| 1 |
--- openssh-6.6p1/kex.c.orig 2017-12-27 19:05:27.270978025 -0500 |
| 2 |
+++ openssh-6.6p1/kex.c 2017-12-27 19:07:10.806525184 -0500 |
| 3 |
@@ -391,8 +391,6 @@ choose_comp(Comp *comp, char *client, ch |
| 4 |
fatal("no matching comp found: client %s server %s", client, server); |
| 5 |
if (strcmp(name, "zlib@openssh.com") == 0) { |
| 6 |
comp->type = COMP_DELAYED; |
| 7 |
- } else if (strcmp(name, "zlib") == 0) { |
| 8 |
- comp->type = COMP_ZLIB; |
| 9 |
} else if (strcmp(name, "none") == 0) { |
| 10 |
comp->type = COMP_NONE; |
| 11 |
} else { |
| 12 |
--- a/kex.h |
| 13 |
+++ b/kex.h |
| 14 |
@@ -44,12 +44,11 @@ |
| 15 |
#define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" |
| 16 |
#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" |
| 17 |
#define KEX_CURVE25519_SHA256 "curve25519-sha256@libssh.org" |
| 18 |
|
| 19 |
#define COMP_NONE 0 |
| 20 |
-#define COMP_ZLIB 1 |
| 21 |
-#define COMP_DELAYED 2 |
| 22 |
+#define COMP_DELAYED 1 |
| 23 |
|
| 24 |
enum kex_init_proposals { |
| 25 |
PROPOSAL_KEX_ALGS, |
| 26 |
PROPOSAL_SERVER_HOST_KEY_ALGS, |
| 27 |
PROPOSAL_ENC_ALGS_CTOS, |
| 28 |
--- openssh-6.6p1/Makefile.in.orig 2017-12-27 19:05:24.785989150 -0500 |
| 29 |
+++ openssh-6.6p1/Makefile.in 2017-12-27 19:05:27.271978020 -0500 |
| 30 |
@@ -92,7 +92,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw |
| 31 |
auth-chall.o auth2-chall.o groupaccess.o \ |
| 32 |
auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ |
| 33 |
auth2-none.o auth2-passwd.o auth2-pubkey.o \ |
| 34 |
- monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \ |
| 35 |
+ monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \ |
| 36 |
kexc25519s.o auth-krb5.o \ |
| 37 |
auth2-gss.o gss-serv.o gss-serv-krb5.o \ |
| 38 |
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ |
| 39 |
--- openssh-6.6p1/monitor.c.orig 2017-12-27 19:05:24.791989123 -0500 |
| 40 |
+++ openssh-6.6p1/monitor.c 2017-12-27 19:05:27.271978020 -0500 |
| 41 |
@@ -86,7 +86,6 @@ |
| 42 |
#include "log.h" |
| 43 |
#include "servconf.h" |
| 44 |
#include "monitor.h" |
| 45 |
-#include "monitor_mm.h" |
| 46 |
#ifdef GSSAPI |
| 47 |
#include "ssh-gss.h" |
| 48 |
#endif |
| 49 |
@@ -116,8 +115,6 @@ extern Buffer loginmsg; |
| 50 |
/* State exported from the child */ |
| 51 |
|
| 52 |
struct { |
| 53 |
- z_stream incoming; |
| 54 |
- z_stream outgoing; |
| 55 |
u_char *keyin; |
| 56 |
u_int keyinlen; |
| 57 |
u_char *keyout; |
| 58 |
@@ -478,15 +475,6 @@ monitor_child_postauth(struct monitor *p |
| 59 |
monitor_read(pmonitor, mon_dispatch, NULL); |
| 60 |
} |
| 61 |
|
| 62 |
-void |
| 63 |
-monitor_sync(struct monitor *pmonitor) |
| 64 |
-{ |
| 65 |
- if (options.compression) { |
| 66 |
- /* The member allocation is not visible, so sync it */ |
| 67 |
- mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback); |
