Similar to the patch I sent a moment ago for ssh.c, in sshd.c client_version_string and server_version_string could be moved from global variable to a variable within main().
Also, it fixes the same weird construct, where they are global variables, but then they assigned as shallow copies to the kex structure and freed there via kex_free().
A patch is attached. It is pretty straightforward. Markus
diff --git a/sshd.c b/sshd.c index ba26287..e0c0399 100644 --- a/sshd.c +++ b/sshd.c @@ -180,13 +180,6 @@ char **rexec_argv; int listen_socks[MAX_LISTEN_SOCKS]; int num_listen_socks = 0; -/* - * the client's version string, passed by sshd2 in compat mode. if != NULL, - * sshd will skip the version-number exchange - */ -char *client_version_string = NULL; -char *server_version_string = NULL; - /* Daemon's agent connection */ int auth_sock = -1; int have_agent = 0; @@ -248,7 +241,7 @@ struct passwd *privsep_pw = NULL; /* Prototypes for various functions defined later in this file. */ void destroy_sensitive_data(void); void demote_sensitive_data(void); -static void do_ssh2_kex(void); +static void do_ssh2_kex(const char *, const char *); /* * Close all listening sockets @@ -364,7 +357,7 @@ grace_alarm_handler(int sig) } static void -sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) +sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out, char **server_version_stringp, char **client_version_stringp) { u_int i; int remote_major, remote_minor; @@ -372,15 +365,15 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) char buf[256]; /* Must not be larger than remote_version. */ char remote_version[256]; /* Must be at least as big as buf. */ - xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", + xasprintf(server_version_stringp, "SSH-%d.%d-%.100s%s%s\r\n", PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, *options.version_addendum == '\0' ? "" : " ", options.version_addendum); /* Send our protocol version identification. */ - if (atomicio(vwrite, sock_out, server_version_string, - strlen(server_version_string)) - != strlen(server_version_string)) { + if (atomicio(vwrite, sock_out, *server_version_stringp, + strlen(*server_version_stringp)) + != strlen(*server_version_stringp)) { logit("Could not write ident string to %s port %d", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); cleanup_exit(255); @@ -409,18 +402,18 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) } } buf[sizeof(buf) - 1] = 0; - client_version_string = xstrdup(buf); + *client_version_stringp = xstrdup(buf); /* * Check that the versions match. In future this might accept * several versions and set appropriate flags to handle them. */ - if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n", + if (sscanf(*client_version_stringp, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor, remote_version) != 3) { s = "Protocol mismatch.\n"; (void) atomicio(vwrite, sock_out, s, strlen(s)); logit("Bad protocol version identification '%.100s' " - "from %s port %d", client_version_string, + "from %s port %d", *client_version_stringp, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); close(sock_in); close(sock_out); @@ -434,13 +427,13 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) if ((ssh->compat & SSH_BUG_PROBE) != 0) { logit("probed from %s port %d with %s. Don't panic.", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), - client_version_string); + *client_version_stringp); cleanup_exit(255); } if ((ssh->compat & SSH_BUG_SCANNER) != 0) { logit("scanned from %s port %d with %s. Don't panic.", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), - client_version_string); + *client_version_stringp); cleanup_exit(255); } if ((ssh->compat & SSH_BUG_RSASIGMD5) != 0) { @@ -448,8 +441,8 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) "scheme; disabling use of RSA keys", remote_version); } - chop(server_version_string); - debug("Local version string %.200s", server_version_string); + chop(*server_version_stringp); + debug("Local version string %.200s", *server_version_stringp); if (remote_major != 2 && !(remote_major == 1 && remote_minor == 99)) { @@ -460,7 +453,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) logit("Protocol major versions differ for %s port %d: " "%.200s vs. %.200s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), - server_version_string, client_version_string); + *server_version_stringp, *client_version_stringp); cleanup_exit(255); } } @@ -1482,6 +1475,8 @@ main(int ac, char **av) int keytype; Authctxt *authctxt; struct connection_info *connection_info = NULL; + char *client_version_string = NULL; + char *server_version_string = NULL; ssh_malloc_init(); /* must be called before any mallocs */ @@ -2116,7 +2111,7 @@ main(int ac, char **av) if (!debug_flag) alarm(options.login_grace_time); - sshd_exchange_identification(ssh, sock_in, sock_out); + sshd_exchange_identification(ssh, sock_in, sock_out, &server_version_string, &client_version_string); packet_set_nonblocking(); /* allocate authentication context */ @@ -2148,7 +2143,7 @@ main(int ac, char **av) /* perform the key exchange */ /* authenticate user and start session */ - do_ssh2_kex(); + do_ssh2_kex(server_version_string, client_version_string); do_authentication2(authctxt); /* @@ -2231,6 +2226,9 @@ main(int ac, char **av) if (use_privsep) mm_terminate(); + free(server_version_string); + free(client_version_string); + exit(0); } @@ -2260,7 +2258,7 @@ sshd_hostkey_sign(struct sshkey *privkey, struct sshkey *pubkey, /* SSH2 key exchange */ static void -do_ssh2_kex(void) +do_ssh2_kex(const char *server_version_string, const char *client_version_string) { char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; struct kex *kex; @@ -2305,8 +2303,8 @@ do_ssh2_kex(void) #endif kex->kex[KEX_C25519_SHA256] = kexc25519_server; kex->server = 1; - kex->client_version_string=client_version_string; - kex->server_version_string=server_version_string; + kex->client_version_string = xstrdup(client_version_string); + kex->server_version_string = xstrdup(server_version_string); kex->load_host_public_key=&get_hostkey_public_by_type; kex->load_host_private_key=&get_hostkey_private_by_type; kex->host_key_index=&get_hostkey_index;
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev