mirror of
https://github.com/danog/phpseclib.git
synced 2024-12-12 17:17:26 +01:00
SSH2: more consistent exception handling
This commit is contained in:
parent
e8da444bb7
commit
ee10846cac
@ -1295,6 +1295,7 @@ class SSH2
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (version_compare($matches[3], '1.99', '<')) {
|
if (version_compare($matches[3], '1.99', '<')) {
|
||||||
|
$this->bitmap = 0;
|
||||||
throw new UnableToConnectException("Cannot connect to SSH $matches[3] servers");
|
throw new UnableToConnectException("Cannot connect to SSH $matches[3] servers");
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1310,6 +1311,7 @@ class SSH2
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!strlen($response) || ord($response[0]) != NET_SSH2_MSG_KEXINIT) {
|
if (!strlen($response) || ord($response[0]) != NET_SSH2_MSG_KEXINIT) {
|
||||||
|
$this->bitmap = 0;
|
||||||
throw new \UnexpectedValueException('Expected SSH_MSG_KEXINIT');
|
throw new \UnexpectedValueException('Expected SSH_MSG_KEXINIT');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1444,11 +1446,12 @@ class SSH2
|
|||||||
|
|
||||||
$kexinit_payload_server = $this->get_binary_packet();
|
$kexinit_payload_server = $this->get_binary_packet();
|
||||||
if ($kexinit_payload_server === false) {
|
if ($kexinit_payload_server === false) {
|
||||||
$this->bitmap = 0;
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
|
||||||
throw new ConnectionClosedException('Connection closed by server');
|
throw new ConnectionClosedException('Connection closed by server');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!strlen($kexinit_payload_server) || ord($kexinit_payload_server[0]) != NET_SSH2_MSG_KEXINIT) {
|
if (!strlen($kexinit_payload_server) || ord($kexinit_payload_server[0]) != NET_SSH2_MSG_KEXINIT) {
|
||||||
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
|
||||||
throw new \UnexpectedValueException('Expected SSH_MSG_KEXINIT');
|
throw new \UnexpectedValueException('Expected SSH_MSG_KEXINIT');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1552,12 +1555,13 @@ class SSH2
|
|||||||
|
|
||||||
$response = $this->get_binary_packet();
|
$response = $this->get_binary_packet();
|
||||||
if ($response === false) {
|
if ($response === false) {
|
||||||
$this->bitmap = 0;
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
|
||||||
throw new ConnectionClosedException('Connection closed by server');
|
throw new ConnectionClosedException('Connection closed by server');
|
||||||
}
|
}
|
||||||
|
|
||||||
list($type, $primeBytes, $gBytes) = Strings::unpackSSH2('Css', $response);
|
list($type, $primeBytes, $gBytes) = Strings::unpackSSH2('Css', $response);
|
||||||
if ($type != NET_SSH2_MSG_KEXDH_GEX_GROUP) {
|
if ($type != NET_SSH2_MSG_KEXDH_GEX_GROUP) {
|
||||||
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
|
||||||
throw new \UnexpectedValueException('Expected SSH_MSG_KEX_DH_GEX_GROUP');
|
throw new \UnexpectedValueException('Expected SSH_MSG_KEX_DH_GEX_GROUP');
|
||||||
}
|
}
|
||||||
$this->updateLogHistory('NET_SSH2_MSG_KEXDH_REPLY', 'NET_SSH2_MSG_KEXDH_GEX_GROUP');
|
$this->updateLogHistory('NET_SSH2_MSG_KEXDH_REPLY', 'NET_SSH2_MSG_KEXDH_GEX_GROUP');
|
||||||
@ -1600,7 +1604,7 @@ class SSH2
|
|||||||
|
|
||||||
$response = $this->get_binary_packet();
|
$response = $this->get_binary_packet();
|
||||||
if ($response === false) {
|
if ($response === false) {
|
||||||
$this->bitmap = 0;
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
|
||||||
throw new ConnectionClosedException('Connection closed by server');
|
throw new ConnectionClosedException('Connection closed by server');
|
||||||
}
|
}
|
||||||
if (!strlen($response)) {
|
if (!strlen($response)) {
|
||||||
@ -1615,6 +1619,7 @@ class SSH2
|
|||||||
) = Strings::unpackSSH2('Csss', $response);
|
) = Strings::unpackSSH2('Csss', $response);
|
||||||
|
|
||||||
if ($type != constant($serverKexReplyMessage)) {
|
if ($type != constant($serverKexReplyMessage)) {
|
||||||
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
|
||||||
throw new \UnexpectedValueException("Expected $serverKexReplyMessage");
|
throw new \UnexpectedValueException("Expected $serverKexReplyMessage");
|
||||||
}
|
}
|
||||||
switch ($serverKexReplyMessage) {
|
switch ($serverKexReplyMessage) {
|
||||||
@ -1680,7 +1685,7 @@ class SSH2
|
|||||||
case $this->signature_format == $server_host_key_algorithm:
|
case $this->signature_format == $server_host_key_algorithm:
|
||||||
case $server_host_key_algorithm != 'rsa-sha2-256' && $server_host_key_algorithm != 'rsa-sha2-512':
|
case $server_host_key_algorithm != 'rsa-sha2-256' && $server_host_key_algorithm != 'rsa-sha2-512':
|
||||||
case $this->signature_format != 'ssh-rsa':
|
case $this->signature_format != 'ssh-rsa':
|
||||||
$this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
|
||||||