| 68 |
- } |
| 69 |
-} |
| 70 |
- |
| 71 |
static int |
| 72 |
monitor_read_log(struct monitor *pmonitor) |
| 73 |
{ |
| 74 |
@@ -1783,15 +1771,6 @@ monitor_apply_keystate(struct monitor *p |
| 75 |
free(child_state.ivin); |
| 76 |
} |
| 77 |
|
| 78 |
- memcpy(&incoming_stream, &child_state.incoming, |
| 79 |
- sizeof(incoming_stream)); |
| 80 |
- memcpy(&outgoing_stream, &child_state.outgoing, |
| 81 |
- sizeof(outgoing_stream)); |
| 82 |
- |
| 83 |
- /* Update with new address */ |
| 84 |
- if (options.compression) |
| 85 |
- mm_init_compression(pmonitor->m_zlib); |
| 86 |
- |
| 87 |
if (options.rekey_limit || options.rekey_interval) |
| 88 |
packet_set_rekey_limits((u_int32_t)options.rekey_limit, |
| 89 |
(time_t)options.rekey_interval); |
| 90 |
@@ -1863,8 +1842,8 @@ void |
| 91 |
mm_get_keystate(struct monitor *pmonitor) |
| 92 |
{ |
| 93 |
Buffer m; |
| 94 |
- u_char *blob, *p; |
| 95 |
- u_int bloblen, plen; |
| 96 |
+ u_char *blob; |
| 97 |
+ u_int bloblen; |
| 98 |
u_int32_t seqnr, packets; |
| 99 |
u_int64_t blocks, bytes; |
| 100 |
|
| 101 |
@@ -1912,20 +1891,6 @@ mm_get_keystate(struct monitor *pmonitor |
| 102 |
child_state.keyout = buffer_get_string(&m, &child_state.keyoutlen); |
| 103 |
child_state.keyin = buffer_get_string(&m, &child_state.keyinlen); |
| 104 |
|
| 105 |
- debug3("%s: Getting compression state", __func__); |
| 106 |
- /* Get compression state */ |
| 107 |
- p = buffer_get_string(&m, &plen); |
| 108 |
- if (plen != sizeof(child_state.outgoing)) |
| 109 |
- fatal("%s: bad request size", __func__); |
| 110 |
- memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); |
| 111 |
- free(p); |
| 112 |
- |
| 113 |
- p = buffer_get_string(&m, &plen); |
| 114 |
- if (plen != sizeof(child_state.incoming)) |
| 115 |
- fatal("%s: bad request size", __func__); |
| 116 |
- memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); |
| 117 |
- free(p); |
| 118 |
- |
| 119 |
/* Network I/O buffers */ |
| 120 |
debug3("%s: Getting Network I/O buffers", __func__); |
| 121 |
child_state.input = buffer_get_string(&m, &child_state.ilen); |
| 122 |
@@ -1940,40 +1905,6 @@ mm_get_keystate(struct monitor *pmonitor |
| 123 |
buffer_free(&m); |
| 124 |
} |
| 125 |
|
| 126 |
- |
| 127 |
-/* Allocation functions for zlib */ |
| 128 |
-void * |
| 129 |
-mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) |
| 130 |
-{ |
| 131 |
- size_t len = (size_t) size * ncount; |
| 132 |
- void *address; |
| 133 |
- |
| 134 |
- if (len == 0 || ncount > SIZE_T_MAX / size) |
| 135 |
- fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); |
| 136 |
- |
| 137 |
- address = mm_malloc(mm, len); |
| 138 |
- |
| 139 |
- return (address); |
| 140 |
-} |
| 141 |
- |
| 142 |
-void |
| 143 |
-mm_zfree(struct mm_master *mm, void *address) |
| 144 |
-{ |
