requirenext fixup for firstkexfollows

ef151888 · Matt Johnston · ba15bbfe · ef151888 · ef151888 · ef151888
Commit ef151888 authored Apr 14, 2013 by Matt Johnston
--- a/CHANGES
+++ b/CHANGES
+2013.57 - 
+
+- Improved initial connection time particularly with high latency connections.
+  The number of round trips has been reduced for both client and server. 
+  CPU time hasn't been changed.
+
+- Client will attempt to send an initial key exchange packet to save a round
+  trip. Dropbear implements an extension [email protected] to allow
+  the first packet guess to succeed in wider circumstances than the standard
+  behaviour. When communicating with other implementations the standard
+  behaviour is used.
+
+- Client side: when public key or password authentication with
+  $DROPBEAR_PASSWORD is used, an initial authentication request will
+  be sent immediately rather than querying the list of available methods.
+  This behaviour is enabled by CLI_IMMEDIATE_AUTH option (on by default),
+  please let the Dropbear author know if it causes any interoperability
+  problems.
+
+- Implement client escape characters ~. (terminate session) and 
+  ~^Z (background session)
+
+- Server will more reliably clean up utmp when connection is closed
+
+- Don't crash if /dev/urandom isn't writable (RHEL5), thanks to Scott Case
+
+- Add "-y -y" client option to skip host key checking, thanks to Hans Harder
+
+- scp didn't work properly on systems using vfork(), thanks to Frank Van Uffelen
+
+- Added IUTF8 terminal mode support. Not yet standardised though seems that it
+  will soon be
+
+- Some verbose DROPBEAR_TRACE output is now hidden unless $DROPBEAR_TRACE2
+  enviroment variable is set 
+
 2013.56 - Thursday 21 March 2013

 - Allow specifying cipher (-c) and MAC (-m) lists for dbclient

--- a/cli-kex.c
+++ b/cli-kex.c
@@ -61,8 +61,8 @@ void send_msg_kexdh_init() {
 	buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
 	buf_putmpint(ses.writepayload, cli_ses.dh_e);
 	encrypt_packet();
-	// XXX fixme
-	//ses.requirenext = SSH_MSG_KEXDH_REPLY;
+	ses.requirenext[0] = SSH_MSG_KEXDH_REPLY;
+	ses.requirenext[1] = SSH_MSG_KEXINIT;
 }

 /* Handle a diffie-hellman key exchange reply. */
@@ -118,7 +118,8 @@ void recv_msg_kexdh_reply() {
 	hostkey = NULL;

 	send_msg_newkeys();
-	ses.requirenext = SSH_MSG_NEWKEYS;
+	ses.requirenext[0] = SSH_MSG_NEWKEYS;
+	ses.requirenext[1] = 0;
 	TRACE(("leave recv_msg_kexdh_init"))
 }


--- a/common-kex.c
+++ b/common-kex.c
@@ -542,7 +542,7 @@ void recv_msg_kexinit() {
 	    buf_putstring(ses.kexhashbuf,
 			ses.transkexinit->data, ses.transkexinit->len);

-		ses.requirenext = SSH_MSG_KEXDH_INIT;
+		ses.requirenext[0] = SSH_MSG_KEXDH_INIT;
 	}

 	buf_free(ses.transkexinit);

--- a/common-session.c
+++ b/common-session.c
@@ -82,7 +82,7 @@ void common_session_init(int sock_in, int sock_out) {

 	initqueue(&ses.writequeue);

-	ses.requirenext = SSH_MSG_KEXINIT;
+	ses.requirenext[0] = SSH_MSG_KEXINIT;
 	ses.dataallowed = 1; /* we can send data until we actually 
 							send the SSH_MSG_KEXINIT */
 	ses.ignorenext = 0;

--- a/debug.h
+++ b/debug.h
@@ -39,7 +39,7 @@
 * Caution: Don't use this in an unfriendly environment (ie unfirewalled),
 * since the printing may not sanitise strings etc. This will add a reasonable
 * amount to your executable size. */
-#define DEBUG_TRACE
+/* #define DEBUG_TRACE */

 /* All functions writing to the cleartext payload buffer call
 * CHECKCLEARTOWRITE() before writing. This is only really useful if you're

--- a/process-packet.c
+++ b/process-packet.c
@@ -74,14 +74,15 @@ void process_packet() {

 	/* This applies for KEX, where the spec says the next packet MUST be
 	 * NEWKEYS */
-	if (ses.requirenext != 0) {
-		if (ses.requirenext != type) {
-			/* TODO send disconnect? */
+	if (ses.requirenext[0] != 0) {
+		if (ses.requirenext[0] != type
+				&& (ses.requirenext[1] == 0 || ses.requirenext[1] != type)) {
 			dropbear_exit("Unexpected packet type %d, expected %d", type,
 					ses.requirenext);
 		} else {
 			/* Got what we expected */
-			ses.requirenext = 0;
+			ses.requirenext[0] = 0;
+			ses.requirenext[1] = 0;
 		}
 	}


--- a/session.h
+++ b/session.h
@@ -135,8 +135,9 @@ struct sshsession {
 	unsigned dataallowed : 1; /* whether we can send data packets or we are in
 								 the middle of a KEX or something */

-	unsigned char requirenext; /* byte indicating what packet we require next, 
-								or 0x00 for any */
+	unsigned char requirenext[2]; /* bytes indicating what packets we require next, 
+									 or 0x00 for any. Second option can only be
+									 used if the first byte is also set */

 	unsigned char ignorenext; /* whether to ignore the next packet,
 								 used for kex_follows stuff */

--- a/svr-kex.c
+++ b/svr-kex.c
@@ -61,7 +61,8 @@ void recv_msg_kexdh_init() {
 	mp_clear(&dh_e);

 	send_msg_newkeys();
-	ses.requirenext = SSH_MSG_NEWKEYS;
+	ses.requirenext[0] = SSH_MSG_NEWKEYS;
+	ses.requirenext[1] = 0;
 	TRACE(("leave recv_msg_kexdh_init"))
 }