svnno****@sourc*****
svnno****@sourc*****
2015年 5月 1日 (金) 01:27:32 JST
Tera TermRevision: 5841
http://sourceforge.jp/projects/ttssh2/scm/svn/commits/5841
Author: yutakapon
Date: 2015-05-01 01:27:29 +0900 (Fri, 01 May 2015)
Log Message:
-----------
チケット #35047 SSH サーバホスト公開鍵の自動更新
許可された(ユーザが設定した)ホスト鍵アルゴリズムのみを受け付けるようにした。
Ticket Links:
------------
http://sourceforge.jp/projects/ttssh2/tracker/detail/35047
Modified Paths:
--------------
trunk/ttssh2/ttxssh/key.c
trunk/ttssh2/ttxssh/ssh.c
-------------- next part --------------
Modified: trunk/ttssh2/ttxssh/key.c
===================================================================
--- trunk/ttssh2/ttxssh/key.c 2015-04-29 16:42:54 UTC (rev 5840)
+++ trunk/ttssh2/ttxssh/key.c 2015-04-30 16:27:29 UTC (rev 5841)
@@ -1849,7 +1849,30 @@
free(ctx);
}
+
+// \x8B\x96\x89‚\xB3\x82ꂽ\x83z\x83X\x83g\x8C\xAE\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82\xA9\x82\xF0\x83`\x83F\x83b\x83N\x82\xB7\x82\xE9\x81B
//
+// return 1: matched
+// 0: not matched
+//
+static int check_hostkey_algorithm(PTInstVar pvar, Key *key)
+{
+ int ret = 0;
+ int i, index;
+
+ for (i = 0; pvar->settings.HostKeyOrder[i] != 0; i++) {
+ index = pvar->settings.HostKeyOrder[i] - '0';
+ if (index == KEY_NONE) // disabled line
+ break;
+
+ if (strcmp(get_sshname_from_key(key), get_ssh_keytype_name(index)) == 0)
+ return 1;
+ }
+
+ return (ret);
+}
+
+//
// SSH\x83T\x81[\x83o\x83z\x83X\x83g\x8C\xAE(known_hosts)\x82̎\xA9\x93\xAE\x8DX\x90V(OpenSSH 6.8 or later: host key rotation support)
//
// return 1: success
@@ -1892,7 +1915,7 @@
blob = buffer_get_string_msg(b, &len);
key = key_from_blob(blob, len);
if (key == NULL) {
- _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Not found key into blob %p (%d)", blob, len);
+ _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Not found host key into blob %p (%d)", blob, len);
notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE);
goto error;
}
@@ -1900,10 +1923,20 @@
blob = NULL;
fp = key_fingerprint(key, SSH_FP_HEX);
- _snprintf_s(msg, sizeof(msg), _TRUNCATE, "SSH2_MSG_GLOBAL_REQUEST: received %s key %s",
+ _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Received %s host key %s",
get_sshname_from_key(key), fp);
notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE);
free(fp);
+
+ // \x8B\x96\x89‚\xB3\x82ꂽ\x83z\x83X\x83g\x83L\x81[\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82\xA9\x82\xF0\x83`\x83F\x83b\x83N\x82\xB7\x82\xE9\x81B
+ if (check_hostkey_algorithm(pvar, key) == 0) {
+ _snprintf_s(msg, sizeof(msg), _TRUNCATE, "%s host key is not permitted by ts.HostKeyOrder",
+ get_sshname_from_key(key));
+ notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE);
+ continue;
+ }
+
+
}
success = 1;
Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c 2015-04-29 16:42:54 UTC (rev 5840)
+++ trunk/ttssh2/ttxssh/ssh.c 2015-04-30 16:27:29 UTC (rev 5841)
@@ -4211,16 +4211,17 @@
char* get_ssh_keytype_name(ssh_keytype type)
{
ssh2_host_key_t *ptr = ssh2_host_key;
- static char buf[32];
+ char *p = "ssh-unknown";
while (ptr->name != NULL) {
if (type == ptr->type) {
- strncpy_s(buf, sizeof(buf), ptr->name, _TRUNCATE);
+ // ssh2_host_key[]\x82̓O\x83\x8D\x81[\x83o\x83\x8B\x95ϐ\x94\x82Ȃ̂ŁA\x82\xBB\x82̂܂ܕԂ\xE8\x92l\x82ɂł\xAB\x82\xE9\x81B
+ p = ptr->name;
break;
}
ptr++;
}
- return buf;
+ return p;
}