| 145 |
- mm_free(mm, address); |
| 146 |
-} |
| 147 |
- |
| 148 |
-void |
| 149 |
-mm_init_compression(struct mm_master *mm) |
| 150 |
-{ |
| 151 |
- outgoing_stream.zalloc = (alloc_func)mm_zalloc; |
| 152 |
- outgoing_stream.zfree = (free_func)mm_zfree; |
| 153 |
- outgoing_stream.opaque = mm; |
| 154 |
- |
| 155 |
- incoming_stream.zalloc = (alloc_func)mm_zalloc; |
| 156 |
- incoming_stream.zfree = (free_func)mm_zfree; |
| 157 |
- incoming_stream.opaque = mm; |
| 158 |
-} |
| 159 |
- |
| 160 |
/* XXX */ |
| 161 |
|
| 162 |
#define FD_CLOSEONEXEC(x) do { \ |
| 163 |
@@ -2015,14 +1946,6 @@ monitor_init(void) |
| 164 |
|
| 165 |
monitor_openfds(mon, 1); |
| 166 |
|
| 167 |
- /* Used to share zlib space across processes */ |
| 168 |
- if (options.compression) { |
| 169 |
- mon->m_zback = mm_create(NULL, MM_MEMSIZE); |
| 170 |
- mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE); |
| 171 |
- |
| 172 |
- /* Compression needs to share state across borders */ |
| 173 |
- mm_init_compression(mon->m_zlib); |
| 174 |
- } |
| 175 |
|
| 176 |
return mon; |
| 177 |
} |
| 178 |
--- openssh-6.6p1/monitor.h.orig 2014-02-03 19:12:57.000000000 -0500 |
| 179 |
+++ openssh-6.6p1/monitor.h 2017-12-27 19:05:27.271978020 -0500 |
| 180 |
@@ -67,21 +67,17 @@ enum monitor_reqtype { |
| 181 |
|
| 182 |
}; |
| 183 |
|
| 184 |
-struct mm_master; |
| 185 |
struct monitor { |
| 186 |
int m_recvfd; |
| 187 |
int m_sendfd; |
| 188 |
int m_log_recvfd; |
| 189 |
int m_log_sendfd; |
| 190 |
- struct mm_master *m_zback; |
| 191 |
- struct mm_master *m_zlib; |
| 192 |
struct Kex **m_pkex; |
| 193 |
pid_t m_pid; |
| 194 |
}; |
| 195 |
|
| 196 |
struct monitor *monitor_init(void); |
| 197 |
void monitor_reinit(struct monitor *); |
| 198 |
-void monitor_sync(struct monitor *); |
| 199 |
|
| 200 |
struct Authctxt; |
| 201 |
void monitor_child_preauth(struct Authctxt *, struct monitor *); |
| 202 |
--- openssh-6.6p1/monitor_wrap.c.orig 2017-12-27 19:05:24.792989119 -0500 |
| 203 |
+++ openssh-6.6p1/monitor_wrap.c 2017-12-27 19:05:27.271978020 -0500 |
| 204 |
@@ -145,7 +145,6 @@ mm_request_receive(int sock, Buffer *m) |
| 205 |
u_int msg_len; |
| 206 |
|
| 207 |
debug3("%s entering", __func__); |
| 208 |
- |
| 209 |
if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) { |
| 210 |
if (errno == EPIPE) |
| 211 |
cleanup_exit(255); |
| 212 |
@@ -512,7 +511,6 @@ mm_newkeys_from_blob(u_char *blob, int b |
| 213 |
|
| 214 |
/* Comp structure */ |
| 215 |
comp->type = buffer_get_int(&b); |
| 216 |
- comp->enabled = buffer_get_int(&b); |
| 217 |
comp->name = buffer_get_string(&b, NULL); |
| 218 |
|
| 219 |
len = buffer_len(&b); |
| 220 |
@@ -562,7 +560,6 @@ mm_newkeys_to_blob(int mode, u_char **bl |
| 221 |
|
| 222 |
/* Comp structure */ |
| 223 |
buffer_put_int(&b, comp->type); |
| 224 |
- buffer_put_int(&b, comp->enabled); |
| 225 |
buffer_put_cstring(&b, comp->name); |
| 226 |
|
| 227 |
len = buffer_len(&b); |
| 228 |
@@ -674,11 +671,6 @@ mm_send_keystate(struct monitor *monitor |
| 229 |
buffer_put_string(&m, p, plen); |
| 230 |
free(p); |
| 231 |
|
| 232 |
- /* Compression state */ |
| 233 |
- debug3("%s: Sending compression state", __func__); |
| 234 |
- buffer_put_string(&m, &outgoing_stream, sizeof(outgoing_stream)); |
| 235 |
- buffer_put_string(&m, &incoming_stream, sizeof(incoming_stream)); |
| 236 |
- |
| 237 |
/* Network I/O buffers */ |
| 238 |
input = (Buffer *)packet_get_input(); |
| 239 |
output = (Buffer *)packet_get_output(); |
| 240 |
--- openssh-6.6p1/monitor_wrap.h.orig 2014-02-03 19:12:57.000000000 -0500 |
| 241 |
+++ openssh-6.6p1/monitor_wrap.h 2017-12-27 19:05:27.271978020 -0500 |
| 242 |
@@ -102,10 +102,4 @@ int mm_bsdauth_respond(void *, u_int, ch |
| 243 |
int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **); |
| 244 |
int mm_skey_respond(void *, u_int, char **); |
| 245 |
|
| 246 |
-/* zlib allocation hooks */ |
| 247 |
- |
| 248 |
-void *mm_zalloc(struct mm_master *, u_int, u_int); |
| 249 |
-void mm_zfree(struct mm_master *, void *); |
| 250 |
-void mm_init_compression(struct mm_master *); |
| 251 |
- |
| 252 |
#endif /* _MM_WRAP_H_ */ |
| 253 |
--- openssh-6.6p1/myproposal.h.orig 2013-12-06 19:24:02.000000000 -0500 |
| 254 |
+++ openssh-6.6p1/myproposal.h 2017-12-27 19:05:27.271978020 -0500 |
| 255 |
@@ -130,7 +130,7 @@ |
| 256 |
"hmac-sha1-96," \ |
| 257 |
"hmac-md5-96" |
| 258 |
|
| 259 |
-#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" |
| 260 |
+#define KEX_DEFAULT_COMP "none,zlib@openssh.com" |
| 261 |
#define KEX_DEFAULT_LANG "" |
| 262 |
|
| 263 |
|
| 264 |
--- openssh-6.6p1/packet.c.orig 2014-02-03 19:20:15.000000000 -0500 |
| 265 |
+++ openssh-6.6p1/packet.c 2017-12-27 19:05:27.272978015 -0500 |
| 266 |
@@ -790,8 +790,7 @@ set_newkeys(int mode) |
| 267 |
/* explicit_bzero(enc->iv, enc->block_size); |
| 268 |
explicit_bzero(enc->key, enc->key_len); |
| 269 |
explicit_bzero(mac->key, mac->key_len); */ |
| 270 |
- if ((comp->type == COMP_ZLIB || |
| 271 |
- (comp->type == COMP_DELAYED && |
| 272 |
+ if (((comp->type == COMP_DELAYED && |
| 273 |
active_state->after_authentication)) && comp->enabled == 0) { |
| 274 |
packet_init_compression(); |
| 275 |
if (mode == MODE_OUT) |
| 276 |
@@ -799,6 +798,7 @@ set_newkeys(int mode) |
| 277 |
else |
| 278 |
buffer_compress_init_recv(); |
| 279 |
comp->enabled = 1; |
| 280 |
+ |
| 281 |
} |
| 282 |
/* |
| 283 |
* The 2^(blocksize*2) limit is too expensive for 3DES, |
| 284 |
@@ -1989,6 +1989,7 @@ void |
| 285 |
packet_set_authenticated(void) |
| 286 |
{ |
| 287 |
active_state->after_authentication = 1; |
| 288 |
+ packet_enable_delayed_compress(); |
| 289 |
} |
| 290 |
|
| 291 |
void * |
| 292 |
--- openssh-6.6p1/servconf.c.orig 2014-02-03 19:12:57.000000000 -0500 |
| 293 |
+++ openssh-6.6p1/servconf.c 2017-12-27 19:05:27.272978015 -0500 |
| 294 |
@@ -794,8 +794,8 @@ static const struct multistate multistat |
| 295 |
{ NULL, -1 } |
| 296 |
}; |
| 297 |
static const struct multistate multistate_compression[] = { |
| 298 |
+ { "yes", COMP_DELAYED }, |
| 299 |
{ "delayed", COMP_DELAYED }, |
| 300 |
- { "yes", COMP_ZLIB }, |
| 301 |
{ "no", COMP_NONE }, |
| 302 |
{ NULL, -1 } |
| 303 |
}; |
| 304 |
--- openssh-6.6p1/sshd.c.orig 2017-12-27 19:05:24.789989132 -0500 |
| 305 |
+++ openssh-6.6p1/sshd.c 2017-12-27 19:05:27.272978015 -0500 |
| 306 |
@@ -112,7 +112,6 @@ |
| 307 |
#include "dispatch.h" |
| 308 |
#include "channels.h" |
| 309 |
#include "session.h" |
| 310 |
-#include "monitor_mm.h" |
| 311 |
#include "monitor.h" |
| 312 |
#ifdef GSSAPI |
| 313 |
#include "ssh-gss.h" |
| 314 |
@@ -680,9 +679,6 @@ privsep_preauth(Authctxt *authctxt) |
| 315 |
ssh_sandbox_parent_preauth(box, pid); |
| 316 |
monitor_child_preauth(authctxt, pmonitor); |
| 317 |
|
| 318 |
- /* Sync memory */ |
| 319 |
- monitor_sync(pmonitor); |
| 320 |
- |
| 321 |
/* Wait for the child's exit status */ |
| 322 |
while (waitpid(pid, &status, 0) < 0) { |
| 323 |
if (errno == EINTR) |
| 324 |
@@ -2455,9 +2451,6 @@ do_ssh2_kex(void) |
| 325 |
if (options.compression == COMP_NONE) { |
| 326 |
myproposal[PROPOSAL_COMP_ALGS_CTOS] = |
| 327 |
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; |
| 328 |
- } else if (options.compression == COMP_DELAYED) { |
| 329 |
- myproposal[PROPOSAL_COMP_ALGS_CTOS] = |
| 330 |
- myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com"; |
| 331 |
} |
| 332 |
if (options.kex_algorithms != NULL) |
| 333 |
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; |
| 334 |
--- openssh-6.6p1/sshd_config.5.orig 2014-02-27 18:01:28.000000000 -0500 |
| 335 |
+++ openssh-6.6p1/sshd_config.5 2017-12-27 19:05:27.272978015 -0500 |
| 336 |
@@ -404,15 +404,17 @@ The default |
| 337 |
is 0, indicating that these messages will not be sent to the client. |
| 338 |
This option applies to protocol version 2 only. |
| 339 |
.It Cm Compression |
| 340 |
-Specifies whether compression is allowed, or delayed until |
| 341 |
+Specifies whether compression is enabled after |
| 342 |
the user has authenticated successfully. |
| 343 |
The argument must be |
| 344 |
.Dq yes , |
| 345 |
-.Dq delayed , |
| 346 |
+.Dq delayed |
| 347 |
+(a legacy synonym for |
| 348 |
+.Dq yes ) |
| 349 |
or |
| 350 |
.Dq no . |
| 351 |
The default is |
| 352 |
-.Dq delayed . |
| 353 |
+.Dq yes . |
| 354 |
.It Cm DenyGroups |
| 355 |
This keyword can be followed by a list of group name patterns, separated |
| 356 |
by spaces. |
Parent Directory
| 
Revision Log