mirror of
https://github.com/phpseclib/phpseclib.git
synced 2024-12-31 21:21:55 +00:00
Merge remote-tracking branch 'upstream/master'
This commit is contained in:
commit
137b5dae42
@ -14,7 +14,7 @@ env:
|
|||||||
before_install: true
|
before_install: true
|
||||||
|
|
||||||
install:
|
install:
|
||||||
- wget http://ftp.gnu.org/gnu/parallel/parallel-20120522.tar.bz2
|
- wget http://ftp.gnu.org/gnu/parallel/parallel-20170822.tar.bz2
|
||||||
- tar -xvjf parallel*
|
- tar -xvjf parallel*
|
||||||
- cd parallel*
|
- cd parallel*
|
||||||
- ./configure
|
- ./configure
|
||||||
|
@ -8,6 +8,7 @@ AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509
|
|||||||
|
|
||||||
* [Browse Git](https://github.com/phpseclib/phpseclib)
|
* [Browse Git](https://github.com/phpseclib/phpseclib)
|
||||||
* [Code Coverage Report](https://coverage.phpseclib.org/master/latest/)
|
* [Code Coverage Report](https://coverage.phpseclib.org/master/latest/)
|
||||||
|
* Support phpseclib development by [![Becoming a patron](https://img.shields.io/badge/become-patron-brightgreen.svg)](https://www.patreon.com/phpseclib)
|
||||||
|
|
||||||
## Documentation
|
## Documentation
|
||||||
|
|
||||||
|
@ -51,9 +51,9 @@
|
|||||||
}
|
}
|
||||||
],
|
],
|
||||||
"require": {
|
"require": {
|
||||||
"paragonie/constant_time_encoding": "^1|^2",
|
"paragonie/constant_time_encoding": "^1",
|
||||||
"paragonie/random_compat": "^1.4|^2.0",
|
"paragonie/random_compat": "^1.4|^2.0",
|
||||||
"php": ">=7.0"
|
"php": ">=5.6"
|
||||||
},
|
},
|
||||||
"require-dev": {
|
"require-dev": {
|
||||||
"phing/phing": "~2.7",
|
"phing/phing": "~2.7",
|
||||||
|
@ -27,6 +27,8 @@ use ParagonIE\ConstantTime\Base64;
|
|||||||
use phpseclib\File\ASN1\Element;
|
use phpseclib\File\ASN1\Element;
|
||||||
use phpseclib\Math\BigInteger;
|
use phpseclib\Math\BigInteger;
|
||||||
use phpseclib\Common\Functions\Strings;
|
use phpseclib\Common\Functions\Strings;
|
||||||
|
use DateTime;
|
||||||
|
use DateTimeZone;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pure-PHP ASN.1 Parser
|
* Pure-PHP ASN.1 Parser
|
||||||
@ -739,7 +741,7 @@ abstract class ASN1
|
|||||||
if (isset($mapping['implicit'])) {
|
if (isset($mapping['implicit'])) {
|
||||||
$decoded['content'] = self::decodeTime($decoded['content'], $decoded['type']);
|
$decoded['content'] = self::decodeTime($decoded['content'], $decoded['type']);
|
||||||
}
|
}
|
||||||
return @date(self::$format, $decoded['content']);
|
return $decoded['content'] ? $decoded['content']->format(self::$format) : false;
|
||||||
case self::TYPE_BIT_STRING:
|
case self::TYPE_BIT_STRING:
|
||||||
if (isset($mapping['mapping'])) {
|
if (isset($mapping['mapping'])) {
|
||||||
$offset = ord($decoded['content'][0]);
|
$offset = ord($decoded['content'][0]);
|
||||||
@ -989,7 +991,8 @@ abstract class ASN1
|
|||||||
case self::TYPE_GENERALIZED_TIME:
|
case self::TYPE_GENERALIZED_TIME:
|
||||||
$format = $mapping['type'] == self::TYPE_UTC_TIME ? 'y' : 'Y';
|
$format = $mapping['type'] == self::TYPE_UTC_TIME ? 'y' : 'Y';
|
||||||
$format.= 'mdHis';
|
$format.= 'mdHis';
|
||||||
$value = @gmdate($format, strtotime($source)) . 'Z';
|
$date = new DateTime($source, new DateTimeZone('GMT'));
|
||||||
|
$value = $date->format($format) . 'Z';
|
||||||
break;
|
break;
|
||||||
case self::TYPE_BIT_STRING:
|
case self::TYPE_BIT_STRING:
|
||||||
if (isset($mapping['mapping'])) {
|
if (isset($mapping['mapping'])) {
|
||||||
@ -1151,33 +1154,32 @@ abstract class ASN1
|
|||||||
http://tools.ietf.org/html/rfc5280#section-4.1.2.5.2
|
http://tools.ietf.org/html/rfc5280#section-4.1.2.5.2
|
||||||
http://www.obj-sys.com/asn1tutorial/node14.html */
|
http://www.obj-sys.com/asn1tutorial/node14.html */
|
||||||
|
|
||||||
$pattern = $tag == self::TYPE_UTC_TIME ?
