SSH2: more consistent exception handling

This commit is contained in:
terrafrost 2020-02-24 01:02:26 -06:00
parent e8da444bb7
commit ee10846cac

View File

@ -1295,6 +1295,7 @@ class SSH2
} }
if (version_compare($matches[3], '1.99', '<')) { if (version_compare($matches[3], '1.99', '<')) {
$this->bitmap = 0;
throw new UnableToConnectException("Cannot connect to SSH $matches[3] servers"); throw new UnableToConnectException("Cannot connect to SSH $matches[3] servers");
} }
@ -1310,6 +1311,7 @@ class SSH2
} }
if (!strlen($response) || ord($response[0]) != NET_SSH2_MSG_KEXINIT) { if (!strlen($response) || ord($response[0]) != NET_SSH2_MSG_KEXINIT) {
$this->bitmap = 0;
throw new \UnexpectedValueException('Expected SSH_MSG_KEXINIT'); throw new \UnexpectedValueException('Expected SSH_MSG_KEXINIT');
} }
@ -1444,11 +1446,12 @@ class SSH2
$kexinit_payload_server = $this->get_binary_packet(); $kexinit_payload_server = $this->get_binary_packet();
if ($kexinit_payload_server === false) { if ($kexinit_payload_server === false) {
$this->bitmap = 0; $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
throw new ConnectionClosedException('Connection closed by server'); throw new ConnectionClosedException('Connection closed by server');
} }
if (!strlen($kexinit_payload_server) || ord($kexinit_payload_server[0]) != NET_SSH2_MSG_KEXINIT) { if (!strlen($kexinit_payload_server) || ord($kexinit_payload_server[0]) != NET_SSH2_MSG_KEXINIT) {
$this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
throw new \UnexpectedValueException('Expected SSH_MSG_KEXINIT'); throw new \UnexpectedValueException('Expected SSH_MSG_KEXINIT');
} }
} }
@ -1552,12 +1555,13 @@ class SSH2
$response = $this->get_binary_packet(); $response = $this->get_binary_packet();
if ($response === false) { if ($response === false) {
$this->bitmap = 0; $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
throw new ConnectionClosedException('Connection closed by server'); throw new ConnectionClosedException('Connection closed by server');
} }
list($type, $primeBytes, $gBytes) = Strings::unpackSSH2('Css', $response); list($type, $primeBytes, $gBytes) = Strings::unpackSSH2('Css', $response);
if ($type != NET_SSH2_MSG_KEXDH_GEX_GROUP) { if ($type != NET_SSH2_MSG_KEXDH_GEX_GROUP) {
$this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
throw new \UnexpectedValueException('Expected SSH_MSG_KEX_DH_GEX_GROUP'); throw new \UnexpectedValueException('Expected SSH_MSG_KEX_DH_GEX_GROUP');
} }
$this->updateLogHistory('NET_SSH2_MSG_KEXDH_REPLY', 'NET_SSH2_MSG_KEXDH_GEX_GROUP'); $this->updateLogHistory('NET_SSH2_MSG_KEXDH_REPLY', 'NET_SSH2_MSG_KEXDH_GEX_GROUP');
@ -1600,7 +1604,7 @@ class SSH2
$response = $this->get_binary_packet(); $response = $this->get_binary_packet();
if ($response === false) { if ($response === false) {
$this->bitmap = 0; $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
throw new ConnectionClosedException('Connection closed by server'); throw new ConnectionClosedException('Connection closed by server');
} }
if (!strlen($response)) { if (!strlen($response)) {
@ -1615,6 +1619,7 @@ class SSH2
) = Strings::unpackSSH2('Csss', $response); ) = Strings::unpackSSH2('Csss', $response);
if ($type != constant($serverKexReplyMessage)) { if ($type != constant($serverKexReplyMessage)) {
$this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
throw new \UnexpectedValueException("Expected $serverKexReplyMessage"); throw new \UnexpectedValueException("Expected $serverKexReplyMessage");
} }
switch ($serverKexReplyMessage) { switch ($serverKexReplyMessage) {
@ -1680,7 +1685,7 @@ class SSH2
case $this->signature_format == $server_host_key_algorithm: case $this->signature_format == $server_host_key_algorithm:
case $server_host_key_algorithm != 'rsa-sha2-256' && $server_host_key_algorithm != 'rsa-sha2-512': case $server_host_key_algorithm != 'rsa-sha2-256' && $server_host_key_algorithm != 'rsa-sha2-512':
