scmno****@osdn*****
scmno****@osdn*****
2017年 11月 26日 (日) 00:26:36 JST
Tera TermRevision: 6983
http://sourceforge.jp/projects/ttssh2/scm/svn/commits/6983
Author: doda
Date: 2017-11-26 00:26:35 +0900 (Sun, 26 Nov 2017)
Log Message:
-----------
padding 長の取得関連を修正
SSH2 では PKT_recv()@pkt.c の時点では padding 長のデータが復号されて
いない場合があるため、ここでは padding 長を取得せずに、実際に必要に
なる prep_packet_ssh2()@ssh.c で取得するように変更。
Modified Paths:
--------------
trunk/ttssh2/ttxssh/pkt.c
trunk/ttssh2/ttxssh/ssh.c
trunk/ttssh2/ttxssh/ssh.h
-------------- next part --------------
Modified: trunk/ttssh2/ttxssh/pkt.c
===================================================================
--- trunk/ttssh2/ttxssh/pkt.c 2017-11-25 15:26:31 UTC (rev 6982)
+++ trunk/ttssh2/ttxssh/pkt.c 2017-11-25 15:26:35 UTC (rev 6983)
@@ -186,34 +186,24 @@
/*
* \x92ʏ\xED\x82\xCC MAC \x95\xFB\x8E\xAE (E&M: Encrypt & MAC) \x82ł̓p\x83P\x83b\x83g\x92\xB7\x95\x94\x95\xAA\x82\xE0\x88Í\x86\x89\xBB\x82\xB3\x82\xEA\x82Ă\xA2\x82邽\x82߁A
- * \x90擪\x82\xCC 1 \x83u\x83\x8D\x83b\x83N\x82\x86\x82\xB7\x82\xE9\x81BMAC \x95\x{33AE0AA} EtM (Encrypt then MAC) \x82̎\x9E\x82\xCD
+ * \x90擪\x82\xCC 1 \x83u\x83\x8D\x83b\x83N\x82\x86\x82\xB7\x82\xE9\x81BMAC \x95\x{33AE0AA} EtM (Encrypt then MAC) \x82̎\x9E\x81A\x82\xA8\x82\xE6\x82\xD1 SSH1 \x82ł\xCD
* \x83p\x83P\x83b\x83g\x92\xB7\x95\x94\x95\xAA\x82͈Í\x86\x89\xBB\x82\xB3\x82\xEA\x82Ă\xA2\x82Ȃ\xA2\x82̂ŕ\x9C\x8D\x86\x82͕K\x97v\x96\xB3\x82\xA2\x81B
*/
- if (!pvar->pkt_state.predecrypted_packet && !etm) {
+ if (SSHv2(pvar) && !pvar->pkt_state.predecrypted_packet && !etm) {
SSH_predecrpyt_packet(pvar, data);
pvar->pkt_state.predecrypted_packet = TRUE;
}
+ // \x83p\x83P\x83b\x83g\x82̐擪\x82\xC9 uint32 (4\x83o\x83C\x83g) \x82̃p\x83P\x83b\x83g\x92\xB7\x82\xAA\x97\x88\x82\xE9
+ pktsize = get_uint32_MSBfirst(data);
+
if (SSHv1(pvar)) {
- uint32 realpktsize = get_uint32_MSBfirst(data);
+ // SSH1 \x82ł̓p\x83P\x83b\x83g\x92\xB7\x82̒l\x82ɂ\xCD padding \x82̒\xB7\x82\xB3\x82\xAA\x8A܂܂\xEA\x82Ă\xA2\x82Ȃ\xA2\x81B
+ // \x82܂\xBD padding \x82̒\xB7\x82\xB3\x82̏\xEE\x95\xF1\x82\xE0\x83p\x83P\x83b\x83g\x8F\xE3\x82ɂ͖\xB3\x82\xA2\x82̂ŁA\x83p\x83P\x83b\x83g\x92\xB7\x82̒l\x82\xA9\x82\xE7\x8Cv\x8EZ\x82\xB7\x82\xE9\x81B
+ padding = 8 - (pktsize % 8);
- padding = 8 - (realpktsize % 8);
- pktsize = realpktsize + padding;
- } else {
- // SSH2 \x82ł̓p\x83P\x83b\x83g\x82̐擪\x82\xC9 uint32 (4\x83o\x83C\x83g) \x82̃p\x83P\x83b\x83g\x92\xB7\x82\xAA\x97\x88\x82\xE9
- pktsize = get_uint32_MSBfirst(data);
-
- // \x91\xB1\x82\xAD 1 \x83o\x83C\x83g\x82\xCD padding \x82̒\xB7\x82\xB3
- if (etm) {
- // EtM \x82ł\xCD padding length \x88ȍ~\x82͈Í\x86\x89\xBB\x82\xB3\x82\xEA\x82Ă\xA2\x82\xE9\x81B
- // \x82\xB1\x82̎\x9E\x93_\x82ł͂܂\xBE\x95\x9C\x8D\x86\x82\xB5\x82Ă\xA2\x82Ȃ\xA2\x82̂\xC5 padding length \x82\xAA\x95\xAA\x82\xA9\x82\xE7\x82Ȃ\xA2\x81B
