Skip to content

Commit

Permalink
Merge pull request #416 from nextcloud/dependabot/composer/phpseclib/…
Browse files Browse the repository at this point in the history 
…phpseclib-2.0.25
  • Loading branch information
@dependabot-preview
dependabot-preview[bot] authored Mar 3, 2020
2 parents 78a79a6 + ed733cf commit 97fb70b
Show file tree
Hide file tree
Showing 10 changed files with 164 additions and 65 deletions.
2 changes: 1 addition & 1 deletion composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
"patchwork/utf8": "1.3.1",
"pear/archive_tar": "1.4.9",
"pear/pear-core-minimal": "^v1.10",
"phpseclib/phpseclib": "2.0.23",
"phpseclib/phpseclib": "2.0.25",
"php-opencloud/openstack": "3.0.7",
"pimple/pimple": "3.2.3",
"punic/punic": "^1.6",
Expand Down
12 changes: 6 additions & 6 deletions composer.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 6 additions & 6 deletions composer/installed.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2513,17 +2513,17 @@
},
{
"name": "phpseclib/phpseclib",
"version": "2.0.23",
"version_normalized": "2.0.23.0",
"version": "2.0.25",
"version_normalized": "2.0.25.0",
"source": {
"type": "git",
"url": "https://github.com/phpseclib/phpseclib.git",
"reference": "c78eb5058d5bb1a183133c36d4ba5b6675dfa099"
"reference": "c18159618ed7cd7ff721ac1a8fec7860a475d2f0"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/c78eb5058d5bb1a183133c36d4ba5b6675dfa099",
"reference": "c78eb5058d5bb1a183133c36d4ba5b6675dfa099",
"url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/c18159618ed7cd7ff721ac1a8fec7860a475d2f0",
"reference": "c18159618ed7cd7ff721ac1a8fec7860a475d2f0",
"shasum": ""
},
"require": {
Expand All @@ -2541,7 +2541,7 @@
"ext-mcrypt": "Install the Mcrypt extension in order to speed up a few other cryptographic operations.",
"ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations."
},
"time": "2019-09-17T03:41:22+00:00",
"time": "2020-02-25T04:16:50+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
Expand Down
6 changes: 3 additions & 3 deletions phpseclib/phpseclib/phpseclib/Crypt/RSA.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2762,7 +2762,7 @@ function _emsa_pss_verify($m, $em, $emBits)
// if $m is larger than two million terrabytes and you're using sha1, PKCS#1 suggests a "Label too long" error
// be output.

$emLen = ($emBits + 1) >> 3; // ie. ceil($emBits / 8);
$emLen = ($emBits + 7) >> 3; // ie. ceil($emBits / 8);
$sLen = $this->sLen !== null ? $this->sLen : $this->hLen;

$mHash = $this->hash->hash($m);
Expand Down Expand Up @@ -2840,15 +2840,15 @@ function _rsassa_pss_verify($m, $s)

// RSA verification

$modBits = 8 * $this->k;
$modBits = strlen($this->modulus->toBits());

$s2 = $this->_os2ip($s);
$m2 = $this->_rsavp1($s2);
if ($m2 === false) {
user_error('Invalid signature');
return false;
}
$em = $this->_i2osp($m2, $modBits >> 3);
$em = $this->_i2osp($m2, $this->k);
if ($em === false) {
user_error('Invalid signature');
return false;
Expand Down
5 changes: 4 additions & 1 deletion phpseclib/phpseclib/phpseclib/Crypt/Random.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,10 @@ static function string($length)
$fp = @fopen('/dev/urandom', 'rb');
}
if ($fp !== true && $fp !== false) { // surprisingly faster than !is_bool() or is_resource()
return fread($fp, $length);
$temp = fread($fp, $length);
if (strlen($temp) != $length) {
return $temp;
}
}
// method 3. pretty much does the same thing as method 2 per the following url:
// https://github.com/php/php-src/blob/7014a0eb6d1611151a286c0ff4f2238f92c120d6/ext/mcrypt/mcrypt.c#L1391
Expand Down
6 changes: 5 additions & 1 deletion phpseclib/phpseclib/phpseclib/File/X509.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2179,7 +2179,11 @@ static function _fetchURL($url)
}