case $this->signature_format != 'ssh-rsa': case $this->signature_format != 'ssh-rsa':
$this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED); $this->disconnect_helper(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
throw new \RuntimeException('Server Host Key Algorithm Mismatch'); throw new \RuntimeException('Server Host Key Algorithm Mismatch');
} }
} }
@ -1691,12 +1696,13 @@ class SSH2
$response = $this->get_binary_packet(); $response = $this->get_binary_packet();
if ($response === false) { if ($response === false) {
$this->bitmap = 0; $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
throw new ConnectionClosedException('Connection closed by server'); throw new ConnectionClosedException('Connection closed by server');
} }
list($type) = Strings::unpackSSH2('C', $response); list($type) = Strings::unpackSSH2('C', $response);
if ($type != NET_SSH2_MSG_NEWKEYS) { if ($type != NET_SSH2_MSG_NEWKEYS) {
$this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
throw new \UnexpectedValueException('Expected SSH_MSG_NEWKEYS'); throw new \UnexpectedValueException('Expected SSH_MSG_NEWKEYS');
} }
@ -2103,12 +2109,13 @@ class SSH2
} }
return $this->login_helper($username, $password); return $this->login_helper($username, $password);
} }
$this->bitmap = 0; $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
throw new ConnectionClosedException('Connection closed by server'); throw new ConnectionClosedException('Connection closed by server');
} }
list($type, $service) = Strings::unpackSSH2('Cs', $response); list($type, $service) = Strings::unpackSSH2('Cs', $response);
if ($type != NET_SSH2_MSG_SERVICE_ACCEPT || $service != 'ssh-userauth') { if ($type != NET_SSH2_MSG_SERVICE_ACCEPT || $service != 'ssh-userauth') {
$this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
throw new \UnexpectedValueException('Expected SSH_MSG_SERVICE_ACCEPT'); throw new \UnexpectedValueException('Expected SSH_MSG_SERVICE_ACCEPT');
} }
$this->bitmap |= self::MASK_LOGIN_REQ; $this->bitmap |= self::MASK_LOGIN_REQ;
@ -2147,7 +2154,7 @@ class SSH2
$response = $this->get_binary_packet(); $response = $this->get_binary_packet();
if ($response === false) { if ($response === false) {
$this->bitmap = 0; $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
throw new ConnectionClosedException('Connection closed by server'); throw new ConnectionClosedException('Connection closed by server');
} }
@ -2195,7 +2202,7 @@ class SSH2
$response = $this->get_binary_packet(); $response = $this->get_binary_packet();
if ($response === false) { if ($response === false) {
$this->bitmap = 0; $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
throw new ConnectionClosedException('Connection closed by server'); throw new ConnectionClosedException('Connection closed by server');
} }
@ -2269,7 +2276,7 @@ class SSH2
} else { } else {
$orig = $response = $this->get_binary_packet(); $orig = $response = $this->get_binary_packet();
if ($response === false) { if ($response === false) {
$this->bitmap = 0; $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
throw new ConnectionClosedException('Connection closed by server'); throw new ConnectionClosedException('Connection closed by server');
} }
} }
@ -2455,7 +2462,7 @@ class SSH2
$response = $this->get_binary_packet(); $response = $this->get_binary_packet();
if ($response === false) { if ($response === false) {
$this->bitmap = 0; $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
throw new ConnectionClosedException('Connection closed by server'); throw new ConnectionClosedException('Connection closed by server');
} }
@ -2483,7 +2490,7 @@ class SSH2
$response = $this->get_binary_packet(); $response = $this->get_binary_packet();
if ($response === false) { if ($response === false) {
$this->bitmap = 0; $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
throw new ConnectionClosedException('Connection closed by server'); throw new ConnectionClosedException('Connection closed by server');
} }
@ -2596,7 +2603,7 @@ class SSH2
