From e9264973ad26e4ee2acebf01126e28a712cca2a8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 30 Sep 2002 11:59:21 +1000 Subject: [PATCH] - (djm) OpenBSD CVS Sync - mickey@cvs.openbsd.org 2002/09/27 10:42:09 [compat.c compat.h sshd.c] add a generic match for a prober, such as sie big brother; idea from stevesk@; markus@ ok --- ChangeLog | 10 ++++++++-- compat.c | 4 +++- compat.h | 3 ++- sshd.c | 8 +++++++- 4 files changed, 20 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index efb44797a..d8adacccb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ 20020930 - - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs, tweak README + - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs, + tweak README + - (djm) OpenBSD CVS Sync + - mickey@cvs.openbsd.org 2002/09/27 10:42:09 + [compat.c compat.h sshd.c] + add a generic match for a prober, such as sie big brother; + idea from stevesk@; markus@ ok 20020927 - (djm) OpenBSD CVS Sync @@ -737,4 +743,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2486 2002/09/30 00:40:39 djm Exp $ +$Id: ChangeLog,v 1.2487 2002/09/30 01:59:21 djm Exp $ diff --git a/compat.c b/compat.c index e49aa0d2a..757b0e679 100644 --- a/compat.c +++ b/compat.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.64 2002/09/19 14:53:14 stevesk Exp $"); +RCSID("$OpenBSD: compat.c,v 1.65 2002/09/27 10:42:09 mickey Exp $"); #include "buffer.h" #include "packet.h" @@ -146,6 +146,8 @@ compat_datafellows(const char *version) "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD }, { "*SSH_Version_Mapper*", SSH_BUG_SCANNER }, + { "Probe-*", + SSH_BUG_PROBE }, { NULL, 0 } }; diff --git a/compat.h b/compat.h index 7afca0460..9299805af 100644 --- a/compat.h +++ b/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.32 2002/04/10 08:21:47 markus Exp $ */ +/* $OpenBSD: compat.h,v 1.33 2002/09/27 10:42:09 mickey Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -54,6 +54,7 @@ #define SSH_BUG_DUMMYCHAN 0x00100000 #define SSH_BUG_EXTEOF 0x00200000 #define SSH_BUG_K5USER 0x00400000 +#define SSH_BUG_PROBE 0x00800000 void enable_compat13(void); void enable_compat20(void); diff --git a/sshd.c b/sshd.c index 986c71273..f8bd7ce54 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.259 2002/09/25 15:19:02 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.260 2002/09/27 10:42:09 mickey Exp $"); #include #include @@ -424,6 +424,12 @@ sshd_exchange_identification(int sock_in, int sock_out) compat_datafellows(remote_version); + if (datafellows & SSH_BUG_PROBE) { + log("probed from %s with %s. Don't panic.", + get_remote_ipaddr(), client_version_string); + fatal_cleanup(); + } + if (datafellows & SSH_BUG_SCANNER) { log("scanned from %s with %s. Don't panic.", get_remote_ipaddr(), client_version_string);