|
$format = 'YmdHis';
|
||||||
'#^(..)(..)(..)(..)(..)(..)?(.*)$#' :
|
|
||||||
'#(....)(..)(..)(..)(..)(..).*([Z+-].*)$#';
|
|
||||||
|
|
||||||
preg_match($pattern, $content, $matches);
|
|
||||||
|
|
||||||
list(, $year, $month, $day, $hour, $minute, $second, $timezone) = $matches;
|
|
||||||
|
|
||||||
if ($tag == self::TYPE_UTC_TIME) {
|
if ($tag == self::TYPE_UTC_TIME) {
|
||||||
$year = $year >= 50 ? "19$year" : "20$year";
|
// https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#page=28 says "the seconds
|
||||||
}
|
// element shall always be present" but none-the-less I've seen X509 certs where it isn't and if the
|
||||||
|
// browsers parse it phpseclib ought to too
|
||||||
if ($timezone == 'Z') {
|
if (preg_match('#^(\d{10})(Z|[+-]\d{4})$#', $content, $matches)) {
|
||||||
$mktime = 'gmmktime';
|
$content = $matches[1] . '00' . $matches[2];
|
||||||
$timezone = 0;
|
|
||||||
} elseif (preg_match('#([+-])(\d\d)(\d\d)#', $timezone, $matches)) {
|
|
||||||
$mktime = 'gmmktime';
|
|
||||||
$timezone = 60 * $matches[3] + 3600 * $matches[2];
|
|
||||||
if ($matches[1] == '-') {
|
|
||||||
$timezone = -$timezone;
|
|
||||||
}
|
}
|
||||||
} else {
|
$prefix = substr($content, 0, 2) >= 50 ? '19' : '20';
|
||||||
$mktime = 'mktime';
|
$content = $prefix . $content;
|
||||||
$timezone = 0;
|
} elseif (strpos($content, '.') !== false) {
|
||||||
|
$format.= '.u';
|
||||||
}
|
}
|
||||||
|
|
||||||
return @$mktime((int)$hour, (int)$minute, (int)$second, (int)$month, (int)$day, (int)$year) + $timezone;
|
if ($content[strlen($content) - 1] == 'Z') {
|
||||||
|
$content = substr($content, 0, -1) . '+0000';
|
||||||
|
}
|
||||||
|
|
||||||
|
if (strpos($content, '-') !== false || strpos($content, '+') !== false) {
|
||||||
|
$format.= 'O';
|
||||||
|
}
|
||||||
|
|
||||||
|
// error supression isn't necessary as of PHP 7.0:
|
||||||
|
// http://php.net/manual/en/migration70.other-changes.php
|
||||||
|
return @DateTime::createFromFormat($format, $content);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -35,7 +35,8 @@ use phpseclib\Exception\UnsupportedAlgorithmException;
|
|||||||
use phpseclib\File\ASN1\Element;
|
use phpseclib\File\ASN1\Element;
|
||||||
use phpseclib\Math\BigInteger;
|
use phpseclib\Math\BigInteger;
|
||||||
use phpseclib\File\ASN1\Maps;
|
use phpseclib\File\ASN1\Maps;
|
||||||
|
use DateTime;
|
||||||
|
use DateTimeZone;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pure-PHP X.509 Parser
|
* Pure-PHP X.509 Parser
|
||||||
@ -1061,7 +1062,7 @@ class X509