$response = $this->get_binary_packet(); $response = $this->get_binary_packet();
if ($response === false) { if ($response === false) {
$this->bitmap = 0; $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
throw new ConnectionClosedException('Connection closed by server'); throw new ConnectionClosedException('Connection closed by server');
} }
@ -2721,7 +2728,7 @@ class SSH2
$response = $this->get_binary_packet(); $response = $this->get_binary_packet();
if ($response === false) { if ($response === false) {
$this->bitmap = 0; $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
throw new ConnectionClosedException('Connection closed by server'); throw new ConnectionClosedException('Connection closed by server');
} }
@ -2956,7 +2963,6 @@ class SSH2
$this->channel_status[self::CHANNEL_SUBSYSTEM] = NET_SSH2_MSG_CHANNEL_REQUEST; $this->channel_status[self::CHANNEL_SUBSYSTEM] = NET_SSH2_MSG_CHANNEL_REQUEST;
$response = $this->get_channel_packet(self::CHANNEL_SUBSYSTEM); $response = $this->get_channel_packet(self::CHANNEL_SUBSYSTEM);
if ($response === false) { if ($response === false) {
return false; return false;
} }
@ -3254,7 +3260,7 @@ class SSH2
if ($this->hmac_check instanceof Hash) { if ($this->hmac_check instanceof Hash) {
$hmac = stream_get_contents($this->fsock, $this->hmac_size); $hmac = stream_get_contents($this->fsock, $this->hmac_size);
if ($hmac === false || strlen($hmac) != $this->hmac_size) { if ($hmac === false || strlen($hmac) != $this->hmac_size) {
$this->bitmap = 0; $this->disconnect_helper(NET_SSH2_DISCONNECT_MAC_ERROR);
throw new \RuntimeException('Error reading socket'); throw new \RuntimeException('Error reading socket');
} }
@ -3264,10 +3270,12 @@ class SSH2
if (($this->hmac_check->getHash() & "\xFF\xFF\xFF\xFF") == 'umac') { if (($this->hmac_check->getHash() & "\xFF\xFF\xFF\xFF") == 'umac') {
$this->hmac_check->setNonce("\0\0\0\0" . pack('N', $this->get_seq_no)); $this->hmac_check->setNonce("\0\0\0\0" . pack('N', $this->get_seq_no));
if ($hmac != $this->hmac_check->hash($reconstructed)) { if ($hmac != $this->hmac_check->hash($reconstructed)) {
$this->disconnect_helper(NET_SSH2_DISCONNECT_MAC_ERROR);
throw new \RuntimeException('Invalid UMAC'); throw new \RuntimeException('Invalid UMAC');
} }
} else { } else {
if ($hmac != $this->hmac_check->hash(pack('Na*', $this->get_seq_no, $reconstructed))) { if ($hmac != $this->hmac_check->hash(pack('Na*', $this->get_seq_no, $reconstructed))) {
$this->disconnect_helper(NET_SSH2_DISCONNECT_MAC_ERROR);
throw new \RuntimeException('Invalid HMAC'); throw new \RuntimeException('Invalid HMAC');
} }
} }
@ -3338,7 +3346,7 @@ class SSH2
while ($remaining_length > 0) { while ($remaining_length > 0) {
$temp = stream_get_contents($this->fsock, $remaining_length); $temp = stream_get_contents($this->fsock, $remaining_length);
if ($temp === false || feof($this->fsock)) { if ($temp === false || feof($this->fsock)) {
$this->bitmap = 0; $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
throw new \RuntimeException('Error reading from socket'); throw new \RuntimeException('Error reading from socket');
} }
$buffer.= $temp; $buffer.= $temp;
@ -3615,7 +3623,7 @@ class SSH2
$response = $this->get_binary_packet(true); $response = $this->get_binary_packet(true);
if ($response === false) { if ($response === false) {
$this->bitmap = 0; $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
throw new ConnectionClosedException('Connection closed by server'); throw new ConnectionClosedException('Connection closed by server');
} }
} }
@ -4086,7 +4094,10 @@ class SSH2
{ {
if ($this->bitmap & self::MASK_CONNECTED) { if ($this->bitmap & self::MASK_CONNECTED) {
$data = Strings::packSSH2('CNss', NET_SSH2_MSG_DISCONNECT, $reason, '', ''); $data = Strings::packSSH2('CNss', NET_SSH2_MSG_DISCONNECT, $reason, '', '');
$this->send_binary_packet($data); try {
$this->send_binary_packet($data);
} catch (\Exception $e) {
}
} }
$this->bitmap = 0; $this->bitmap = 0;