Skip to content

Commit

Permalink
Merge pull request #121 from norrisjeremy/20220209
Browse files Browse the repository at this point in the history 
Additional 0.2.0 changes
  • Loading branch information
@mwiede
mwiede authored Feb 9, 2022
2 parents 5728801 + 35bd7c1 commit 2268c37
Showing 1 changed file with 38 additions and 41 deletions.
79 changes: 38 additions & 41 deletions src/main/java/com/jcraft/jsch/Session.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1089,7 +1089,7 @@ public Buffer read(Buffer buf) throws Exception{
((tmp[3] )&0x000000ff);
// RFC 4253 6.1. Maximum Packet Length
if(j<5 || j>PACKET_MAX_SIZE){
start_discard(buf, s2ccipher, s2cmac, j, PACKET_MAX_SIZE);
start_discard(buf, s2ccipher, s2cmac, 0, PACKET_MAX_SIZE);
}
j+=s2ccipher.getTagSize();
if((buf.index+j)>buf.buffer.length){
Expand All @@ -1103,7 +1103,7 @@ public Buffer read(Buffer buf) throws Exception{
if(JSch.getLogger().isEnabled(Logger.FATAL)){
JSch.getLogger().log(Logger.FATAL, message);
}
start_discard(buf, s2ccipher, s2cmac, j, PACKET_MAX_SIZE-s2ccipher_size);
start_discard(buf, s2ccipher, s2cmac, 0, PACKET_MAX_SIZE-s2ccipher_size);
}

io.getByte(buf.buffer, buf.index, j);
Expand All @@ -1113,8 +1113,7 @@ public Buffer read(Buffer buf) throws Exception{
s2ccipher.doFinal(buf.buffer, 0, j+4, buf.buffer, 0);
}
catch(AEADBadTagException e){
start_discard(buf, s2ccipher, s2cmac, j, PACKET_MAX_SIZE-j, e);
continue;
throw new JSchException("Packet corrupt", e);
}
// overwrite encrypted packet length field with decrypted version
System.arraycopy(tmp, 0, buf.buffer, 0, 4);
Expand All @@ -1128,7 +1127,7 @@ else if(isAEAD || isEtM){
((buf.buffer[3] )&0x000000ff);
// RFC 4253 6.1. Maximum Packet Length
if(j<5 || j>PACKET_MAX_SIZE){
start_discard(buf, s2ccipher, s2cmac, j, PACKET_MAX_SIZE);
start_discard(buf, s2ccipher, s2cmac, 0, PACKET_MAX_SIZE);
}
if(isAEAD){
j+=s2ccipher.getTagSize();
Expand All @@ -1144,7 +1143,7 @@ else if(isAEAD || isEtM){
if(JSch.getLogger().isEnabled(Logger.FATAL)){
JSch.getLogger().log(Logger.FATAL, message);
}
start_discard(buf, s2ccipher, s2cmac, j, PACKET_MAX_SIZE-s2ccipher_size);
start_discard(buf, s2ccipher, s2cmac, 0, PACKET_MAX_SIZE-s2ccipher_size);
}

io.getByte(buf.buffer, buf.index, j); buf.index+=(j);
Expand All @@ -1155,8 +1154,7 @@ else if(isAEAD || isEtM){
s2ccipher.doFinal(buf.buffer, 4, j, buf.buffer, 4);
}
catch(AEADBadTagException e){
start_discard(buf, s2ccipher, s2cmac, j, PACKET_MAX_SIZE-j, e);
continue;
throw new JSchException("Packet corrupt", e);
}
// don't include AEAD tag size in buf so that decompression works below
buf.index -= s2ccipher.getTagSize();
Expand All @@ -1168,8 +1166,7 @@ else if(isAEAD || isEtM){

io.getByte(s2cmac_result2, 0, s2cmac_result2.length);
if(!Util.arraysequals(s2cmac_result1, s2cmac_result2)){
start_discard(buf, s2ccipher, s2cmac, j, PACKET_MAX_SIZE-j);
continue;
throw new JSchException("Packet corrupt");
}
s2ccipher.update(buf.buffer, 4, j, buf.buffer, 4);
}
Expand All @@ -1186,7 +1183,7 @@ else if(isAEAD || isEtM){
((buf.buffer[3] )&0x000000ff);
// RFC 4253 6.1. Maximum Packet Length
if(j<5 || j>PACKET_MAX_SIZE){
start_discard(buf, s2ccipher, s2cmac, j, PACKET_MAX_SIZE);
start_discard(buf, s2ccipher, s2cmac, 0, PACKET_MAX_SIZE);
}
int need = j+4-s2ccipher_size;
//if(need<0){
Expand All @@ -1203,7 +1200,7 @@ else if(isAEAD || isEtM){
if(JSch.getLogger().isEnabled(Logger.FATAL)){
JSch.getLogger().log(Logger.FATAL, message);
}
start_discard(buf, s2ccipher, s2cmac, j, PACKET_MAX_SIZE-s2ccipher_size);
start_discard(buf, s2ccipher, s2cmac, 0, PACKET_MAX_SIZE-s2ccipher_size);
}

if(need>0){
Expand All @@ -1220,10 +1217,10 @@ else if(isAEAD || isEtM){

io.getByte(s2cmac_result2, 0, s2cmac_result2.length);
if(!Util.arraysequals(s2cmac_result1, s2cmac_result2)){
if(need > PACKET_MAX_SIZE){
if(need+s2ccipher_size > PACKET_MAX_SIZE){
throw new IOException("MAC Error");
}
start_discard(buf, s2ccipher, s2cmac, j, PACKET_MAX_SIZE-need);
start_discard(buf, s2ccipher, s2cmac, buf.index, PACKET_MAX_SIZE-need-s2ccipher_size);
continue;
}
}
Expand Down Expand Up @@ -1365,45 +1362,45 @@ else if(type==UserAuth.SSH_MSG_USERAUTH_SUCCESS){
}

private void start_discard(Buffer buf, Cipher cipher, MAC mac,
int packet_length, int discard) throws JSchException, IOException{
start_discard(buf, cipher, mac, packet_length, discard, null);
}

private void start_discard(Buffer buf, Cipher cipher, MAC mac,
int packet_length, int discard, Throwable t) throws JSchException, IOException{
MAC discard_mac = null;

int mac_already, int discard) throws JSchException{
if(!cipher.isCBC() || (mac != null && mac.isEtM())){
if(t!=null){
throw new JSchException("Packet corrupt", t);
}
throw new JSchException("Packet corrupt");
}

if(packet_length!=PACKET_MAX_SIZE && mac != null){
discard_mac = mac;
if(mac != null){
mac.update(seqi);
mac.update(buf.buffer, 0, mac_already);
}

discard -= buf.index;

while(discard>0){
buf.reset();
int len = discard>buf.buffer.length ? buf.buffer.length : discard;
io.getByte(buf.buffer, 0, len);
if(discard_mac!=null){
discard_mac.update(buf.buffer, 0, len);
IOException ioe=null;
try{
while(discard>0){
buf.reset();
int len = discard>buf.buffer.length ? buf.buffer.length : discard;
io.getByte(buf.buffer, 0, len);
if(mac!=null){
mac.update(buf.buffer, 0, len);
}
discard -= len;
}
}
catch(IOException e){
ioe = e;
if(JSch.getLogger().isEnabled(Logger.ERROR)){
JSch.getLogger().log(Logger.ERROR,
"start_discard finished early due to " + e.getMessage());
}
discard -= len;
}

if(discard_mac!=null){
discard_mac.doFinal(buf.buffer, 0);
if(mac!=null){
mac.doFinal(buf.buffer, 0);
}

if(t!=null){
throw new JSchException("Packet corrupt", t);
JSchException e = new JSchException("Packet corrupt");
if(ioe!=null){
e.addSuppressed(ioe);
}
throw new JSchException("Packet corrupt");
throw e;
}

byte[] getSessionId(){
Expand Down

0 comments on commit 2268c37

Please sign in to comment.