From 4ca6a1fac328477c642329676d6469dba59019a3 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 27 Jan 2021 09:26:53 +0000 Subject: upstream: remove global variable used to stash compat flags and use the purpose-built ssh->compat variable instead; feedback/ok markus@ OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06 --- compat.c | 36 +++++++++++++++++------------------- 1 file changed, 17 insertions(+), 19 deletions(-) (limited to 'compat.c') diff --git a/compat.c b/compat.c index a9d46e30..69befa96 100644 --- a/compat.c +++ b/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.116 2020/10/18 11:32:01 djm Exp $ */ +/* $OpenBSD: compat.c,v 1.117 2021/01/27 09:26:54 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -38,11 +38,9 @@ #include "match.h" #include "kex.h" -int datafellows = 0; - -/* datafellows bug compatibility */ -u_int -compat_datafellows(const char *version) +/* determine bug flags from SSH protocol banner */ +void +compat_banner(struct ssh *ssh, const char *version) { int i; static struct { @@ -145,22 +143,22 @@ compat_datafellows(const char *version) }; /* process table, return first match */ + ssh->compat = 0; for (i = 0; check[i].pat; i++) { if (match_pattern_list(version, check[i].pat, 0) == 1) { - debug("match: %s pat %s compat 0x%08x", + debug_f("match: %s pat %s compat 0x%08x", version, check[i].pat, check[i].bugs); - datafellows = check[i].bugs; /* XXX for now */ - return check[i].bugs; + ssh->compat = check[i].bugs; + return; } } - debug("no match: %s", version); - return 0; + debug_f("no match: %s", version); } char * -compat_cipher_proposal(char *cipher_prop) +compat_cipher_proposal(struct ssh *ssh, char *cipher_prop) { - if (!(datafellows & SSH_BUG_BIGENDIANAES)) + if (!(ssh->compat & SSH_BUG_BIGENDIANAES)) return cipher_prop; debug2_f("original cipher proposal: %s", cipher_prop); if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL) @@ -172,9 +170,9 @@ compat_cipher_proposal(char *cipher_prop) } char * -compat_pkalg_proposal(char *pkalg_prop) +compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop) { - if (!(datafellows & SSH_BUG_RSASIGMD5)) + if (!(ssh->compat & SSH_BUG_RSASIGMD5)) return pkalg_prop; debug2_f("original public key proposal: %s", pkalg_prop); if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL) @@ -186,16 +184,16 @@ compat_pkalg_proposal(char *pkalg_prop) } char * -compat_kex_proposal(char *p) +compat_kex_proposal(struct ssh *ssh, char *p) { - if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) + if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) return p; debug2_f("original KEX proposal: %s", p); - if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) + if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0) if ((p = match_filter_denylist(p, "curve25519-sha256@libssh.org")) == NULL) fatal("match_filter_denylist failed"); - if ((datafellows & SSH_OLD_DHGEX) != 0) { + if ((ssh->compat & SSH_OLD_DHGEX) != 0) { if ((p = match_filter_denylist(p, "diffie-hellman-group-exchange-sha256," "diffie-hellman-group-exchange-sha1")) == NULL) -- cgit v1.2.1