svnno****@sourc*****
svnno****@sourc*****
2015年 8月 4日 (火) 19:00:21 JST
Tera TermRevision: 5928
http://sourceforge.jp/projects/ttssh2/scm/svn/commits/5928
Author: doda
Date: 2015-08-04 19:00:19 +0900 (Tue, 04 Aug 2015)
Log Message:
-----------
相手サーバが Cisco だった場合は DH-GEX で要求するグループサイズを 4096 以下に制限する。
[Ttssh2-devel 2644]
http://logmett.com/forum/viewtopic.php?f=8&t=2758
https://bugzilla.mindrot.org/show_bug.cgi?id=2209
サーバ判別部分は手抜き。他にもサーバ別の workaround が必要になった時に考える。
Modified Paths:
--------------
trunk/ttssh2/ttxssh/ssh.c
trunk/ttssh2/ttxssh/ttxssh.h
-------------- next part --------------
Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c 2015-08-04 03:20:47 UTC (rev 5927)
+++ trunk/ttssh2/ttxssh/ssh.c 2015-08-04 10:00:19 UTC (rev 5928)
@@ -1714,6 +1714,24 @@
}
}
+void server_version_check(PTInstVar pvar)
+{
+ char *server_swver;
+
+ pvar->server_compat_flag = 0;
+
+ if ((server_swver = strchr(pvar->server_version_string+4, '-')) == NULL) {
+ notify_verbose_message(pvar, "Can't get server software version string.", LOG_LEVEL_WARNING);
+ return;
+ }
+ server_swver++;
+
+ if (strncmp(server_swver, "Cisco-1", 7) == 0) {
+ pvar->server_compat_flag |= SSH_BUG_DHGEX_LARGE;
+ notify_verbose_message(pvar, "Server version string is matched to \"Cisco-1\", compatibility flag SSH_BUG_DHGEX_LARGE is enabled.", LOG_LEVEL_INFO);
+ }
+}
+
BOOL SSH_handle_server_ID(PTInstVar pvar, char FAR * ID, int ID_len)
{
static char prefix[64];
@@ -1739,17 +1757,6 @@
notify_verbose_message(pvar, buf, LOG_LEVEL_VERBOSE);
free(buf);
-
- // \x82\xB1\x82\xB1\x82ł̃R\x83s\x81[\x82͍폜 (2005.3.9 yutaka)
-#if 0
- // for calculate SSH2 hash
- // \x83T\x81[\x83o\x83o\x81[\x83W\x83\x87\x83\x93\x82̕ۑ\xB6\x81i\x89\xFC\x8Ds\x82͎\xE6\x82菜\x82\xAD\x82\xB1\x82Ɓj
- if (ID_len >= sizeof(pvar->server_version_string))
- return FALSE;
- strncpy(pvar->server_version_string, ID, ID_len);
-#endif
-
-
if (ID[ID_len - 1] != '\n') {
pvar->ssh_state.status_flags |= STATUS_IN_PARTIAL_ID_STRING;
return FALSE;
@@ -1811,6 +1818,9 @@
sizeof(pvar->server_version_string), _TRUNCATE,
"%s", pvar->ssh_state.server_ID);
+ // \x83T\x81[\x83o\x83o\x81[\x83W\x83\x87\x83\x93\x82̃`\x83F\x83b\x83N
+ server_version_check(pvar);
+
if ((pvar->Psend) (pvar->socket, TTSSH_ID, TTSSH_ID_len,
0) != TTSSH_ID_len) {
UTIL_get_lang_msg("MSG_SSH_SEND_ID_ERROR", pvar,
@@ -5217,6 +5227,14 @@
else if (bits > max) {
bits = max;
}
+ if (pvar->server_compat_flag & SSH_BUG_DHGEX_LARGE && bits > 4096) {
+ unsigned char tmp[256];
+ _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
+ "SSH_BUG_DHGEX_LARGE is enabled. DH-GEX group size is limited to 4096. (Original size is %d)",
+ bits);
+ notify_verbose_message(pvar, tmp, LOG_LEVEL_NOTIFY);
+ bits = 4096;
+ }
// \x83T\x81[\x83o\x82\xD6group size\x82𑗂\xC1\x82āAp \x82\xC6 g \x82\xF0\x8D\xEC\x82\xC1\x82Ă\xE0\x82炤\x81B
buffer_put_int(msg, min);
Modified: trunk/ttssh2/ttxssh/ttxssh.h
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.h 2015-08-04 03:20:47 UTC (rev 5927)
+++ trunk/ttssh2/ttxssh/ttxssh.h 2015-08-04 10:00:19 UTC (rev 5928)
@@ -111,7 +111,12 @@
#define SSH_UPDATE_HOSTKEYS_ASK 2
#define SSH_UPDATE_HOSTKEYS_MAX 3
+/*
+ * Server compatibility flag
+ */
+#define SSH_BUG_DHGEX_LARGE 0x00000001
+
/*
These are the fields that WOULD go in Tera Term's 'ts' structure, if
we could put them there.
@@ -301,6 +306,8 @@
EC_KEY *ecdh_client_key;
int dns_key_check;
+
+ unsigned int server_compat_flag;
} TInstVar;
#define LOG_LEVEL_FATAL 5