- // \x89\xBC\x82\xC9 0 \x82\xF0\x93\xFC\x82\xEA\x82Ēu\x82\xAD\x81B
- padding = 0;
- }
- else {
- // E&M \x82ł͕\x9C\x8D\x86\x8Dς\xDD
- padding = (unsigned char) data[4];
- }
+ // \x88ȍ~\x82̏\x88\x97\x9D\x82\xCD pktsize \x82\xC9 padding \x82̒l\x82\xAA\x8A܂܂\xEA\x82Ă\xA2\x82鎖\x82\xAA\x91O\x92\xF1\x82ƂȂ\xC1\x82Ă\xA2\x82\xE9\x81B
+ pktsize += padding;
}
// \x83p\x83P\x83b\x83g(TCP\x83y\x83C\x83\x8D\x81[\x83h)\x82̑S\x91̂̃T\x83C\x83Y\x82́ASSH\x83y\x83C\x83\x8D\x81[\x83h+4\x81i+MAC\x81j\x82ƂȂ\xE9\x81B
@@ -223,11 +213,13 @@
if (total_packet_size <= pvar->pkt_state.datalen) {
// \x8E\xF3\x90M\x8Dς݃f\x81[\x83^\x82\xAA\x8F\\x95\xAA\x97L\x82\xE9\x8Fꍇ\x82̓p\x83P\x83b\x83g\x82̎\xC0\x8F\x88\x97\x9D\x82\xF0\x8Ds\x82\xA4
if (SSHv1(pvar)) {
- // SSH1 \x82\xCD EtM \x94\xF1\x91Ή\x9E
+ // SSH1 \x82\xCD EtM \x94\xF1\x91Ή\x9E (\x82\xBB\x82\xE0\x82\xBB\x82\xE0 MAC \x82ł͂Ȃ\xAD CRC \x82\xF0\x8Eg\x82\xA4)
SSH1_handle_packet(pvar, data, pktsize, padding);
}
else {
- SSH2_handle_packet(pvar, data, pktsize, padding, etm);
+ // SSH2 \x82ł͂\xB1\x82̎\x9E\x93_\x82ł\xCD padding \x92\xB7\x95\x94\x95\xAA\x82\xAA\x95\x9C\x8D\x86\x82\xB3\x82\xEA\x82Ă\xA2\x82Ȃ\xA2\x8Fꍇ\x82\xAA\x82\xA0\x82\xE9\x82̂ŁA
+ // padding \x92\xB7\x82͓n\x82\xB3\x82\xB8\x82ɁA\x95K\x97v\x82ɂȂ\xC1\x82\xBD\x8E\x9E\x82ɓ\xE0\x95\x94\x82Ŏ擾\x82\xB7\x82\xE9\x81B
+ SSH2_handle_packet(pvar, data, pktsize, etm);
}
pvar->pkt_state.predecrypted_packet = FALSE;
@@ -234,13 +226,15 @@
pvar->pkt_state.datastart += total_packet_size;
pvar->pkt_state.datalen -= total_packet_size;
- } else if (total_packet_size > PACKET_MAX_SIZE) {
+ }
+ else if (total_packet_size > PACKET_MAX_SIZE) {
// \x83p\x83P\x83b\x83g\x92\xB7\x82\xAA\x91傫\x82\xB7\x82\xAC\x82\xE9\x8Fꍇ\x82ُ͈\xED\x8FI\x97\xB9\x82\xB7\x82\xE9\x81B
// \x8E\xC0\x8Dۂɂ͉\xBD\x82炩\x82̗v\x88\xF6\x82ŕ\x9C\x8D\x86\x8E\xB8\x94s\x81˃p\x83P\x83b\x83g\x92\xB7\x95\x94\x95\xAA\x82\xAA\x89\xF3\x82\xEA\x82Ă\xA2\x82鎖\x82\xAA\x91\xBD\x82\xA2\x81B
UTIL_get_lang_msg("MSG_PKT_OVERSIZED_ERROR", pvar,
"Oversized packet received from server; connection will close.");
notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
- } else {
+ }
+ else {
int amount_read = recv_data(pvar, max(total_packet_size, READAMOUNT));
if (amount_read == SOCKET_ERROR) {
Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c 2017-11-25 15:26:31 UTC (rev 6982)
+++ trunk/ttssh2/ttxssh/ssh.c 2017-11-25 15:26:35 UTC (rev 6983)
@@ -784,12 +784,13 @@
* \x88\xF8\x90\x94:
* data - ssh \x83p\x83P\x83b\x83g\x82̐擪\x82\xF0\x8Ew\x82\xB7\x83|\x83C\x83\x93\x83^
* len - \x83p\x83P\x83b\x83g\x92\xB7 (\x90擪\x82̃p\x83P\x83b\x83g\x92\xB7\x97̈\xE6(4\x83o\x83C\x83g)\x82\xF0\x8F\x9C\x82\xA2\x82\xBD\x92l)
