Mail archive
alpine-aports

[alpine-aports] [PATCH v2] testing/tinyssh: fix keepalive not implemented

From: Stuart Cardall <developer_at_it-offshore.co.uk>
Date: Sun, 19 Jul 2015 13:13:34 +0000

this fixes sessions being reset when a keepalive is sent
---
Changes v1 -> v2:
replaces message in docs with a patch to fix
---
 testing/tinyssh/APKBUILD                        | 12 +++-
 testing/tinyssh/keepalive-not-implemented.patch | 84 +++++++++++++++++++++++++
 2 files changed, 93 insertions(+), 3 deletions(-)
 create mode 100644 testing/tinyssh/keepalive-not-implemented.patch
diff --git a/testing/tinyssh/APKBUILD b/testing/tinyssh/APKBUILD
index f994e49..6f704cd 100644
--- a/testing/tinyssh/APKBUILD
+++ b/testing/tinyssh/APKBUILD
_at_@ -13,6 +13,7 @@ subpackages="$pkgname-doc"
 source="$pkgname-$pkgver.tar.bz2::http://mojzis.com/software/$pkgname/$pkgname-$pkgver.tar.bz2
 	$pkgname.initd
 	$pkgname.confd
+	keepalive-not-implemented.patch
 	"
 
 _builddir="$srcdir"/$pkgname-$pkgver
_at_@ -55,15 +56,20 @@ echo '22 stream tcp nowait root /usr/sbin/tinysshd tinysshd -l -v /etc/tinyssh/s
 rc-service inetd start
 
 (3) Using runit with either (1) or (2)
+
+Stealth SSH with FWKNOP: https://it-offshore.co.uk/security/53-stealth-your-ssh-port-ssh-into-lxc-containers
 EOF
 }
 
