","); // not thread-safe
-	while (ptr != NULL) {
-		// buf[]‚ɂ̓T[ƒo‚Ìproposal‚ªƒJƒ“ƒ}•¶Žš—ñ‚ÅŠi”[‚³‚ê‚Ä‚¢‚é
-		if (strstr(buf, ptr)) { // match
-			break;
-		}
-		ptr = strtok(NULL, ",");
-	}
-	if (ptr == NULL) { // not match
+	choose_SSH2_proposal(buf, myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], str_keytype, sizeof(str_keytype));
+	if (strlen(str_keytype) == 0) { // not match
 		strncpy_s(tmp, sizeof(tmp), "unknown host KEY type: ", _TRUNCATE);
 		strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE);
 		msg = tmp;
 		goto error;
 	}
-	if (strstr(ptr, "ssh-rsa")) {
+	if (strcmp(str_keytype, "ssh-rsa") == 0) {
 		pvar->hostkey_type = KEY_RSA;
-	} else if (strstr(ptr, "ssh-dss")) {
+	} else if (strcmp(str_keytype, "ssh-dss") == 0) {
 		pvar->hostkey_type = KEY_DSA;
-	} else 	if (strstr(ptr, "rsa1")) {
+	} else if (strcmp(str_keytype, "rsa1") == 0) {
 		pvar->hostkey_type = KEY_RSA1;
-	} else if (strstr(ptr, "rsa")) {
+	} else if (strcmp(str_keytype, "rsa") == 0) {
 		pvar->hostkey_type = KEY_RSA;
-	} else if (strstr(ptr, "dsa")) {
+	} else if (strcmp(str_keytype, "dsa") == 0) {
 		pvar->hostkey_type = KEY_DSA;
 	}
 #if 0
@@ -4487,7 +4469,7 @@
 #endif
 
 	_snprintf_s(buf, sizeof(buf), _TRUNCATE,
-	            "server host key algorithm: %s", ptr);
+	            "server host key algorithm: %s", str_keytype);
 	notify_verbose_message(pvar, buf, LOG_LEVEL_VERBOSE);
 
 	// ƒNƒ‰ƒCƒAƒ“ƒg -> ƒT[ƒoˆÃ†ƒAƒ‹ƒSƒŠƒYƒ€ƒ`ƒFƒbƒN



Ttssh2-commit メーリングリストの案内