Sākums Izpētīt Palīdzība
Pierakstīties
HSD
/
putty
spogulis no https://git.tartarus.org/simon/putty.git
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 0
Faili
Koks: 79ff0d086a
Atzari Tagi
putty
/
ssh
/
censor1.c

censor1.c 2.5 KB
Vēsture Neapstrādāts

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. /*
    2. 

  2.  * Packet-censoring code for SSH-1, used to identify sensitive fields
    3. 

  3.  * like passwords so that the logging system can avoid writing them
    4. 

  4.  * into log files.
    5. 

  5.  */
    6. 

  6. 

  7. #include <assert.h>
    8. 

  8. 

  9. #include "putty.h"
    10. 

  10. #include "ssh.h"
    11. 

  11. 

  12. int ssh1_censor_packet(
    13. 

  13.     const PacketLogSettings *pls, int type, bool sender_is_client,
    14. 

  14.     ptrlen pkt, logblank_t *blanks)
    15. 

  15. {
    16. 

  16.     int nblanks = 0;
    17. 

  17.     ptrlen str;
    18. 

  18.     BinarySource src[1];
    19. 

  19. 

  20.     BinarySource_BARE_INIT_PL(src, pkt);
    21. 

  21. 

  22.     if (pls->omit_data &&
    23. 

  23.         (type == SSH1_SMSG_STDOUT_DATA ||
    24. 

  24.          type == SSH1_SMSG_STDERR_DATA ||
    25. 

  25.          type == SSH1_CMSG_STDIN_DATA ||
    26. 

  26.          type == SSH1_MSG_CHANNEL_DATA)) {
    27. 

  27.         /* "Session data" packets - omit the data string. */
    28. 

  28.         if (type == SSH1_MSG_CHANNEL_DATA)
    29. 

  29.             get_uint32(src);           /* skip channel id */
    30. 

  30.         str = get_string(src);
    31. 

  31.         if (!get_err(src)) {
    32. 

  32.             assert(nblanks < MAX_BLANKS);
    33. 

  33.             blanks[nblanks].offset = src->pos - str.len;
    34. 

  34.             blanks[nblanks].type = PKTLOG_OMIT;
    35. 

  35.             blanks[nblanks].len = str.len;
    36. 

  36.             nblanks++;
    37. 

  37.         }
    38. 

  38.     }
    39. 

  39. 

  40.     if (sender_is_client && pls->omit_passwords) {
    41. 

  41.         if (type == SSH1_CMSG_AUTH_PASSWORD ||
    42. 

  42.             type == SSH1_CMSG_AUTH_TIS_RESPONSE ||
    43. 

  43.             type == SSH1_CMSG_AUTH_CCARD_RESPONSE) {
    44. 

  44.             /* If this is a password or similar packet, blank the
    45. 

  45.              * password(s). */
    46. 

  46.             assert(nblanks < MAX_BLANKS);
    47. 

  47.             blanks[nblanks].offset = 0;
    48. 

  48.             blanks[nblanks].len = pkt.len;
    49. 

  49.             blanks[nblanks].type = PKTLOG_BLANK;
    50. 

  50.             nblanks++;
    51. 

  51.         } else if (type == SSH1_CMSG_X11_REQUEST_FORWARDING) {
    52. 

  52.             /*
    53. 

  53.              * If this is an X forwarding request packet, blank the
    54. 

  54.              * fake auth data.
    55. 

  55.              *
    56. 

  56.              * Note that while we blank the X authentication data
    57. 

  57.              * here, we don't take any special action to blank the
    58. 

  58.              * start of an X11 channel, so using MIT-MAGIC-COOKIE-1
    59. 

  59.              * and actually opening an X connection without having
    60. 

  60.              * session blanking enabled is likely to leak your cookie
    61. 

  61.              * into the log.
    62. 

  62.              */
    63. 

  63.             get_string(src);              /* skip protocol name */
    64. 

  64.             str = get_string(src);
    65. 

  65.             if (!get_err(src)) {
    66. 

  66.                 assert(nblanks < MAX_BLANKS);
    67. 

  67.                 blanks[nblanks].offset = src->pos - str.len;
    68. 

  68.                 blanks[nblanks].type = PKTLOG_BLANK;
    69. 

  69.                 blanks[nblanks].len = str.len;
    70. 

  70.                 nblanks++;
    71. 

  71.             }
    72. 

  72.         }
    73. 

  73.     }
    74. 

  74. 

  75.     return nblanks;
    76. 

  76. }
    77. 

  77.