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!isset($date)) {
|
if (!isset($date)) {
|
||||||
$date = time();
|
$date = new DateTime($date, new DateTimeZone(@date_default_timezone_get()));
|
||||||
}
|
}
|
||||||
|
|
||||||
$notBefore = $this->currentCert['tbsCertificate']['validity']['notBefore'];
|
$notBefore = $this->currentCert['tbsCertificate']['validity']['notBefore'];
|
||||||
@ -1071,8 +1072,8 @@ class X509
|
|||||||
$notAfter = isset($notAfter['generalTime']) ? $notAfter['generalTime'] : $notAfter['utcTime'];
|
$notAfter = isset($notAfter['generalTime']) ? $notAfter['generalTime'] : $notAfter['utcTime'];
|
||||||
|
|
||||||
switch (true) {
|
switch (true) {
|
||||||
case $date < @strtotime($notBefore):
|
case $date < new DateTime($notBefore, new DateTimeZone(@date_default_timezone_get())):
|
||||||
case $date > @strtotime($notAfter):
|
case $date > new DateTime($notAfter, new DateTimeZone(@date_default_timezone_get())):
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2290,7 +2291,11 @@ class X509
|
|||||||
*/
|
*/
|
||||||
private function timeField($date)
|
private function timeField($date)
|
||||||
{
|
{
|
||||||
$year = @gmdate("Y", @strtotime($date)); // the same way ASN1.php parses this
|
if ($date instanceof Element) {
|
||||||
|
return $date;
|
||||||
|
}
|
||||||
|
$dateObj = new DateTime($date, new DateTimeZone('GMT'));
|
||||||
|
$year = $dateObj->format('Y'); // the same way ASN1.php parses this
|
||||||
if ($year < 2050) {
|
if ($year < 2050) {
|
||||||
return ['utcTime' => $date];
|
return ['utcTime' => $date];
|
||||||
} else {
|
} else {
|
||||||
@ -2355,8 +2360,12 @@ class X509
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$startDate = !empty($this->startDate) ? $this->startDate : @date('D, d M Y H:i:s O');
|
$startDate = new DateTime('now', new DateTimeZone(@date_default_timezone_get()));
|
||||||
$endDate = !empty($this->endDate) ? $this->endDate : @date('D, d M Y H:i:s O', strtotime('+1 year'));
|
$startDate = !empty($this->startDate) ? $this->startDate : $startDate->format('D, d M Y H:i:s O');
|
||||||
|
|
||||||
|
$endDate = new DateTime('+1 year', new DateTimeZone(@date_default_timezone_get()));
|
||||||
|
$endDate = !empty($this->endDate) ? $this->endDate : $endDate->format('D, d M Y H:i:s O');
|
||||||
|
|
||||||
/* "The serial number MUST be a positive integer"
|
/* "The serial number MUST be a positive integer"
|
||||||
"Conforming CAs MUST NOT use serialNumber values longer than 20 octets."
|
"Conforming CAs MUST NOT use serialNumber values longer than 20 octets."
