shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 02:38:09 +09:00
Code Issues Packages Projects Releases Wiki Activity

packet: Allow SSH2_MSG_EXT_INFO when authenticated

Browse Source 
When the server requests rekey, it can send the SSH2_MSG_EXT_INFO.  This
message was being filtered out by the packet filtering.  This includes a
test to enforce the filtering rules for this packet type.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Anderson Toshiyuki Sasaki
2018-12-07 18:19:33 +01:00
committed by Andreas Schneider
parent c3067f8e73
commit fe309ba43f
2 changed files with 36 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/packet.c
View File

@@ -264,13 +264,17 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
/* /*
* States required: * States required:
* - session_state == SSH_SESSION_STATE_AUTHENTICATING * - session_state == SSH_SESSION_STATE_AUTHENTICATING
* or session->session_state == SSH_SESSION_STATE_AUTHENTICATED
* (re-exchange)
* - dh_handshake_state == DH_STATE_FINISHED * - dh_handshake_state == DH_STATE_FINISHED
* *
* Transitions: * Transitions:
* - None * - None
* */ * */
if (session->session_state != SSH_SESSION_STATE_AUTHENTICATING) { if ((session->session_state != SSH_SESSION_STATE_AUTHENTICATING) &&
(session->session_state != SSH_SESSION_STATE_AUTHENTICATED))
{
rc = SSH_PACKET_DENIED; rc = SSH_PACKET_DENIED;
break; break;
} }

31
tests/unittests/torture_packet_filter.c
View File

@@ -464,6 +464,36 @@ static void torture_packet_filter_check_auth_success(void **state)
assert_int_equal(rc, 0); assert_int_equal(rc, 0);
} }
static void torture_packet_filter_check_msg_ext_info(void **state)
{
int rc;
global_state accepted[] = {
{
.flags = (COMPARE_SESSION_STATE |
COMPARE_DH_STATE),
.session = SSH_SESSION_STATE_AUTHENTICATING,
.dh = DH_STATE_FINISHED,
},
{
.flags = (COMPARE_SESSION_STATE |
COMPARE_DH_STATE),
.session = SSH_SESSION_STATE_AUTHENTICATED,
.dh = DH_STATE_FINISHED,
},
};
int accepted_count = 2;
/* Unused */
(void) state;
rc = check_message_in_all_states(accepted, accepted_count,
SSH2_MSG_EXT_INFO);
assert_int_equal(rc, 0);
}
static void torture_packet_filter_check_channel_open(void **state) static void torture_packet_filter_check_channel_open(void **state)
{ {
int rc; int rc;
@@ -494,6 +524,7 @@ int torture_run_tests(void)
cmocka_unit_test(torture_packet_filter_check_auth_success), cmocka_unit_test(torture_packet_filter_check_auth_success),
cmocka_unit_test(torture_packet_filter_check_channel_open), cmocka_unit_test(torture_packet_filter_check_channel_open),
cmocka_unit_test(torture_packet_filter_check_unfiltered), cmocka_unit_test(torture_packet_filter_check_unfiltered),
cmocka_unit_test(torture_packet_filter_check_msg_ext_info)
}; };
ssh_init(); ssh_init();