Skip to content

Commit 3095060

Browse files
committed
Remove support for pre-authentication compression. Doing compression
early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years.
1 parent f9b0f55 commit 3095060

13 files changed

+19
-589
lines changed

Diff for: usr.bin/ssh/monitor.c

+1-47
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/* $OpenBSD: monitor.c,v 1.165 2016/09/05 13:57:31 djm Exp $ */
1+
/* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */
22
/*
33
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
44
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -70,7 +70,6 @@
7070
#include "misc.h"
7171
#include "servconf.h"
7272
#include "monitor.h"
73-
#include "monitor_mm.h"
7473
#ifdef GSSAPI
7574
#include "ssh-gss.h"
7675
#endif
@@ -335,31 +334,6 @@ monitor_child_postauth(struct monitor *pmonitor)
335334
monitor_read(pmonitor, mon_dispatch, NULL);
336335
}
337336

338-
void
339-
monitor_sync(struct monitor *pmonitor)
340-
{
341-
if (options.compression) {
342-
/* The member allocation is not visible, so sync it */
343-
mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback);
344-
}
345-
}
346-
347-
/* Allocation functions for zlib */
348-
static void *
349-
mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
350-
{
351-
if (size == 0 || ncount == 0 || ncount > SIZE_MAX / size)
352-
fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
353-
354-
return mm_malloc(mm, size * ncount);
355-
}
356-
357-
static void
358-
mm_zfree(struct mm_master *mm, void *address)
359-
{
360-
mm_free(mm, address);
361-
}
362-
363337
static int
364338
monitor_read_log(struct monitor *pmonitor)
365339
{
@@ -1292,13 +1266,6 @@ monitor_apply_keystate(struct monitor *pmonitor)
12921266
kex->host_key_index=&get_hostkey_index;
12931267
kex->sign = sshd_hostkey_sign;
12941268
}
1295-
1296-
/* Update with new address */
1297-
if (options.compression) {
1298-
ssh_packet_set_compress_hooks(ssh, pmonitor->m_zlib,
1299-
(ssh_packet_comp_alloc_func *)mm_zalloc,
1300-
(ssh_packet_comp_free_func *)mm_zfree);
1301-
}
13021269
}
13031270

13041271
/* This function requries careful sanity checking */
@@ -1351,24 +1318,11 @@ monitor_openfds(struct monitor *mon, int do_logfds)
13511318
struct monitor *
13521319
monitor_init(void)
13531320
{
1354-
struct ssh *ssh = active_state; /* XXX */
13551321
struct monitor *mon;
13561322

13571323
mon = xcalloc(1, sizeof(*mon));
1358-
13591324
monitor_openfds(mon, 1);
13601325

1361-
/* Used to share zlib space across processes */
1362-
if (options.compression) {
1363-
mon->m_zback = mm_create(NULL, MM_MEMSIZE);
1364-
mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE);
1365-
1366-
/* Compression needs to share state across borders */
1367-
ssh_packet_set_compress_hooks(ssh, mon->m_zlib,
1368-
(ssh_packet_comp_alloc_func *)mm_zalloc,
1369-
(ssh_packet_comp_free_func *)mm_zfree);
1370-
}
1371-
13721326
return mon;
13731327
}
13741328

Diff for: usr.bin/ssh/monitor.h

+1-5
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/* $OpenBSD: monitor.h,v 1.19 2015/01/19 19:52:16 markus Exp $ */
1+
/* $OpenBSD: monitor.h,v 1.20 2016/09/28 16:33:07 djm Exp $ */
22

33
/*
44
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -58,21 +58,17 @@ enum monitor_reqtype {
5858
MONITOR_REQ_TERM = 50,
5959
};
6060

61-
struct mm_master;
6261
struct monitor {
6362
int m_recvfd;
6463
int m_sendfd;
6564
int m_log_recvfd;
6665
int m_log_sendfd;
67-
struct mm_master *m_zback;
68-
struct mm_master *m_zlib;
6966
struct kex **m_pkex;
7067
pid_t m_pid;
7168
};
7269

7370
struct monitor *monitor_init(void);
7471
void monitor_reinit(struct monitor *);
75-
void monitor_sync(struct monitor *);
7672

7773
struct Authctxt;
7874
void monitor_child_preauth(struct Authctxt *, struct monitor *);

0 commit comments

Comments
 (0)