|
||||||
-- https://tools.ietf.org/html/rfc5280#section-4.1.2.2
|
-- https://tools.ietf.org/html/rfc5280#section-4.1.2.2
|
||||||
@ -2624,7 +2633,9 @@ class X509
|
|||||||
|
|
||||||
$currentCert = isset($this->currentCert) ? $this->currentCert : null;
|
$currentCert = isset($this->currentCert) ? $this->currentCert : null;
|
||||||
$signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : null;
|
$signatureSubject = isset($this->signatureSubject) ? $this->signatureSubject : null;
|
||||||
$thisUpdate = !empty($this->startDate) ? $this->startDate : @date('D, d M Y H:i:s O');
|
|
||||||
|
$thisUpdate = new DateTime('now', new DateTimeZone(@date_default_timezone_get()));
|
||||||
|
$thisUpdate = !empty($this->startDate) ? $this->startDate : $thisUpdate->format('D, d M Y H:i:s O');
|
||||||
|
|
||||||
if (isset($crl->currentCert) && is_array($crl->currentCert) && isset($crl->currentCert['tbsCertList'])) {
|
if (isset($crl->currentCert) && is_array($crl->currentCert) && isset($crl->currentCert['tbsCertList'])) {
|
||||||
$this->currentCert = $crl->currentCert;
|
$this->currentCert = $crl->currentCert;
|
||||||
@ -2777,7 +2788,11 @@ class X509
|
|||||||
*/
|
*/
|
||||||
public function setStartDate($date)
|
public function setStartDate($date)
|
||||||
{
|
{
|
||||||
$this->startDate = @date('D, d M Y H:i:s O', @strtotime($date));
|
if (!is_object($date) || !is_a($date, 'DateTime')) {
|
||||||
|
$date = new DateTime($date);
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->startDate = $date->format('D, d M Y H:i:s O', new DateTimeZone(@date_default_timezone_get()));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -2800,7 +2815,11 @@ class X509
|
|||||||
$temp = chr(ASN1::TYPE_GENERALIZED_TIME) . ASN1::encodeLength(strlen($temp)) . $temp;
|
$temp = chr(ASN1::TYPE_GENERALIZED_TIME) . ASN1::encodeLength(strlen($temp)) . $temp;
|
||||||
$this->endDate = new Element($temp);
|
$this->endDate = new Element($temp);
|
||||||
} else {
|
} else {
|
||||||
$this->endDate = @date('D, d M Y H:i:s O', @strtotime($date));
|
if (!is_object($date) || !is_a($date, 'DateTime')) {
|
||||||
|
$date = new DateTime($date);
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->endDate = $date->format('D, d M Y H:i:s O', new DateTimeZone(@date_default_timezone_get()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3530,8 +3549,9 @@ class X509
|
|||||||
}
|
}
|
||||||
|
|
||||||
$i = count($rclist);
|
$i = count($rclist);
|
||||||
|
$revocationDate = new DateTime('now', new DateTimeZone(@date_default_timezone_get()));
|
||||||
$rclist[] = ['userCertificate' => $serial,
|
$rclist[] = ['userCertificate' => $serial,
|
||||||
'revocationDate' => $this->timeField(@date('D, d M Y H:i:s O'))];
|
'revocationDate' => $this->timeField($revocationDate->format('D, d M Y H:i:s O'))];
|
||||||
return $i;
|
return $i;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1969,7 +1969,7 @@ class SFTP extends SSH2
|
|||||||
|
|
||||||
if (isset($fp)) {
|
if (isset($fp)) {
|
||||||
$stat = fstat($fp);
|
$stat = fstat($fp);
|
||||||
$size = $stat['size'];
|
$size = !empty($stat) ? $stat['size'] : 0;
|
||||||
|
|
||||||
if ($local_start >= 0) {
|
if ($local_start >= 0) {
|
||||||
fseek($fp, $local_start);
|
fseek($fp, $local_start);
|
||||||
|
@ -103,10 +103,10 @@ class SSH2
|
|||||||
* @see \phpseclib\Net\SSH2::_get_channel_packet()
|
* @see \phpseclib\Net\SSH2::_get_channel_packet()
|
||||||
* @access private
|
* @access private
|
||||||
*/
|
*/
|
||||||
const CHANNEL_EXEC = 0; // PuTTy uses 0x100
|
const CHANNEL_EXEC = 1; // PuTTy uses 0x100
|
||||||
const CHANNEL_SHELL = 1;
|
const CHANNEL_SHELL = 2;
|
||||||
const CHANNEL_SUBSYSTEM = 2;
|
const CHANNEL_SUBSYSTEM = 3;
|
||||||
const CHANNEL_AGENT_FORWARD = 3;
|
const CHANNEL_AGENT_FORWARD = 4;
|
||||||
/**#@-*/
|
/**#@-*/
|
||||||
|
|
||||||
/**#@+
|
/**#@+
|
||||||
@ -897,6 +897,38 @@ class SSH2
|
|||||||
*/
|
*/
|
||||||
private $send_kex_first = true;
|
private $send_kex_first = true;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Some versions of OpenSSH incorrectly calculate the key size
|
||||||
|
*
|
||||||
|
* @var bool
|
||||||
|
* @access private
|
||||||
|
*/
|
||||||
|
private $bad_key_size_fix = false;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The selected decryption algorithm
|
||||||
|
*
|
||||||
|
* @var string
|
||||||
|
* @access private
|
||||||
|
*/
|
||||||
|
private $decrypt_algorithm = '';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Should we try to re-connect to re-establish keys?
