svnno****@sourc*****
svnno****@sourc*****
2015年 8月 4日 (火) 12:17:44 JST
Tera TermRevision: 5926
http://sourceforge.jp/projects/ttssh2/scm/svn/commits/5926
Author: doda
Date: 2015-08-04 12:17:44 +0900 (Tue, 04 Aug 2015)
Log Message:
-----------
DH-GEXでサーバから送られてきたグループのサイズを確認するようにした。
こまかい動作は後で調整する。
http://osdn.jp/ticket/browse.php?group_id=1412&tid=35203
Modified Paths:
--------------
trunk/ttssh2/ttxssh/ssh.c
-------------- next part --------------
Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c 2015-07-27 04:32:54 UTC (rev 5925)
+++ trunk/ttssh2/ttxssh/ssh.c 2015-08-04 03:17:44 UTC (rev 5926)
@@ -5262,11 +5262,12 @@
static BOOL handle_SSH2_dh_gex_group(PTInstVar pvar)
{
char *data;
- int len;
+ int len, grp_bits;
BIGNUM *p = NULL, *g = NULL;
DH *dh = NULL;
buffer_t *msg = NULL;
unsigned char *outmsg;
+ char tmpbuf[256];
notify_verbose_message(pvar, "SSH2_MSG_KEX_DH_GEX_GROUP was received.", LOG_LEVEL_VERBOSE);
@@ -5283,6 +5284,61 @@
buffer_get_bignum2(&data, p); // \x91f\x90\x94\x82̎擾
buffer_get_bignum2(&data, g); // \x90\xB6\x90\xAC\x8C\xB3\x82̎擾
+ grp_bits = BN_num_bits(p);
+ _snprintf_s(tmpbuf, sizeof(tmpbuf), _TRUNCATE, "DH-GEX: Request: %d / %d / %d, Received: %d",
+ pvar->kexgex_min, pvar->kexgex_bits, pvar->kexgex_max, BN_num_bits(p));
+ notify_verbose_message(pvar, tmpbuf, LOG_LEVEL_VERBOSE);
+
+ //
+ // (1) < GEX_GRP_MINSIZE <= (2) < kexgex_min <= (3) < kexgex_bits <= (4) <= kexgex_max < (5) <= GEX_GRP_MAXSIZE < (6)
+ //
+ if (grp_bits < GEX_GRP_MINSIZE || grp_bits > GEX_GRP_MAXSIZE) {
+ // (1), (6) \x83v\x83\x8D\x83g\x83R\x83\x8B\x82ŔF\x82߂\xE7\x82\xEA\x82Ă\xA2\x82\xE9\x94͈\xCD(1024 <= grp_bits <= 8192)\x82̊O\x81B\x8B\xAD\x90\xA7\x90ؒf\x81B
+ _snprintf_s(tmpbuf, sizeof(tmpbuf), _TRUNCATE,
+ "Received group size out of range: %d", grp_bits);
+ notify_fatal_error(pvar, tmpbuf, FALSE);
+ goto error;
+ }
+ else if (grp_bits < pvar->kexgex_min) {
+ // (2) \x83v\x83\x8D\x83g\x83R\x83\x8B\x82ŔF\x82߂\xE7\x82\xEA\x82Ă\xA2\x82\xE9\x94͈͓\xE0\x82\xBE\x82\xAA\x81A\x82\xB1\x82\xBF\x82\xE7\x82̐ݒ肵\x82\xBD\x8Dŏ\xAC\x92l\x82\xE6\x82菬\x82\xB3\x82\xA2\x81B\x8Am\x94F\x83_\x83C\x83A\x83\x8D\x83O\x82\xF0\x8Fo\x82\xB7\x81B
+ _snprintf_s(tmpbuf, sizeof(tmpbuf), _TRUNCATE,
+ "DH-GEX: grp_bits(%d) < kexgex_min(%d)", grp_bits, pvar->kexgex_min);
+ notify_verbose_message(pvar, tmpbuf, LOG_LEVEL_WARNING);
+ _snprintf_s(tmpbuf, sizeof(tmpbuf), _TRUNCATE,
+ "Received group size is smaller than requested minimal.\nrequested: %d, received:%d\nAccept this?",
+ pvar->kexgex_min, grp_bits);
+ }
+ else if (grp_bits < pvar->kexgex_bits) {
+ // (3) \x97v\x8B\x81\x82̍ŏ\xAC\x92l\x82͖\x9E\x82\xBD\x82\xB7\x82\xAA\x81A\x97v\x8B\x81\x92l\x82\xE6\x82\xE8\x82͏\xAC\x82\xB3\x82\xA2\x81B\x8Am\x94F\x83_\x83C\x83A\x83\x8D\x83O\x81B
+ _snprintf_s(tmpbuf, sizeof(tmpbuf), _TRUNCATE,
+ "DH-GEX: grp_bits(%d) < kexgex_bits(%d)", grp_bits, pvar->kexgex_bits);
+ notify_verbose_message(pvar, tmpbuf, LOG_LEVEL_WARNING);
+ _snprintf_s(tmpbuf, sizeof(tmpbuf), _TRUNCATE,
+ "Received group size is smaller than requested.\nrequested: %d, received: %d\nAccept this?",
+ pvar->kexgex_bits, grp_bits);
+ }
+ else if (grp_bits <= pvar->kexgex_max) {
+ // (4) \x97v\x8B\x81\x92l\x88ȏ\xE3\x81A\x82\xA9\x82—v\x8B\x81\x82̍ő\xE5\x92l\x88ȉ\xBA\x81B\x96\xE2\x91\xE8\x82Ȃ\xB5\x81B
+ tmpbuf[0] = 0; // no message
+ }
+ else {
+ // (5) \x82\xB1\x82\xBF\x82\xE7\x82̐ݒ肵\x82\xBD\x8Dő\xE5\x92l\x82\xE6\x82\xE8\x91傫\x82\xA2\x81B\x8Am\x94F\x83_\x83C\x83A\x83\x8D\x83O\x82\xF0\x8Fo\x82\xB7\x81B
+ // \x82\xBD\x82\xBE\x82\xB5\x8C\xBB\x8F\xF3\x82ł\xCD kexgex_max == GEX_GRP_MAXSIZE(8192) \x82ł\xA0\x82\xE9\x88ׂ\xB1\x82̏ɂȂ鎖\x82͖\xB3\x82\xA2\x81B
+ _snprintf_s(tmpbuf, sizeof(tmpbuf), _TRUNCATE,
+ "DH-GEX: grp_bits(%d) > kexgex_max(%d)", grp_bits, pvar->kexgex_max);
+ notify_verbose_message(pvar, tmpbuf, LOG_LEVEL_WARNING);
+ _snprintf_s(tmpbuf, sizeof(tmpbuf), _TRUNCATE,
+ "Received group size is larger than requested maximal.\nrequested: %d, received: %d\nAccept this?",
+ pvar->kexgex_max, grp_bits);
+ }
+
+ if (tmpbuf[0] != 0) {
+ if (MessageBox(NULL, tmpbuf, "TTSSH: confirm GEX group size", MB_YESNO | MB_ICONERROR) == IDNO) {
+ notify_fatal_error(pvar, "connection canceled.", FALSE);
+ goto error;
+ }
+ }
+
dh = DH_new();
if (dh == NULL)
goto error;