 md5sums="0e8b4add3fa6c4481e7b8159aca75b2f  tinyssh-20150501.tar.bz2
 78ec724804035bae29e1c47abec737d8  tinyssh.initd
-83e705f0f71db5ae0d8530edafa63497  tinyssh.confd"
+83e705f0f71db5ae0d8530edafa63497  tinyssh.confd
+42cf023926c2b9472fa3d98a6f626db8  keepalive-not-implemented.patch"
 sha256sums="ccaee75ee04252c7e7db1e06e74e4c55b53911c310a0dc5e1288c0feb73a1470  tinyssh-20150501.tar.bz2
 b3584c463f6ba0de6a5fe2e28fb98cd8ef65a55f17a0f4c877f61f54019ef34c  tinyssh.initd
-c6c67395e7230d75077734f0b08d5f8c76f11aaef27878b013b7bd68dd7ba774  tinyssh.confd"
+c6c67395e7230d75077734f0b08d5f8c76f11aaef27878b013b7bd68dd7ba774  tinyssh.confd
+96ce731b29f76cba82047512a0c751370987fd51ff08d5bf124f10342f213251  keepalive-not-implemented.patch"
 sha512sums="780e4aa87fc5afbd0818f1c815c0e95a9ec5b096efedbc49d54492195725bbdf3fe860cc4b84a5e9b15b9b568fd0398e48601da3af22b3dfd64e4214d4797fbe  tinyssh-20150501.tar.bz2
 d10f995c6687e706453e51d06b3466427d476036efdbd86db2f9330281e46049bf2e3698208524b3f70cdbd30373f5bf46c7164dd626d22b3fa9a75ca5d8d478  tinyssh.initd
-4513bd0d43ef0825fbd77365a8a7adefcd99211102df76003becf7e3a09a47ad9bbd16a68c3fadfb7868e0562f8d42a26106b7582cb70490a7e52a7d1e6110e9  tinyssh.confd"
+4513bd0d43ef0825fbd77365a8a7adefcd99211102df76003becf7e3a09a47ad9bbd16a68c3fadfb7868e0562f8d42a26106b7582cb70490a7e52a7d1e6110e9  tinyssh.confd
+9511d09d8a62e673e3e6b2ae9fc55e5b6ca7c33485c1834b4f53a1f06d84d34619a7f620c9862fb059d8a0d24a79d4172bd355185ceff5ac8acb381350e41d2e  keepalive-not-implemented.patch"
diff --git a/testing/tinyssh/keepalive-not-implemented.patch b/testing/tinyssh/keepalive-not-implemented.patch
new file mode 100644
index 0000000..19c21c1
--- /dev/null
+++ b/testing/tinyssh/keepalive-not-implemented.patch
_at_@ -0,0 +1,84 @@
+diff --git a/tinyssh-tests/packet_uinmplementedtest.c b/tinyssh-tests/packet_uinmplementedtest.c
+new file mode 120000
+index 0000000..c1c5f9b
+--- /dev/null
++++ b/tinyssh-tests/packet_uinmplementedtest.c
+_at_@ -0,0 +1 @@
++emptytest.c
+\ No newline at end of file
+diff --git a/tinyssh/LIBS b/tinyssh/LIBS
+index 7f1bcf5..9c1f27a 100644
+--- a/tinyssh/LIBS
++++ b/tinyssh/LIBS
+_at_@ -36,6 +36,7 @@ packetparser.o
+ packet_put.o
+ packet_recv.o
+ packet_send.o
++packet_uinmplemented.o
+ porttostr.o
+ randommod.o
+ readall.o
+diff --git a/tinyssh/SOURCES b/tinyssh/SOURCES
+index be77a5f..613535d 100644
+--- a/tinyssh/SOURCES
++++ b/tinyssh/SOURCES
+_at_@ -36,6 +36,7 @@ packetparser
+ packet_put
+ packet_recv
+ packet_send
++packet_uinmplemented
+ porttostr
+ randommod
+ readall
+diff --git a/tinyssh/packet.h b/tinyssh/packet.h
+index 891ede8..b2cba92 100644
+--- a/tinyssh/packet.h
++++ b/tinyssh/packet.h
+_at_@ -127,4 +127,7 @@ extern int packet_channel_send_windowadjust(struct buf *);
+ extern void packet_channel_send_eof(struct buf *);
+ extern int packet_channel_send_close(struct buf *, int, int);
+ 
++/* packet_uinmplemented.c */
++extern int packet_uinmplemented(struct buf *);
++
+ #endif
+diff --git a/tinyssh/packet_uinmplemented.c b/tinyssh/packet_uinmplemented.c
+new file mode 100644
+index 0000000..1ca82d6
+--- /dev/null
++++ b/tinyssh/packet_uinmplemented.c
+_at_@ -0,0 +1,18 @@
++/*
++20150719
++Jan Mojzis
++Public domain.
++*/
++
++#include "buf.h"
++#include "ssh.h"
++#include "packet.h"
++
++int packet_uinmplemented(struct buf *b) {
++
++    buf_purge(b);
++    buf_putnum8(b, SSH_MSG_UNIMPLEMENTED);       /* SSH_MSG_UNIMPLEMENTED */
++    buf_putnum32(b, packet.receivepacketid);     /* packeid */
++    packet_put(b);
++    return packet_sendall();
++}
+diff --git a/tinyssh/tinysshd.c b/tinyssh/tinysshd.c
+index ba44584..78677f5 100644
+--- a/tinyssh/tinysshd.c
++++ b/tinyssh/tinysshd.c
+_at_@ -300,8 +300,8 @@ int main(int argc, char **argv) {
+                 case SSH_MSG_KEXINIT:
+                     goto rekeying;
+                 default:
+-                    die_fatal("unknown message type", 0, 0);
+-                    /* XXX TODO - send SSH_MSG_UNIMPLEMENTED */
++                    log_d1("unknown packet - sending SSH_MSG_UNIMPLEMENTED message");
++                    if (!packet_uinmplemented(&b1)) die_fatal("unable to send SSH_MSG_UNIMPLEMENTED message", 0, 0);
+             }
+         }
+     }
+
-- 
2.4.6
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Sun Jul 19 2015 - 13:13:34 GMT