while (!feof($fsock)) {
$data.= fread($fsock, 1024);
$temp = fread($fsock, 1024);
if ($temp === false) {
return false;
}
$data.= $temp;
}

break;
Expand Down
3 changes: 3 additions & 0 deletions phpseclib/phpseclib/phpseclib/Net/SSH1.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1124,6 +1124,9 @@ function _get_binary_packet()

while ($length > 0) {
$temp = fread($this->fsock, $length);
if (strlen($temp) != $length) {
return false;
}
$raw.= $temp;
$length-= strlen($temp);
}
Expand Down
119 changes: 79 additions & 40 deletions phpseclib/phpseclib/phpseclib/Net/SSH2.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -592,6 +592,20 @@ class SSH2
*/
var $window_size = 0x7FFFFFFF;

/**
* What we resize the window to
*
* When PuTTY resizes the window it doesn't add an additional 0x7FFFFFFF bytes - it adds 0x40000000 bytes.
* Some SFTP clients (GoAnywhere) don't support adding 0x7FFFFFFF to the window size after the fact so
* we'll just do what PuTTY does
*
* @var int
* @see self::_send_channel_packet()
* @see self::exec()
* @access private
*/
var $window_resize = 0x40000000;

/**
* Window size, server to client
*
Expand Down Expand Up @@ -1204,6 +1218,9 @@ function _connect()
if (strlen($temp) == 255) {
continue;
}
if ($temp === false) {
return false;
}

$line.= "$temp\n";

Expand Down Expand Up @@ -1527,8 +1544,8 @@ function _key_exchange($kexinit_payload_server = false)
if ($kex_algorithm === 'curve25519-sha256@libssh.org') {
$x = Random::string(32);
$eBytes = sodium_crypto_box_publickey_from_secretkey($x);
$clientKexInitMessage = NET_SSH2_MSG_KEX_ECDH_INIT;
$serverKexReplyMessage = NET_SSH2_MSG_KEX_ECDH_REPLY;
$clientKexInitMessage = 'NET_SSH2_MSG_KEX_ECDH_INIT';
$serverKexReplyMessage = 'NET_SSH2_MSG_KEX_ECDH_REPLY';
$kexHash = new Hash('sha256');
} else {
if (strpos($kex_algorithm, 'diffie-hellman-group-exchange') === 0) {
Expand All @@ -1546,6 +1563,7 @@ function _key_exchange($kexinit_payload_server = false)
if (!$this->_send_binary_packet($packet)) {
return false;
}
$this->_updateLogHistory('UNKNOWN (34)', 'NET_SSH2_MSG_KEXDH_GEX_REQUEST');

$response = $this->_get_binary_packet();
if ($response === false) {
Expand All @@ -1558,6 +1576,7 @@ function _key_exchange($kexinit_payload_server = false)
user_error('Expected SSH_MSG_KEX_DH_GEX_GROUP');
return false;
}
$this->_updateLogHistory('NET_SSH2_MSG_KEXDH_REPLY', 'NET_SSH2_MSG_KEXDH_GEX_GROUP');

if (strlen($response) < 4) {
return false;
Expand All @@ -1582,8 +1601,8 @@ function _key_exchange($kexinit_payload_server = false)
$gBytes
);

