'[ProFTPD-committers] CVS: proftpd/contrib/mod_sftp kex.c, 1.9,'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       proftpd-committers
Subject:    [ProFTPD-committers] CVS: proftpd/contrib/mod_sftp kex.c, 1.9,
From:       "TJ Saunders" <castaglia () users ! sourceforge ! net>
Date:       2009-08-25 5:07:17
Message-ID: E1MfoFZ-0001Ve-3r () ddv4jf1 ! ch3 ! sourceforge ! com
[Download RAW message or body]

Update of /cvsroot/proftp/proftpd/contrib/mod_sftp
In directory ddv4jf1.ch3.sourceforge.com:/tmp/cvs-serv5724/contrib/mod_sftp

Modified Files:
	kex.c mod_sftp.c tap.c tap.h 
Log Message:

Protect against the Rogaway CBC mode attack (see RFC4251, Section 9.3.1) by
sending IGNORE messages before every outgoing message if a CBC mode cipher
is chosen for server-to-client messages.


Index: kex.c
===================================================================
RCS file: /cvsroot/proftp/proftpd/contrib/mod_sftp/kex.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- kex.c	4 Jul 2009 00:34:08 -0000	1.9
+++ kex.c	25 Aug 2009 05:07:14 -0000	1.10
@@ -37,6 +37,7 @@
 #include "crypto.h"
 #include "disconnect.h"
 #include "interop.h"
+#include "tap.h"
 
 #define SFTP_DH_PRIV_KEY_RANDOM_BITS	2048
 
@@ -1818,6 +1819,22 @@
 
   sftp_ssh2_packet_rekey_reset();
   kex_rekey_kex = NULL;
+
+  /* If any CBC mode ciphers have been negotiated for the server-to-client
+   * stream, then we need to use the 'cbc-mode' TAP policy.
+   */
+  k = sftp_cipher_get_write_algo();
+  if (strncmp(k + strlen(k) - 4, "-cbc", 4) == 0) {
+    const char *policy = "cbc-mode";
+
+    pr_trace_msg("ssh2", 4, "CBC mode cipher chosen for server-to-client "
+      "messages, automatically enabling '%s' TAP policy", policy);
+
+    if (sftp_tap_set_policy(policy) < 0) {
+      (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
+        "error setting TrafficPolicy '%s': %s", policy, strerror(errno));
+    }
+  }
  
   return 0;
 }

Index: mod_sftp.c
===================================================================
RCS file: /cvsroot/proftp/proftpd/contrib/mod_sftp/mod_sftp.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- mod_sftp.c	3 Jul 2009 23:02:09 -0000	1.14
+++ mod_sftp.c	25 Aug 2009 05:07:14 -0000	1.15
@@ -1405,7 +1405,15 @@
    */
   c = find_config(main_server->conf, CONF_PARAM, "SFTPTrafficPolicy", FALSE);
   if (c) {
-    sftp_tap_set_policy(c->argv[0]);
+    const char *policy = c->argv[0];
+
+    if (sftp_tap_set_policy(policy) < 0) {
+      (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
+        "error setting TrafficPolicy '%s': %s", policy, strerror(errno));
+
+    } else {
+      pr_trace_msg("ssh2", 9, "using TAP policy '%s'", policy);
+    }
   }
 
   /* Use our own "authenticated yet?" check. */

Index: tap.c
===================================================================
RCS file: /cvsroot/proftp/proftpd/contrib/mod_sftp/tap.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- tap.c	13 Feb 2009 23:41:19 -0000	1.2
+++ tap.c	25 Aug 2009 05:07:14 -0000	1.3
@@ -57,6 +57,7 @@
   { "medium",	100,	0,	32,	768,	5,	10,	60 },
   { "high",	10,	0,	16,	2048,	1,	5,	15 },
   { "paranoid",	1,	0,	0,	0,	1,	1,	5 },
+  { "cbc-mode", 1,	0,	64,	256,	0,	0,	0 },
   { NULL,	0,	0,	0,	0,	0,	0,	0 }
 };
 
@@ -245,6 +246,11 @@
 
   if (tap_pool) {
     destroy_pool(tap_pool);
+
+    if (tap_timerno > 0) {
+      pr_timer_remove(tap_timerno, &sftp_module);
+      tap_timerno = -1;
+    }
   }
 
   tap_pool = make_sub_pool(sftp_pool);

Index: tap.h
===================================================================
RCS file: /cvsroot/proftp/proftpd/contrib/mod_sftp/tap.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- tap.h	13 Feb 2009 23:41:19 -0000	1.2
+++ tap.h	25 Aug 2009 05:07:14 -0000	1.3
@@ -31,7 +31,7 @@
 
 int sftp_tap_have_policy(const char *);
 
-/* May sends an SSH2_MSG_IGNORE packet of random length, filled with random
+/* May send an SSH2_MSG_IGNORE packet of random length, filled with random
  * data to the client, depending on the selected policy.  These messages can
  * be injected into the SSH session in order to make traffic analysis harder.
  * Returns -1 if there was an error while sending the packet.
@@ -55,6 +55,13 @@
  *           16 to 2048 bytes of random data.
  *
  *  "paranoid" - always send SSH2_MSG_IGNORE packets, of lengths up to 8KB.
+ *
+ * Note that there is an additional TAP policy called 'cbc-mode'.  This
+ * policy is automatically used if the negotiated server-to-client cipher
+ * is any of the CBC ciphers.  The purpose of the 'cbc-mode' TAP policy is
+ * to implement the mitigation of the Rogaway CBC mode attack (see RFC4251,
+ * Section 9.3.1) via the use of IGNORE packets.  The use of the 'cbc-mode'
+ * policy is hardcoded, and will override any configured TAP policy.
  */
 int sftp_tap_set_policy(const char *);
 


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
ProFTPD Committers Mailing List
proftpd-committers@proftpd.org
https://lists.sourceforge.net/lists/listinfo/proftp-committers
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic