summaryrefslogtreecommitdiffstats
path: root/kex.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2020-03-13 05:01:56 +0100
committerDamien Miller <djm@mindrot.org>2020-03-14 09:39:30 +0100
commit5becbec023f2037394987f85ed7f74b9a28699e0 (patch)
treeea7a8e45ac5e4a71d95f5b99e376b51fa3f823ef /kex.c
parentupstream: Don't clear alarm timers in listening sshd. Previously (diff)
downloadopenssh-5becbec023f2037394987f85ed7f74b9a28699e0.tar.xz
openssh-5becbec023f2037394987f85ed7f74b9a28699e0.zip
upstream: use sshpkt_fatal() for kex_exchange_identification()
errors. This ensures that the logged errors are consistent with other transport- layer errors and that the relevant IP addresses are logged. bz3129 ok dtucker@ OpenBSD-Commit-ID: 2c22891f0b9e1a6cd46771cedbb26ac96ec2e6ab
Diffstat (limited to 'kex.c')
-rw-r--r--kex.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/kex.c b/kex.c
index 899036e6e..09c7258e0 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.157 2020/02/26 13:40:09 jsg Exp $ */
+/* $OpenBSD: kex.c,v 1.158 2020/03/13 04:01:56 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@@ -1167,7 +1167,7 @@ int
kex_exchange_identification(struct ssh *ssh, int timeout_ms,
const char *version_addendum)
{
- int remote_major, remote_minor, mismatch;
+ int remote_major, remote_minor, mismatch, oerrno = 0;
size_t len, i, n;
int r, expect_nl;
u_char c;
@@ -1186,6 +1186,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
version_addendum == NULL ? "" : " ",
version_addendum == NULL ? "" : version_addendum)) != 0) {
+ oerrno = errno;
error("%s: sshbuf_putf: %s", __func__, ssh_err(r));
goto out;
}
@@ -1193,11 +1194,13 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
if (atomicio(vwrite, ssh_packet_get_connection_out(ssh),
sshbuf_mutable_ptr(our_version),
sshbuf_len(our_version)) != sshbuf_len(our_version)) {
- error("%s: write: %.100s", __func__, strerror(errno));
+ oerrno = errno;
+ debug("%s: write: %.100s", __func__, strerror(errno));
r = SSH_ERR_SYSTEM_ERROR;
goto out;
}
if ((r = sshbuf_consume_end(our_version, 2)) != 0) { /* trim \r\n */
+ oerrno = errno;
error("%s: sshbuf_consume_end: %s", __func__, ssh_err(r));
goto out;
}
@@ -1233,6 +1236,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
r = SSH_ERR_CONN_TIMEOUT;
goto out;
} else if (r == -1) {
+ oerrno = errno;
error("%s: %s",
__func__, strerror(errno));
r = SSH_ERR_SYSTEM_ERROR;
@@ -1248,6 +1252,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
r = SSH_ERR_CONN_CLOSED;
goto out;
} else if (len != 1) {
+ oerrno = errno;
error("%s: read: %.100s",
__func__, strerror(errno));
r = SSH_ERR_SYSTEM_ERROR;
@@ -1265,6 +1270,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
goto invalid;
}
if ((r = sshbuf_put_u8(peer_version, c)) != 0) {
+ oerrno = errno;
error("%s: sshbuf_put: %s",
__func__, ssh_err(r));
goto out;
@@ -1365,6 +1371,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
free(our_version_string);
free(peer_version_string);
free(remote_version);
+ if (r == SSH_ERR_SYSTEM_ERROR)
+ errno = oerrno;
return r;
}