From 39eddd174a33fbc77f1dad5531d9c5b8e8022dbc Mon Sep 17 00:00:00 2001 From: Tingsong Xu Date: Tue, 21 May 2024 13:16:12 +0800 Subject: [PATCH 1/2] SSH2: handle SSH2_MSG_EXT_INFO out of login. --- phpseclib/Net/SSH2.php | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index bcc315875..516d1f9ff 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -3829,6 +3829,28 @@ function _filter($payload, $skip_channel_filter) } $payload = $this->_get_binary_packet($skip_channel_filter); } + break; + case NET_SSH2_MSG_EXT_INFO: + $this->_string_shift($payload, 1); + if (strlen($payload) < 4) { + return false; + } + $nr_extensions = unpack('Nlength', $this->_string_shift($payload, 4)); + for ($i = 0; $i < $nr_extensions['length']; $i++) { + if (strlen($payload) < 4) { + return false; + } + $temp = unpack('Nlength', $this->_string_shift($payload, 4)); + $extension_name = $this->_string_shift($payload, $temp['length']); + if ($extension_name == 'server-sig-algs') { + if (strlen($payload) < 4) { + return false; + } + $temp = unpack('Nlength', $this->_string_shift($payload, 4)); + $this->supported_private_key_algorithms = explode(',', $this->_string_shift($payload, $temp['length'])); + } + } + $payload = $this->_get_binary_packet($skip_channel_filter); } // see http://tools.ietf.org/html/rfc4252#section-5.4; only called when the encryption has been activated and when we haven't already logged in From da7b2398d69afe088272dc1e474065a66c6cf3bb Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sat, 25 May 2024 12:21:51 -0500 Subject: [PATCH 2/2] SSH2: CS adjustments --- phpseclib/Net/SSH2.php | 37 ++++++------------------------------- 1 file changed, 6 insertions(+), 31 deletions(-) diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index 38a47f7d9..ef16cd32a 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -2366,20 +2366,6 @@ private function login_helper($username, $password = null) } list($type) = Strings::unpackSSH2('C', $response); - - if ($type == NET_SSH2_MSG_EXT_INFO) { - list($nr_extensions) = Strings::unpackSSH2('N', $response); - for ($i = 0; $i < $nr_extensions; $i++) { - list($extension_name, $extension_value) = Strings::unpackSSH2('ss', $response); - if ($extension_name == 'server-sig-algs') { - $this->supported_private_key_algorithms = explode(',', $extension_value); - } - } - - $response = $this->get_binary_packet(); - list($type) = Strings::unpackSSH2('C', $response); - } - list($service) = Strings::unpackSSH2('s', $response); if ($type != NET_SSH2_MSG_SERVICE_ACCEPT || $service != 'ssh-userauth') { @@ -3852,26 +3838,15 @@ private function filter($payload, $skip_channel_filter) } break; case NET_SSH2_MSG_EXT_INFO: - $this->_string_shift($payload, 1); - if (strlen($payload) < 4) { - return false; - } - $nr_extensions = unpack('Nlength', $this->_string_shift($payload, 4)); - for ($i = 0; $i < $nr_extensions['length']; $i++) { - if (strlen($payload) < 4) { - return false; - } - $temp = unpack('Nlength', $this->_string_shift($payload, 4)); - $extension_name = $this->_string_shift($payload, $temp['length']); + Strings::shift($payload, 1); + list($nr_extensions) = Strings::unpackSSH2('N', $payload); + for ($i = 0; $i < $nr_extensions; $i++) { + list($extension_name, $extension_value) = Strings::unpackSSH2('ss', $payload); if ($extension_name == 'server-sig-algs') { - if (strlen($payload) < 4) { - return false; - } - $temp = unpack('Nlength', $this->_string_shift($payload, 4)); - $this->supported_private_key_algorithms = explode(',', $this->_string_shift($payload, $temp['length'])); + $this->supported_private_key_algorithms = explode(',', $extension_value); } } - $payload = $this->_get_binary_packet($skip_channel_filter); + $payload = $this->get_binary_packet($skip_channel_filter); } // see http://tools.ietf.org/html/rfc4252#section-5.4; only called when the encryption has been activated and when we haven't already logged in