$clientKexInitMessage = NET_SSH2_MSG_KEXDH_GEX_INIT;
$serverKexReplyMessage = NET_SSH2_MSG_KEXDH_GEX_REPLY;
$clientKexInitMessage = 'NET_SSH2_MSG_KEXDH_GEX_INIT';
$serverKexReplyMessage = 'NET_SSH2_MSG_KEXDH_GEX_REPLY';
} else {
switch ($kex_algorithm) {
// see http://tools.ietf.org/html/rfc2409#section-6.2 and
Expand All @@ -1610,8 +1629,8 @@ function _key_exchange($kexinit_payload_server = false)
// the generator field element is 2 (decimal) and the hash function is sha1.
$g = new BigInteger(2);
$prime = new BigInteger($prime, 16);
$clientKexInitMessage = NET_SSH2_MSG_KEXDH_INIT;
$serverKexReplyMessage = NET_SSH2_MSG_KEXDH_REPLY;
$clientKexInitMessage = 'NET_SSH2_MSG_KEXDH_INIT';
$serverKexReplyMessage = 'NET_SSH2_MSG_KEXDH_REPLY';
}

switch ($kex_algorithm) {
Expand Down Expand Up @@ -1639,13 +1658,20 @@ function _key_exchange($kexinit_payload_server = false)

$eBytes = $e->toBytes(true);
}
$data = pack('CNa*', $clientKexInitMessage, strlen($eBytes), $eBytes);
$data = pack('CNa*', constant($clientKexInitMessage), strlen($eBytes), $eBytes);

if (!$this->_send_binary_packet($data)) {
$this->bitmap = 0;
user_error('Connection closed by server');
return false;
}
switch ($clientKexInitMessage) {
case 'NET_SSH2_MSG_KEX_ECDH_INIT':
$this->_updateLogHistory('NET_SSH2_MSG_KEXDH_INIT', 'NET_SSH2_MSG_KEX_ECDH_INIT');
break;
case 'NET_SSH2_MSG_KEXDH_GEX_INIT':
$this->_updateLogHistory('UNKNOWN (32)', 'NET_SSH2_MSG_KEXDH_GEX_INIT');
}

$response = $this->_get_binary_packet();
if ($response === false) {
Expand All @@ -1658,10 +1684,17 @@ function _key_exchange($kexinit_payload_server = false)
}
extract(unpack('Ctype', $this->_string_shift($response, 1)));

if ($type != $serverKexReplyMessage) {
user_error('Expected SSH_MSG_KEXDH_REPLY');
if ($type != constant($serverKexReplyMessage)) {
user_error("Expected $serverKexReplyMessage");
return false;
}
switch ($serverKexReplyMessage) {
case 'NET_SSH2_MSG_KEX_ECDH_REPLY':
$this->_updateLogHistory('NET_SSH2_MSG_KEXDH_REPLY', 'NET_SSH2_MSG_KEX_ECDH_REPLY');
break;
case 'NET_SSH2_MSG_KEXDH_GEX_REPLY':
$this->_updateLogHistory('UNKNOWN (33)', 'NET_SSH2_MSG_KEXDH_GEX_REPLY');
}

if (strlen($response) < 4) {
return false;
Expand Down Expand Up @@ -1699,7 +1732,14 @@ function _key_exchange($kexinit_payload_server = false)
return false;
}
$key = new BigInteger(sodium_crypto_scalarmult($x, $fBytes), 256);
sodium_memzero($x);
// sodium_compat doesn't emulate sodium_memzero
// also, with v1 of libsodium API the extension identifies itself as
// libsodium whereas v2 of the libsodium API (what PHP 7.2+ includes)
// identifies itself as sodium. sodium_compat uses the v1 API to
// emulate the v2 API if it's the v1 API that's available
if (extension_loaded('sodium') || extension_loaded('libsodium')) {
sodium_memzero($x);
}
} else {
$f = new BigInteger($fBytes, -256);
$key = $f->modPow($x, $prime);
Expand Down Expand Up @@ -2277,9 +2317,7 @@ function _login_helper($username, $password = null)

switch ($type) {
case NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ: // in theory, the password can be changed
if (defined('NET_SSH2_LOGGING')) {
$this->message_number_log[count($this->message_number_log) - 1] = 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ';
}
$this->_updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ');
if (strlen($response) < 4) {
return false;
}
Expand Down Expand Up @@ -2430,12 +2468,8 @@ function _keyboard_interactive_process()
// see http://tools.ietf.org/html/rfc4256#section-3.2
if (strlen($this->last_interactive_response)) {
$this->last_interactive_response = '';
} elseif (defined('NET_SSH2_LOGGING')) {
$this->message_number_log[count($this->message_number_log) - 1] = str_replace(
'UNKNOWN',
'NET_SSH2_MSG_USERAUTH_INFO_REQUEST',
$this->message_number_log[count($this->message_number_log) - 1]
);
} else {
$this->_updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_INFO_REQUEST');
}

