lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-29 01:03:57 +03:00
Code Activity

Soften behaviour of the Compression=no/yes option

Browse Source 
Currently Compression=no (the default) force-disables zlib algos, while
Compression=yes force-enables it. This means that mismatching options between
client and server lead to connection failure. This can easily happen if the
server has default settings but the client specifies Compression=yes.

OpenSSH treats the option as a "prefer compression" setting:
Compression=no  -> none,zlib@openssh.com,zlib (default)
Compression=yes -> zlib@openssh.com,zlib,none

This commit changes the libssh behaviour to the same as OpenSSH.

Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Fabian Vogt
2021-12-23 12:34:00 +01:00
committed by Jakub Jelen
parent 6f634af4fb
commit 14991ad071
4 changed files with 38 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/kex.c
View File

@@ -88,7 +88,7 @@
#endif /* HAVE_LIBCRYPTO */ #endif /* HAVE_LIBCRYPTO */
#ifdef WITH_ZLIB #ifdef WITH_ZLIB
#define ZLIB "none,zlib,zlib@openssh.com" #define ZLIB "none,zlib@openssh.com,zlib"
#else #else
#define ZLIB "none" #define ZLIB "none"
#endif #endif
@@ -229,8 +229,8 @@ static const char *default_methods[] = {
CHACHA20 AES, CHACHA20 AES,
"hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512", "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512",
"hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512", "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512",
"none", ZLIB,
"none", ZLIB,
"", "",
"", "",
NULL NULL

8
src/options.c
View File

@@ -844,10 +844,10 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
return -1; return -1;
} else { } else {
if (strcasecmp(value,"yes")==0){ if (strcasecmp(value,"yes")==0){
if(ssh_options_set_algo(session,SSH_COMP_C_S,"zlib@openssh.com,zlib") < 0) if(ssh_options_set_algo(session,SSH_COMP_C_S,"zlib@openssh.com,zlib,none") < 0)
return -1; return -1;
} else if (strcasecmp(value,"no")==0){ } else if (strcasecmp(value,"no")==0){
if(ssh_options_set_algo(session,SSH_COMP_C_S,"none") < 0) if(ssh_options_set_algo(session,SSH_COMP_C_S,"none,zlib@openssh.com,zlib") < 0)
return -1; return -1;
} else { } else {
if (ssh_options_set_algo(session, SSH_COMP_C_S, v) < 0) if (ssh_options_set_algo(session, SSH_COMP_C_S, v) < 0)
@@ -862,10 +862,10 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
return -1; return -1;
} else { } else {
if (strcasecmp(value,"yes")==0){ if (strcasecmp(value,"yes")==0){
if(ssh_options_set_algo(session,SSH_COMP_S_C,"zlib@openssh.com,zlib") < 0) if(ssh_options_set_algo(session,SSH_COMP_S_C,"zlib@openssh.com,zlib,none") < 0)
return -1; return -1;
} else if (strcasecmp(value,"no")==0){ } else if (strcasecmp(value,"no")==0){
if(ssh_options_set_algo(session,SSH_COMP_S_C,"none") < 0) if(ssh_options_set_algo(session,SSH_COMP_S_C,"none,zlib@openssh.com,zlib") < 0)
return -1; return -1;
} else { } else {
if (ssh_options_set_algo(session, SSH_COMP_S_C, v) < 0) if (ssh_options_set_algo(session, SSH_COMP_S_C, v) < 0)

10
tests/unittests/torture_config.c
View File

@@ -507,12 +507,14 @@ static void torture_config_new(void ** state,
assert_string_equal(session->opts.bindaddr, BIND_ADDRESS); assert_string_equal(session->opts.bindaddr, BIND_ADDRESS);
#ifdef WITH_ZLIB #ifdef WITH_ZLIB
assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S], assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
"zlib@openssh.com,zlib"); "zlib@openssh.com,zlib,none");
assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C], assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
"zlib@openssh.com,zlib"); "zlib@openssh.com,zlib,none");
#else #else
assert_null(session->opts.wanted_methods[SSH_COMP_C_S]); assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
assert_null(session->opts.wanted_methods[SSH_COMP_S_C]); "none");
assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
"none");
#endif /* WITH_ZLIB */ #endif /* WITH_ZLIB */
assert_int_equal(session->opts.StrictHostKeyChecking, 0); assert_int_equal(session->opts.StrictHostKeyChecking, 0);
assert_int_equal(session->opts.gss_delegate_creds, 1); assert_int_equal(session->opts.gss_delegate_creds, 1);

29
tests/unittests/torture_options.c
View File

@@ -950,10 +950,17 @@ static void torture_options_getopt(void **state)
assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_S_C], assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_S_C],
"aes128-ctr"); "aes128-ctr");
assert_string_equal(session->opts.identity->root->data, "id_rsa"); assert_string_equal(session->opts.identity->root->data, "id_rsa");
#ifdef WITH_ZLIB
assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S], assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
"zlib@openssh.com,zlib"); "zlib@openssh.com,zlib,none");
assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C], assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
"zlib@openssh.com,zlib"); "zlib@openssh.com,zlib,none");
#else
assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
"none");
assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
"none");
#endif
/* -1 and -2 are noop */ /* -1 and -2 are noop */
@@ -1024,19 +1031,33 @@ static void torture_options_getopt(void **state)
argc = 2; argc = 2;
rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION, "no"); rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION, "no");
assert_ssh_return_code(session, rc); assert_ssh_return_code(session, rc);
#ifdef WITH_ZLIB
assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
"none,zlib@openssh.com,zlib");
assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
"none,zlib@openssh.com,zlib");
#else
assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S], assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
"none"); "none");
assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C], assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
"none"); "none");
#endif
rc = ssh_options_getopt(session, &argc, (char **)argv); rc = ssh_options_getopt(session, &argc, (char **)argv);
assert_ssh_return_code(session, rc); assert_ssh_return_code(session, rc);
assert_int_equal(argc, 1); assert_int_equal(argc, 1);
assert_string_equal(argv[0], EXECUTABLE_NAME); assert_string_equal(argv[0], EXECUTABLE_NAME);
#ifdef WITH_ZLIB
assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S], assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
"zlib@openssh.com,zlib"); "zlib@openssh.com,zlib,none");
assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C], assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
"zlib@openssh.com,zlib"); "zlib@openssh.com,zlib,none");
#else
assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
"none");
assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
"none");
#endif
/* Corner case: only hostname is not parsed */ /* Corner case: only hostname is not parsed */
argv[1] = "example.com"; argv[1] = "example.com";