Fix clients getting 'Bad packet length' and 'Disconnecting: Packet corrupt'

when the NONECIPHER option is selected but not the HPN option.  The server
banner was improperly sending a NULL byte after the newline causing confusion
on the client.  This was an error in my own modifications to the HPN patch
in r383231.

This may have occurred with stale builds as well, such as running
'make configure' then 'portsnap update' and then 'make build'.

Pointyhat to:	bdrewery
Reported by:	many
PR:		199352
This commit is contained in:
Bryan Drewery 2015-05-06 18:39:41 +00:00
parent 713866b20c
commit 0e8dd5854c
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=385541
2 changed files with 11 additions and 8 deletions

View file

@ -3,7 +3,7 @@
PORTNAME= openssh PORTNAME= openssh
DISTVERSION= 6.8p1 DISTVERSION= 6.8p1
PORTREVISION= 5 PORTREVISION= 6
PORTEPOCH= 1 PORTEPOCH= 1
CATEGORIES= security ipv6 CATEGORIES= security ipv6
MASTER_SITES= ${MASTER_SITE_OPENBSD} MASTER_SITES= ${MASTER_SITE_OPENBSD}

View file

@ -1200,9 +1200,10 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
debug("Authentication succeeded (%s).", authctxt.method->name); debug("Authentication succeeded (%s).", authctxt.method->name);
} }
--- work.clean/openssh-6.8p1/sshd.c 2015-04-01 22:07:18.190233000 -0500 --- work.clean/openssh-6.8p1/sshd.c.orig 2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/sshd.c 2015-04-03 17:17:03.227774000 -0500 +++ work/openssh-6.8p1/sshd.c 2015-05-06 13:29:02.129507000 -0500
@@ -439,7 +439,10 @@ @@ -430,8 +430,13 @@ sshd_exchange_identification(int sock_in
minor = PROTOCOL_MINOR_1;
} }
- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", - xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
@ -1210,11 +1211,13 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
major, minor, SSH_VERSION, major, minor, SSH_VERSION,
+#ifdef HPN_ENABLED +#ifdef HPN_ENABLED
+ options.hpn_disabled ? "" : SSH_HPN, + options.hpn_disabled ? "" : SSH_HPN,
+#else
+ "",
+#endif +#endif
*options.version_addendum == '\0' ? "" : " ", *options.version_addendum == '\0' ? "" : " ",
options.version_addendum, newline); options.version_addendum, newline);
@@ -1157,6 +1160,10 @@ @@ -1149,6 +1154,10 @@ server_listen(void)
int ret, listen_sock, on = 1; int ret, listen_sock, on = 1;
struct addrinfo *ai; struct addrinfo *ai;
char ntop[NI_MAXHOST], strport[NI_MAXSERV]; char ntop[NI_MAXHOST], strport[NI_MAXSERV];
@ -1225,7 +1228,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
for (ai = options.listen_addrs; ai; ai = ai->ai_next) { for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
@@ -1197,6 +1204,13 @@ @@ -1189,6 +1198,13 @@ server_listen(void)
debug("Bind to port %s on %s.", strport, ntop); debug("Bind to port %s on %s.", strport, ntop);
@ -1239,7 +1242,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
/* Bind the socket to the desired port. */ /* Bind the socket to the desired port. */
if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
error("Bind to port %s on %s failed: %.200s.", error("Bind to port %s on %s failed: %.200s.",
@@ -2167,6 +2181,11 @@ @@ -2132,6 +2148,11 @@ main(int ac, char **av)
remote_ip, remote_port, remote_ip, remote_port,
get_local_ipaddr(sock_in), get_local_port()); get_local_ipaddr(sock_in), get_local_port());
@ -1251,7 +1254,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
/* /*
* We don't want to listen forever unless the other side * We don't want to listen forever unless the other side
* successfully authenticates itself. So we set up an alarm which is * successfully authenticates itself. So we set up an alarm which is
@@ -2566,6 +2585,12 @@ @@ -2531,6 +2552,12 @@ do_ssh2_kex(void)
if (options.ciphers != NULL) { if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;