[openssh-commits] [openssh] 04/05: upstream: use sshpkt_fatal() for kex_exchange_identification()

git+noreply at mindrot.org git+noreply at mindrot.org
Sat Mar 14 19:39:40 AEDT 2020 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 5becbec023f2037394987f85ed7f74b9a28699e0
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Mar 13 04:01:56 2020 +0000

    upstream: use sshpkt_fatal() for kex_exchange_identification()
    
    errors. This ensures that the logged errors are consistent with other
    transport- layer errors and that the relevant IP addresses are logged. bz3129
    ok dtucker@
    
    OpenBSD-Commit-ID: 2c22891f0b9e1a6cd46771cedbb26ac96ec2e6ab
---
 kex.c        | 14 +++++++++++---
 sshconnect.c |  7 ++++---
 sshd.c       |  7 ++++---
 3 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/kex.c b/kex.c
index 899036e6..09c7258e 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.157 2020/02/26 13:40:09 jsg Exp $ */
+/* $OpenBSD: kex.c,v 1.158 2020/03/13 04:01:56 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -1167,7 +1167,7 @@ int
 kex_exchange_identification(struct ssh *ssh, int timeout_ms,
     const char *version_addendum)
 {
-	int remote_major, remote_minor, mismatch;
+	int remote_major, remote_minor, mismatch, oerrno = 0;
 	size_t len, i, n;
 	int r, expect_nl;
 	u_char c;
@@ -1186,6 +1186,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
 	   PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
 	    version_addendum == NULL ? "" : " ",
 	    version_addendum == NULL ? "" : version_addendum)) != 0) {
+		oerrno = errno;
 		error("%s: sshbuf_putf: %s", __func__, ssh_err(r));
 		goto out;
 	}
@@ -1193,11 +1194,13 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
 	if (atomicio(vwrite, ssh_packet_get_connection_out(ssh),
 	    sshbuf_mutable_ptr(our_version),
 	    sshbuf_len(our_version)) != sshbuf_len(our_version)) {
-		error("%s: write: %.100s", __func__, strerror(errno));
+		oerrno = errno;
+		debug("%s: write: %.100s", __func__, strerror(errno));
 		r = SSH_ERR_SYSTEM_ERROR;
 		goto out;
 	}
 	if ((r = sshbuf_consume_end(our_version, 2)) != 0) { /* trim \r\n */
+		oerrno = errno;
 		error("%s: sshbuf_consume_end: %s", __func__, ssh_err(r));
 		goto out;
 	}
@@ -1233,6 +1236,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
 					r = SSH_ERR_CONN_TIMEOUT;
 					goto out;
 				} else if (r == -1) {
+					oerrno = errno;
 					error("%s: %s",
 					    __func__, strerror(errno));
 					r = SSH_ERR_SYSTEM_ERROR;
@@ -1248,6 +1252,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
 				r = SSH_ERR_CONN_CLOSED;
 				goto out;
 			} else if (len != 1) {
+				oerrno = errno;
 				error("%s: read: %.100s",
 				    __func__, strerror(errno));
 				r = SSH_ERR_SYSTEM_ERROR;
@@ -1265,6 +1270,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
 				goto invalid;
 			}
 			if ((r = sshbuf_put_u8(peer_version, c)) != 0) {
+				oerrno = errno;
 				error("%s: sshbuf_put: %s",
 				    __func__, ssh_err(r));
 				goto out;
@@ -1365,6 +1371,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
 	free(our_version_string);
 	free(peer_version_string);
 	free(remote_version);
+	if (r == SSH_ERR_SYSTEM_ERROR)
+		errno = oerrno;
 	return r;
 }
 
diff --git a/sshconnect.c b/sshconnect.c
index 4711af78..af08be41 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.328 2020/01/25 07:17:18 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.329 2020/03/13 04:01:56 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1276,6 +1276,7 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
 {
 	char *host;
 	char *server_user, *local_user;
+	int r;
 
 	local_user = xstrdup(pw->pw_name);
 	server_user = options.user ? options.user : local_user;
@@ -1285,8 +1286,8 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
 	lowercase(host);
 
 	/* Exchange protocol version identification strings with the server. */
-	if (kex_exchange_identification(ssh, timeout_ms, NULL) != 0)
-		cleanup_exit(255); /* error already logged */
+	if ((r = kex_exchange_identification(ssh, timeout_ms, NULL)) != 0)
+		sshpkt_fatal(ssh, r, "banner exchange");
 
 	/* Put the connection into non-blocking mode. */
 	ssh_packet_set_nonblocking(ssh);
diff --git a/sshd.c b/sshd.c
index e5907791..6f8f11a3 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.551 2020/03/13 03:24:49 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.552 2020/03/13 04:01:57 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -2155,8 +2155,9 @@ main(int ac, char **av)
 	if (!debug_flag)
 		alarm(options.login_grace_time);
 
-	if (kex_exchange_identification(ssh, -1, options.version_addendum) != 0)
-		cleanup_exit(255); /* error already logged */
+	if ((r = kex_exchange_identification(ssh, -1,
+	    options.version_addendum)) != 0)
+		sshpkt_fatal(ssh, r, "banner exchange");
 
 	ssh_packet_set_nonblocking(ssh);
 

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list