- * padding - \x83p\x83f\x83B\x83\x93\x83O\x92\xB7 (EtM\x82̏ꍇ\x82\xCD0\x82ƂȂ\xC1\x82Ă\xA2\x82\xE9\x82̂ŁA\x95\x9C\x8D\x86\x8C\xE3\x82Ɏ擾\x82\xB7\x82\xE9\x95K\x97v\x82\xA0\x82\xE8)
* etm - MAC \x95\x{33AE0AA} EtM \x82\xA9\x82ǂ\xA4\x82\xA9\x82̃t\x83\x89\x83O
*/
-static int prep_packet_ssh2(PTInstVar pvar, char *data, unsigned int len, unsigned int padding, int etm)
+static int prep_packet_ssh2(PTInstVar pvar, char *data, unsigned int len, int etm)
{
+ unsigned int padding;
+
if (etm) {
// EtM \x82̏ꍇ\x82͐\xE6\x82\xC9 MAC \x82̌\x9F\x8F\xF0\x8Ds\x82\xA4
if (!CRYPT_verify_receiver_MAC(pvar, pvar->ssh_state.receiver_sequence_number, data, len + 4, data + len + 4)) {
@@ -800,9 +801,6 @@
// \x83p\x83P\x83b\x83g\x92\xB7\x95\x94\x95\xAA(\x90擪4\x83o\x83C\x83g)\x82͈Í\x86\x89\xBB\x82\xB3\x82\xEA\x82Ă\xA2\x82Ȃ\xA2\x82̂ŁA\x82\xBB\x82\xB1\x82\xF0\x83X\x83L\x83b\x83v\x82\xB5\x82ĕ\x9C\x8D\x86\x82\xB7\x82\xE9\x81B
CRYPT_decrypt(pvar, data + 4, len);
-
- // EtM \x82̏ꍇ\x82\xCD \x8CĂяo\x82\xB5\x8C\xB3\x82ł\xCD padding \x95\x94\x95\xAA\x82\xAA\x93ǂ߂Ȃ\xA2\x88ׁA\x82\xB1\x82\xB1\x82Œl\x82\xF0\x8E擾\x82\xB7\x82\xE9\x81B
- padding = (unsigned int) data[4];
}
else {
// E&M \x82ł͐擪\x95\x94\x95\xAA\x82\xAA\x8E\x96\x91O\x95\x9C\x8D\x86\x82\xB3\x82\xEA\x82Ă\xA2\x82\xE9\x81B
@@ -820,6 +818,9 @@
}
}
+ // \x83p\x83f\x83B\x83\x93\x83O\x92\xB7\x82̎擾
+ padding = (unsigned int) data[4];
+
// \x83p\x83P\x83b\x83g\x92\xB7(4\x83o\x83C\x83g) \x95\x94\x95\xAA\x82ƃp\x83f\x83B\x83\x93\x83O\x92\xB7(1\x83o\x83C\x83g)\x95\x94\x95\xAA\x82\xF0\x83X\x83L\x83b\x83v\x82\xB5\x82\xBD SSH \x83y\x83C\x83\x8D\x81[\x83h\x82̐擪
pvar->ssh_state.payload = data + 4 + 1;
@@ -2114,9 +2115,9 @@
}
}
-void SSH2_handle_packet(PTInstVar pvar, char *data, unsigned int len, unsigned int padding, int etm)
+void SSH2_handle_packet(PTInstVar pvar, char *data, unsigned int len, int etm)
{
- unsigned char message = prep_packet_ssh2(pvar, data, len, padding, etm);
+ unsigned char message = prep_packet_ssh2(pvar, data, len, etm);
// SSH\x82̃\x81\x83b\x83Z\x81[\x83W\x83^\x83C\x83v\x82\xF0\x83`\x83F\x83b\x83N
if (message != SSH_MSG_NONE) {
Modified: trunk/ttssh2/ttxssh/ssh.h
===================================================================
--- trunk/ttssh2/ttxssh/ssh.h 2017-11-25 15:26:31 UTC (rev 6982)
+++ trunk/ttssh2/ttxssh/ssh.h 2017-11-25 15:26:35 UTC (rev 6983)
@@ -713,7 +713,7 @@
'data' points to the start of the packet data (the length field)
*/
void SSH1_handle_packet(PTInstVar pvar, char *data, unsigned int len, unsigned int padding);
-void SSH2_handle_packet(PTInstVar pvar, char *data, unsigned int len, unsigned int padding, int etm);
+void SSH2_handle_packet(PTInstVar pvar, char *data, unsigned int len, int etm);
void SSH_notify_win_size(PTInstVar pvar, int cols, int rows);
void SSH_notify_user_name(PTInstVar pvar);
void SSH_notify_cred(PTInstVar pvar);