|
||||||
|
*
|
||||||
|
* @var bool
|
||||||
|
* @access private
|
||||||
|
*/
|
||||||
|
private $retry_connect = false;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Binary Packet Buffer
|
||||||
|
*
|
||||||
|
* @var string|false
|
||||||
|
* @access private
|
||||||
|
*/
|
||||||
|
private $binary_packet_buffer = false;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Default Constructor.
|
* Default Constructor.
|
||||||
*
|
*
|
||||||
@ -1027,7 +1059,7 @@ class SSH2
|
|||||||
*
|
*
|
||||||
* @access public
|
* @access public
|
||||||
*/
|
*/
|
||||||
function sendIdentificationStringFirst()
|
public function sendIdentificationStringFirst()
|
||||||
{
|
{
|
||||||
$this->send_id_string_first = true;
|
$this->send_id_string_first = true;
|
||||||
}
|
}
|
||||||
@ -1041,7 +1073,7 @@ class SSH2
|
|||||||
*
|
*
|
||||||
* @access public
|
* @access public
|
||||||
*/
|
*/
|
||||||
function sendIdentificationStringLast()
|
public function sendIdentificationStringLast()
|
||||||
{
|
{
|
||||||
$this->send_id_string_first = false;
|
$this->send_id_string_first = false;
|
||||||
}
|
}
|
||||||
@ -1055,7 +1087,7 @@ class SSH2
|
|||||||
*
|
*
|
||||||
* @access public
|
* @access public
|
||||||
*/
|
*/
|
||||||
function sendKEXINITFirst()
|
public function sendKEXINITFirst()
|
||||||
{
|
{
|
||||||
$this->send_kex_first = true;
|
$this->send_kex_first = true;
|
||||||
}
|
}
|
||||||
@ -1069,7 +1101,7 @@ class SSH2
|
|||||||
*
|
*
|
||||||
* @access public
|
* @access public
|
||||||
*/
|
*/
|
||||||
function sendKEXINITLast()
|
public function sendKEXINITLast()
|
||||||
{
|
{
|
||||||
$this->send_kex_first = false;
|
$this->send_kex_first = false;
|
||||||
}
|
}
|
||||||
@ -1190,8 +1222,8 @@ class SSH2
|
|||||||
$this->errors[] = utf8_decode($data);
|
$this->errors[] = utf8_decode($data);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($matches[3] != '1.99' && $matches[3] != '2.0') {
|
if (version_compare($matches[3], '1.99', '<')) {
|
||||||
throw new \RuntimeException("Cannot connect to SSH $matches[1] servers");
|
throw new \RuntimeException("Cannot connect to SSH $matches[3] servers");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$this->send_id_string_first) {
|
if (!$this->send_id_string_first) {
|
||||||
@ -1789,6 +1821,8 @@ class SSH2
|
|||||||
throw new \UnexpectedValueException('Expected SSH_MSG_NEWKEYS');
|
throw new \UnexpectedValueException('Expected SSH_MSG_NEWKEYS');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$this->decrypt_algorithm = $decrypt;
|
||||||
|
|
||||||
$keyBytes = pack('Na*', strlen($keyBytes), $keyBytes);
|
$keyBytes = pack('Na*', strlen($keyBytes), $keyBytes);
|
||||||
|
|
||||||
$this->encrypt = $this->encryption_algorithm_to_crypt_instance($encrypt);
|
$this->encrypt = $this->encryption_algorithm_to_crypt_instance($encrypt);
|
||||||
@ -1959,6 +1993,10 @@ class SSH2
|
|||||||
*/
|
*/
|
||||||
private function encryption_algorithm_to_key_size($algorithm)
|
private function encryption_algorithm_to_key_size($algorithm)
|
||||||
{
|
{
|
||||||
|
if ($this->bad_key_size_fix && $this->bad_algorithm_candidate($algorithm)) {
|
||||||
|
return 16;
|
||||||
|
}
|
||||||
|
|
||||||
switch ($algorithm) {
|
switch ($algorithm) {
|
||||||
case 'none':
|
case 'none':
|
||||||
return 0;
|
return 0;
|
||||||
@ -2033,6 +2071,27 @@ class SSH2
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Tests whether or not proposed algorithm has a potential for issues
