diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2016-10-11 21:47:46 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2016-10-11 21:47:46 +0000 |
| commit | 8a89f1f8e3ae6db655c8367f2341044156219df2 (patch) | |
| tree | 9077017bc8e9b33f0e5d227e53c350a57c99e372 | |
| parent | a8d167f9a0a700e57d78e90ada368ddee1a8d689 (diff) | |
Add a per-packet input hook that is called with the decrypted packet
contents. This will be used for fuzzing; ok markus@
| -rw-r--r-- | usr.bin/ssh/packet.c | 17 | ||||
| -rw-r--r-- | usr.bin/ssh/packet.h | 7 |
2 files changed, 22 insertions, 2 deletions
diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index 587b0b9f4cc..9007fb87b97 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.242 2016/09/30 09:19:13 markus Exp $ */ +/* $OpenBSD: packet.c,v 1.243 2016/10/11 21:47:45 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -213,6 +213,10 @@ struct session_state { /* SSH1 CRC compensation attack detector */ struct deattack_ctx deattack; + /* Hook for fuzzing inbound packets */ + ssh_packet_hook_fn *hook_in; + void *hook_in_ctx; + TAILQ_HEAD(, packet) outgoing; }; @@ -257,6 +261,13 @@ ssh_alloc_session_state(void) return NULL; } +void +ssh_packet_set_input_hook(struct ssh *ssh, ssh_packet_hook_fn *hook, void *ctx) +{ + ssh->state->hook_in = hook; + ssh->state->hook_in_ctx = ctx; +} + /* Returns nonzero if rekeying is in progress */ int ssh_packet_is_rekeying(struct ssh *ssh) @@ -1872,6 +1883,10 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) return r; return SSH_ERR_PROTOCOL_ERROR; } + if (state->hook_in != NULL && + (r = state->hook_in(ssh, state->incoming_packet, typep, + state->hook_in_ctx)) != 0) + return r; if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side) r = ssh_packet_enable_delayed_compress(ssh); else diff --git a/usr.bin/ssh/packet.h b/usr.bin/ssh/packet.h index 34b4a8e2efc..7fd4d1e4875 100644 --- a/usr.bin/ssh/packet.h +++ b/usr.bin/ssh/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.73 2016/09/30 09:19:13 markus Exp $ */ +/* $OpenBSD: packet.h,v 1.74 2016/10/11 21:47:45 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -64,6 +64,9 @@ struct ssh { void *app_data; }; +typedef int (ssh_packet_hook_fn)(struct ssh *, struct sshbuf *, + u_char *, void *); + struct ssh *ssh_alloc_session_state(void); struct ssh *ssh_packet_set_connection(struct ssh *, int, int); void ssh_packet_set_timeout(struct ssh *, int, int); @@ -74,6 +77,8 @@ int ssh_packet_get_connection_in(struct ssh *); int ssh_packet_get_connection_out(struct ssh *); void ssh_packet_close(struct ssh *); void ssh_packet_set_encryption_key(struct ssh *, const u_char *, u_int, int); +void ssh_packet_set_input_hook(struct ssh *, ssh_packet_hook_fn *, void *); + int ssh_packet_is_rekeying(struct ssh *); void ssh_packet_set_protocol_flags(struct ssh *, u_int); u_int ssh_packet_get_protocol_flags(struct ssh *); |