simon-git: putty (master): Simon Tatham
Commits to Tartarus hosted VCS
tartarus-commits at lists.tartarus.org
Tue Jul 10 21:31:07 BST 2018
TL;DR:
445fa12d Fix duplicate packets in CBC mode.
bcb94f96 Make compression functions return void.
20a9bd56 Move password-packet padding into the BPP module.
Repository: https://git.tartarus.org/simon/putty.git
On the web: https://git.tartarus.org/?p=simon/putty.git
Branch updated: master
Committer: Simon Tatham <anakin at pobox.com>
Date: 2018-07-10 21:31:07
commit 445fa12da70b901a37a56779bb4179fe72156db1
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=445fa12da70b901a37a56779bb4179fe72156db1;hp=d4abff521a7cba4c703fbe0bdbaa3b9607c0ac24
Author: Simon Tatham <anakin at pobox.com>
Date: Tue Jul 10 21:04:32 2018 +0100
Fix duplicate packets in CBC mode.
Yesterday's reinstatement of ssh_free_pktout revealed - via valgrind
spotting the use-after-free - that the code that prefixed sensible
packets with IV-muddling SSH_MSG_IGNOREs was actually sending a second
copy of the sensible packet in place of the IGNORE, due to a typo.
ssh.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit bcb94f966e4aeca2a9619b87dfe96d546fde16c6
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=bcb94f966e4aeca2a9619b87dfe96d546fde16c6;hp=445fa12da70b901a37a56779bb4179fe72156db1
Author: Simon Tatham <anakin at pobox.com>
Date: Tue Jul 10 21:27:43 2018 +0100
Make compression functions return void.
The return value wasn't used to indicate failure; it only indicated
whether any compression was being done at all or whether the
compression method was ssh_comp_none, and we can tell the latter just
as well by the fact that its init function returns a null context
pointer.
ssh.c | 10 +++++++---
ssh.h | 8 ++++----
ssh2bpp.c | 20 +++++++++-----------
sshzlib.c | 6 ++----
4 files changed, 22 insertions(+), 22 deletions(-)
commit 20a9bd5642ac66ae1190069989d33c5fcefe5672
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=20a9bd5642ac66ae1190069989d33c5fcefe5672;hp=bcb94f966e4aeca2a9619b87dfe96d546fde16c6
Author: Simon Tatham <anakin at pobox.com>
Date: Mon Jul 9 20:30:11 2018 +0100
Move password-packet padding into the BPP module.
Now when we construct a packet containing sensitive data, we just set
a field saying '... and make it take up at least this much space, to
disguise its true size', and nothing in the rest of the system worries
about that flag until ssh2bpp.c acts on it.
Also, I've changed the strategy for doing the padding. Previously, we
were following the real packet with an SSH_MSG_IGNORE to make up the
size. But that was only a partial defence: it works OK against passive
traffic analysis, but an attacker proxying the TCP stream and
dribbling it out one byte at a time could still have found out the
size of the real packet by noting when the dribbled data provoked a
response. Now I put the SSH_MSG_IGNORE _first_, which should defeat
that attack.
But that in turn doesn't work when we're doing compression, because we
can't predict the compressed sizes accurately enough to make that
strategy sensible. Fortunately, compression provides an alternative
strategy anyway: if we've got zlib turned on when we send one of these
sensitive packets, then we can pad out the compressed zlib data as
much as we like by adding empty RFC1951 blocks (effectively chaining
ZLIB_PARTIAL_FLUSHes). So both strategies should now be dribble-proof.
ssh.c | 87 ++++------------------------
ssh.h | 8 +--
ssh1bpp.c | 2 +-
ssh2bpp.c | 108 ++++++++++++++++++++++++++++-------
sshbpp.h | 1 -
sshzlib.c | 192 ++++++++++++++++----------------------------------------------
6 files changed, 152 insertions(+), 246 deletions(-)
More information about the tartarus-commits
mailing list