|
||||||
|
*
|
||||||
|
* @link https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ssh2-aesctr-openssh.html
|
||||||
|
* @link https://bugzilla.mindrot.org/show_bug.cgi?id=1291
|
||||||
|
* @param string $algorithm Name of the encryption algorithm
|
||||||
|
* @return bool
|
||||||
|
* @access private
|
||||||
|
*/
|
||||||
|
private function bad_algorithm_candidate($algorithm)
|
||||||
|
{
|
||||||
|
switch ($algorithm) {
|
||||||
|
case 'arcfour256':
|
||||||
|
case 'aes192-ctr':
|
||||||
|
case 'aes256-ctr':
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Login
|
* Login
|
||||||
*
|
*
|
||||||
@ -2114,6 +2173,13 @@ class SSH2
|
|||||||
|
|
||||||
$response = $this->get_binary_packet();
|
$response = $this->get_binary_packet();
|
||||||
if ($response === false) {
|
if ($response === false) {
|
||||||
|
if ($this->retry_connect) {
|
||||||
|
$this->retry_connect = false;
|
||||||
|
if (!$this->connect()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return $this->login_helper($username, $password);
|
||||||
|
}
|
||||||
throw new \RuntimeException('Connection closed by server');
|
throw new \RuntimeException('Connection closed by server');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2676,7 +2742,7 @@ class SSH2
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$response = $this->get_binary_packet();
|
$response = $this->get_binary_packet(true);
|
||||||
if ($response === false) {
|
if ($response === false) {
|
||||||
throw new \RuntimeException('Connection closed by server');
|
throw new \RuntimeException('Connection closed by server');
|
||||||
}
|
}
|
||||||
@ -3130,6 +3196,24 @@ class SSH2
|
|||||||
return (bool) ($this->bitmap & self::MASK_LOGIN);
|
return (bool) ($this->bitmap & self::MASK_LOGIN);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Resets a connection for re-use
|
||||||
|
*
|
||||||
|
* @param int $reason
|
||||||
|
* @access private
|
||||||
|
*/
|
||||||
|
private function reset_connection($reason)
|
||||||
|
{
|
||||||
|
$this->disconnect_helper($reason);
|
||||||
|
$this->decrypt = $this->encrypt = false;
|
||||||
|
$this->decrypt_block_size = $this->encrypt_block_size = 8;
|
||||||
|
$this->hmac_check = $this->hmac_create = false;
|
||||||
|
$this->hmac_size = false;
|
||||||
|
$this->session_id = false;
|
||||||
|
$this->retry_connect = true;
|
||||||
|
$this->get_seq_no = $this->send_seq_no = 0;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets Binary Packets
|
* Gets Binary Packets
|
||||||
*
|
*
|
||||||
@ -3140,7 +3224,7 @@ class SSH2
|
|||||||
* @throws \RuntimeException on connection errors
|
* @throws \RuntimeException on connection errors
|
||||||
* @access private
|
* @access private
|
||||||
*/
|
*/
|
||||||
private function get_binary_packet()
|
private function get_binary_packet($filter_channel_packets = false)
|
||||||
{
|
{
|
||||||
if (!is_resource($this->fsock) || feof($this->fsock)) {
|
if (!is_resource($this->fsock) || feof($this->fsock)) {
|
||||||
$this->bitmap = 0;
|
$this->bitmap = 0;
|
||||||
@ -3169,6 +3253,11 @@ class SSH2
|
|||||||
// "implementations SHOULD check that the packet length is reasonable"
|
// "implementations SHOULD check that the packet length is reasonable"
|
||||||
// PuTTY uses 0x9000 as the actual max packet size and so to shall we
|
// PuTTY uses 0x9000 as the actual max packet size and so to shall we
