From 9641753e0fd146204d57b2a4165f552a81afade4 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Mon, 6 Mar 2023 12:14:48 +0000 Subject: upstream: Refactor creation of KEX proposal. This adds kex_proposal_populate_entries (and corresponding free) which populates the KEX proposal array with dynamically allocated strings. This replaces the previous mix of static and dynamic that has been the source of previous leaks and bugs. Remove unused compat functions. With & ok djm@. OpenBSD-Commit-ID: f2f99da4aae2233cb18bf9c749320c5e040a9c7b --- sshd.c | 34 ++++++++++++---------------------- 1 file changed, 12 insertions(+), 22 deletions(-) (limited to 'sshd.c') diff --git a/sshd.c b/sshd.c index 748c15ee..c45092ea 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.598 2023/03/03 03:12:24 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.599 2023/03/06 12:14:48 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -104,7 +104,6 @@ #include "digest.h" #include "sshkey.h" #include "kex.h" -#include "myproposal.h" #include "authfile.h" #include "pathnames.h" #include "atomicio.h" @@ -2389,30 +2388,23 @@ sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey, static void do_ssh2_kex(struct ssh *ssh) { - char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; + char *hkalgs = NULL, *myproposal[PROPOSAL_MAX]; + const char *compression = NULL; struct kex *kex; - char *prop_kex = NULL, *prop_enc = NULL, *prop_hostkey = NULL; int r; - myproposal[PROPOSAL_KEX_ALGS] = prop_kex = compat_kex_proposal(ssh, - options.kex_algorithms); - myproposal[PROPOSAL_ENC_ALGS_CTOS] = - myproposal[PROPOSAL_ENC_ALGS_STOC] = prop_enc = - compat_cipher_proposal(ssh, options.ciphers); - myproposal[PROPOSAL_MAC_ALGS_CTOS] = - myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; - - if (options.compression == COMP_NONE) { - myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; - } - if (options.rekey_limit || options.rekey_interval) ssh_packet_set_rekey_limits(ssh, options.rekey_limit, options.rekey_interval); - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = prop_hostkey = - compat_pkalg_proposal(ssh, list_hostkey_types()); + if (options.compression == COMP_NONE) + compression = "none"; + hkalgs = list_hostkey_types(); + + kex_proposal_populate_entries(ssh, myproposal, options.kex_algorithms, + options.ciphers, options.macs, compression, hkalgs); + + free(hkalgs); /* start key exchange */ if ((r = kex_setup(ssh, myproposal)) != 0) @@ -2447,9 +2439,7 @@ do_ssh2_kex(struct ssh *ssh) (r = ssh_packet_write_wait(ssh)) != 0) fatal_fr(r, "send test"); #endif - free(prop_kex); - free(prop_enc); - free(prop_hostkey); + kex_proposal_free_entries(myproposal); debug("KEX done"); } -- cgit v1.2.1