diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | compat.c | 4 | ||||
| -rw-r--r-- | compat.h | 3 | ||||
| -rw-r--r-- | sshd.c | 8 |
4 files changed, 17 insertions, 4 deletions
@@ -17,6 +17,10 @@ - djm@cvs.openbsd.org 2001/03/19 03:52:51 [sftp-client.c] Report ssh connection closing correctly; ok deraadt@ + - deraadt@cvs.openbsd.org 2001/03/18 23:30:55 + [compat.c compat.h sshd.c] + specifically version match on ssh scanners. do not log scan + information to the console 20010318 - (bal) Fixed scp type casing issue which causes "scp: protocol error: @@ -4616,4 +4620,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.980 2001/03/19 11:29:46 djm Exp $ +$Id: ChangeLog,v 1.981 2001/03/19 11:36:20 djm Exp $ @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.38 2001/03/10 15:31:00 deraadt Exp $"); +RCSID("$OpenBSD: compat.c,v 1.39 2001/03/18 23:30:55 deraadt Exp $"); #ifdef HAVE_LIBPCRE # include <pcreposix.h> @@ -97,6 +97,8 @@ compat_datafellows(const char *version) { "^OSU_1\\.[0-4]", SSH_BUG_PASSWORDPAD }, { "^OSU_1\\.5alpha[1-3]", SSH_BUG_PASSWORDPAD }, + { "^SSH_Version_Mapper", + SSH_BUG_SCANNER }, { NULL, 0 } }; /* process table, return first match */ @@ -21,7 +21,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$OpenBSD: compat.h,v 1.17 2001/03/10 15:31:00 deraadt Exp $"); */ +/* RCSID("$OpenBSD: compat.h,v 1.18 2001/03/18 23:30:55 deraadt Exp $"); */ #ifndef COMPAT_H #define COMPAT_H @@ -42,6 +42,7 @@ #define SSH_BUG_IGNOREMSG 0x0100 #define SSH_BUG_PKOK 0x0200 #define SSH_BUG_PASSWORDPAD 0x0400 +#define SSH_BUG_SCANNER 0x0800 void enable_compat13(void); void enable_compat20(void); @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.174 2001/03/09 12:30:29 deraadt Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.175 2001/03/18 23:30:55 deraadt Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -381,6 +381,12 @@ sshd_exchange_identification(int sock_in, int sock_out) compat_datafellows(remote_version); + if (datafellows & SSH_BUG_SCANNER) { + log("scanned from %s with %s. Don't panic.", + get_remote_ipaddr(), client_version_string); + fatal_cleanup(); + } + mismatch = 0; switch(remote_major) { case 1: |