|
||||||
if ($remaining_length < -$this->decrypt_block_size || $remaining_length > 0x9000 || $remaining_length % $this->decrypt_block_size != 0) {
|
if ($remaining_length < -$this->decrypt_block_size || $remaining_length > 0x9000 || $remaining_length % $this->decrypt_block_size != 0) {
|
||||||
|
if (!$this->bad_key_size_fix && $this->bad_algorithm_candidate($this->decrypt_algorithm) && !($this->bitmap & SSH2::MASK_LOGIN)) {
|
||||||
|
$this->bad_key_size_fix = true;
|
||||||
|
$this->reset_connection(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
throw new \RuntimeException('Invalid size');
|
throw new \RuntimeException('Invalid size');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3182,6 +3271,7 @@ class SSH2
|
|||||||
$buffer.= $temp;
|
$buffer.= $temp;
|
||||||
$remaining_length-= strlen($temp);
|
$remaining_length-= strlen($temp);
|
||||||
}
|
}
|
||||||
|
|
||||||
$stop = microtime(true);
|
$stop = microtime(true);
|
||||||
if (strlen($buffer)) {
|
if (strlen($buffer)) {
|
||||||
$raw.= $this->decrypt !== false ? $this->decrypt->decrypt($buffer) : $buffer;
|
$raw.= $this->decrypt !== false ? $this->decrypt->decrypt($buffer) : $buffer;
|
||||||
@ -3215,7 +3305,7 @@ class SSH2
|
|||||||
$this->last_packet = $current;
|
$this->last_packet = $current;
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->filter($payload);
|
return $this->filter($payload, $filter_channel_packets);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -3227,7 +3317,7 @@ class SSH2
|
|||||||
* @return string
|
* @return string
|
||||||
* @access private
|
* @access private
|
||||||
*/
|
*/
|
||||||
private function filter($payload)
|
private function filter($payload, $filter_channel_packets)
|
||||||
{
|
{
|
||||||
switch (ord($payload[0])) {
|
switch (ord($payload[0])) {
|
||||||
case NET_SSH2_MSG_DISCONNECT:
|
case NET_SSH2_MSG_DISCONNECT:
|
||||||
@ -3277,6 +3367,17 @@ class SSH2
|
|||||||
// only called when we've already logged in
|
// only called when we've already logged in
|
||||||
if (($this->bitmap & self::MASK_CONNECTED) && $this->isAuthenticated()) {
|
if (($this->bitmap & self::MASK_CONNECTED) && $this->isAuthenticated()) {
|
||||||
switch (ord($payload[0])) {
|
switch (ord($payload[0])) {
|
||||||
|
case NET_SSH2_MSG_CHANNEL_DATA:
|
||||||
|
case NET_SSH2_MSG_CHANNEL_EXTENDED_DATA:
|
||||||
|
case NET_SSH2_MSG_CHANNEL_REQUEST:
|
||||||
|
case NET_SSH2_MSG_CHANNEL_CLOSE:
|
||||||
|
case NET_SSH2_MSG_CHANNEL_EOF:
|
||||||
|
if ($filter_channel_packets) {
|
||||||
|
$this->binary_packet_buffer = $payload;
|
||||||
|
$this->get_channel_packet(true);
|
||||||
|
$payload = $this->get_binary_packet(true);
|
||||||
|
}
|
||||||
|
break;
|
||||||
case NET_SSH2_MSG_GLOBAL_REQUEST: // see http://tools.ietf.org/html/rfc4254#section-4
|
case NET_SSH2_MSG_GLOBAL_REQUEST: // see http://tools.ietf.org/html/rfc4254#section-4
|
||||||
if (strlen($payload) < 4) {
|
if (strlen($payload) < 4) {
|
||||||
return false;
|
return false;
|
||||||
@ -3461,31 +3562,37 @@ class SSH2
|
|||||||
}
|
}
|
||||||
|
|
||||||
while (true) {
|
while (true) {
|
||||||
if ($this->curTimeout) {
|
if ($this->binary_packet_buffer !== false) {
|
||||||
if ($this->curTimeout < 0) {
|
$response = $this->binary_packet_buffer;
|
||||||
$this->is_timeout = true;
|
$this->binary_packet_buffer = false;
|
||||||
return true;
|
} else {
|
||||||
|
if ($this->curTimeout) {
|