if (!count($responses) && $num_prompts) {
Expand All @@ -2458,13 +2492,7 @@ function _keyboard_interactive_process()
return false;
}

if (defined('NET_SSH2_LOGGING') && NET_SSH2_LOGGING == self::LOG_COMPLEX) {
$this->message_number_log[count($this->message_number_log) - 1] = str_replace(
'UNKNOWN',
'NET_SSH2_MSG_USERAUTH_INFO_RESPONSE',
$this->message_number_log[count($this->message_number_log) - 1]
);
}
$this->_updateLogHistory('UNKNOWN (61)', 'NET_SSH2_MSG_USERAUTH_INFO_RESPONSE');

/*
After receiving the response, the server MUST send either an
Expand Down Expand Up @@ -2591,13 +2619,7 @@ function _privatekey_login($username, $privatekey)
case NET_SSH2_MSG_USERAUTH_PK_OK:
// we'll just take it on faith that the public key blob and the public key algorithm name are as
// they should be
if (defined('NET_SSH2_LOGGING') && NET_SSH2_LOGGING == self::LOG_COMPLEX) {
$this->message_number_log[count($this->message_number_log) - 1] = str_replace(
'UNKNOWN',
'NET_SSH2_MSG_USERAUTH_PK_OK',
$this->message_number_log[count($this->message_number_log) - 1]
);
}
$this->_updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_PK_OK');
}

$packet = $part1 . chr(1) . $part2;
Expand Down Expand Up @@ -3695,11 +3717,13 @@ function _get_channel_packet($client_channel, $skip_extended = false)

// resize the window, if appropriate
if ($this->window_size_server_to_client[$channel] < 0) {
$packet = pack('CNN', NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST, $this->server_channels[$channel], $this->window_size);
// PuTTY does something more analogous to the following:
//if ($this->window_size_server_to_client[$channel] < 0x3FFFFFFF) {
$packet = pack('CNN', NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST, $this->server_channels[$channel], $this->window_resize);
if (!$this->_send_binary_packet($packet)) {
return false;
}
$this->window_size_server_to_client[$channel]+= $this->window_size;
$this->window_size_server_to_client[$channel]+= $this->window_resize;
}

switch ($type) {
Expand Down Expand Up @@ -4450,7 +4474,7 @@ function getLanguagesClient2Server()
* @return array
* @access public
*/
public function getServerAlgorithms()
function getServerAlgorithms()
{
$this->_connect();

Expand Down Expand Up @@ -4582,10 +4606,7 @@ function getSupportedEncryptionAlgorithms()
switch ($algo) {
case 'arcfour128':
case 'arcfour256':
if ($engine == Base::ENGINE_INTERNAL) {
$algos = array_diff($algos, array($algo));
$ciphers[] = $algo;
} else {
if ($engine != Base::ENGINE_INTERNAL) {
continue 2;
}
}
Expand Down Expand Up @@ -5040,4 +5061,22 @@ function setWindowSize($columns = 80, $rows = 24)
$this->windowColumns = $columns;
$this->windowRows = $rows;
}

/**
* Update packet types in log history
*
* @param string $old
* @param string $new
* @access private
*/
function _updateLogHistory($old, $new)
{
if (defined('NET_SSH2_LOGGING') && NET_SSH2_LOGGING == self::LOG_COMPLEX) {
$this->message_number_log[count($this->message_number_log) - 1] = str_replace(
$old,
$new,
$this->message_number_log[count($this->message_number_log) - 1]
);
}
}
}
Loading

0 comments on commit 97fb70b

Please sign in to comment.