||||||
|
if ($this->curTimeout < 0) {
|
||||||
|
$this->is_timeout = true;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
$read = [$this->fsock];
|
||||||
|
$write = $except = null;
|
||||||
|
|
||||||
|
$start = microtime(true);
|
||||||
|
$sec = floor($this->curTimeout);
|
||||||
|
$usec = 1000000 * ($this->curTimeout - $sec);
|
||||||
|
// on windows this returns a "Warning: Invalid CRT parameters detected" error
|
||||||
|
if (!@stream_select($read, $write, $except, $sec, $usec) && !count($read)) {
|
||||||
|
$this->is_timeout = true;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
$elapsed = microtime(true) - $start;
|
||||||
|
$this->curTimeout-= $elapsed;
|
||||||
}
|
}
|
||||||
|
|
||||||
$read = [$this->fsock];
|
$response = $this->get_binary_packet();
|
||||||
$write = $except = null;
|
if ($response === false) {
|
||||||
|
throw new \RuntimeException('Connection closed by server');
|
||||||
$start = microtime(true);
|
|
||||||
$sec = floor($this->curTimeout);
|
|
||||||
$usec = 1000000 * ($this->curTimeout - $sec);
|
|
||||||
// on windows this returns a "Warning: Invalid CRT parameters detected" error
|
|
||||||
if (!@stream_select($read, $write, $except, $sec, $usec) && !count($read)) {
|
|
||||||
$this->is_timeout = true;
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
$elapsed = microtime(true) - $start;
|
|
||||||
$this->curTimeout-= $elapsed;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$response = $this->get_binary_packet();
|
|
||||||
if ($response === false) {
|
|
||||||
throw new \RuntimeException('Connection closed by server');
|
|
||||||
}
|
|
||||||
if ($client_channel == -1 && $response === true) {
|
if ($client_channel == -1 && $response === true) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
@ -3805,7 +3912,7 @@ class SSH2
|
|||||||
@flush();
|
@flush();
|
||||||
@ob_flush();
|
@ob_flush();
|
||||||
break;
|
break;
|
||||||
// basically the same thing as self::LOG_REALTIME with the caveat that NET_SFTP_LOG_REALTIME_FILENAME
|
// basically the same thing as self::LOG_REALTIME with the caveat that NET_SSH2_LOG_REALTIME_FILENAME
|
||||||
// needs to be defined and that the resultant log file will be capped out at self::LOG_MAX_SIZE.
|
// needs to be defined and that the resultant log file will be capped out at self::LOG_MAX_SIZE.
|
||||||
// the earliest part of the log file is denoted by the first <<< START >>> and is not going to necessarily
|
// the earliest part of the log file is denoted by the first <<< START >>> and is not going to necessarily
|
||||||
// at the beginning of the file
|
// at the beginning of the file
|
||||||
|
@ -148,5 +148,25 @@ class Functional_Net_SSH2Test extends PhpseclibFunctionalTestCase
|
|||||||
$ssh->exec('ls -latr');
|
$ssh->exec('ls -latr');
|
||||||
$ssh->disablePTY();
|
$ssh->disablePTY();
|
||||||
$ssh->exec('pwd');
|
$ssh->exec('pwd');
|
||||||
|
|
||||||
|
return $ssh;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @depends testDisablePTY
|
||||||
|
* @group github1167
|
||||||
|
*/
|
||||||
|
public function testChannelDataAfterOpen($ssh)
|
||||||
|
{
|
||||||
|
$ssh->write("ping 127.0.0.1\n");
|
||||||
|
|
||||||
|
$ssh->enablePTY();
|
||||||
|
$ssh->exec('bash');
|
||||||
|
|
||||||
|
$ssh->write("ls -latr\n");
|
||||||
|
|
||||||
|
$ssh->setTimeout(1);
|
||||||
|
|
||||||
|
$ssh->read();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user