throw new \RuntimeException('Server Host Key Algorithm Mismatch');
|
throw new \RuntimeException('Server Host Key Algorithm Mismatch');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1691,12 +1696,13 @@ class SSH2
|
|||||||
$response = $this->get_binary_packet();
|
$response = $this->get_binary_packet();
|
||||||
|
|
||||||
if ($response === false) {
|
if ($response === false) {
|
||||||
$this->bitmap = 0;
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
|
||||||
throw new ConnectionClosedException('Connection closed by server');
|
throw new ConnectionClosedException('Connection closed by server');
|
||||||
}
|
}
|
||||||
|
|
||||||
list($type) = Strings::unpackSSH2('C', $response);
|
list($type) = Strings::unpackSSH2('C', $response);
|
||||||
if ($type != NET_SSH2_MSG_NEWKEYS) {
|
if ($type != NET_SSH2_MSG_NEWKEYS) {
|
||||||
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
|
||||||
throw new \UnexpectedValueException('Expected SSH_MSG_NEWKEYS');
|
throw new \UnexpectedValueException('Expected SSH_MSG_NEWKEYS');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2103,12 +2109,13 @@ class SSH2
|
|||||||
}
|
}
|
||||||
return $this->login_helper($username, $password);
|
return $this->login_helper($username, $password);
|
||||||
}
|
}
|
||||||
$this->bitmap = 0;
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
|
||||||
throw new ConnectionClosedException('Connection closed by server');
|
throw new ConnectionClosedException('Connection closed by server');
|
||||||
}
|
}
|
||||||
|
|
||||||
list($type, $service) = Strings::unpackSSH2('Cs', $response);
|
list($type, $service) = Strings::unpackSSH2('Cs', $response);
|
||||||
if ($type != NET_SSH2_MSG_SERVICE_ACCEPT || $service != 'ssh-userauth') {
|
if ($type != NET_SSH2_MSG_SERVICE_ACCEPT || $service != 'ssh-userauth') {
|
||||||
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
|
||||||
throw new \UnexpectedValueException('Expected SSH_MSG_SERVICE_ACCEPT');
|
throw new \UnexpectedValueException('Expected SSH_MSG_SERVICE_ACCEPT');
|
||||||
}
|
}
|
||||||
$this->bitmap |= self::MASK_LOGIN_REQ;
|
$this->bitmap |= self::MASK_LOGIN_REQ;
|
||||||
@ -2147,7 +2154,7 @@ class SSH2
|
|||||||
|
|
||||||
$response = $this->get_binary_packet();
|
$response = $this->get_binary_packet();
|
||||||
if ($response === false) {
|
if ($response === false) {
|
||||||
$this->bitmap = 0;
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
|
||||||
throw new ConnectionClosedException('Connection closed by server');
|
throw new ConnectionClosedException('Connection closed by server');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2195,7 +2202,7 @@ class SSH2
|
|||||||
|
|
||||||
$response = $this->get_binary_packet();
|
$response = $this->get_binary_packet();
|
||||||
if ($response === false) {
|
if ($response === false) {
|
||||||
$this->bitmap = 0;
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
|
||||||
throw new ConnectionClosedException('Connection closed by server');
|
throw new ConnectionClosedException('Connection closed by server');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2269,7 +2276,7 @@ class SSH2
|
|||||||
} else {
|
} else {
|
||||||
$orig = $response = $this->get_binary_packet();
|
$orig = $response = $this->get_binary_packet();
|
||||||
if ($response === false) {
|
if ($response === false) {
|
||||||
$this->bitmap = 0;
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
|
||||||
throw new ConnectionClosedException('Connection closed by server');
|
throw new ConnectionClosedException('Connection closed by server');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -2455,7 +2462,7 @@ class SSH2
|
|||||||
|
|
||||||
$response = $this->get_binary_packet();
|
$response = $this->get_binary_packet();
|
||||||
if ($response === false) {
|
if ($response === false) {
|
||||||
$this->bitmap = 0;
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
|
||||||
throw new ConnectionClosedException('Connection closed by server');
|
throw new ConnectionClosedException('Connection closed by server');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2483,7 +2490,7 @@ class SSH2
|
|||||||
|
|
||||||
$response = $this->get_binary_packet();
|
$response = $this->get_binary_packet();
|
||||||
if ($response === false) {
|
if ($response === false) {
|
||||||
$this->bitmap = 0;
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
|
||||||
throw new ConnectionClosedException('Connection closed by server');
|
throw new ConnectionClosedException('Connection closed by server');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2596,7 +2603,7 @@ class SSH2
|
|||||||
|
|
||||||
$response = $this->get_binary_packet();
|
$response = $this->get_binary_packet();
|
||||||
if ($response === false) {
|
if ($response === false) {
|
||||||
$this->bitmap = 0;
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
|
||||||
throw new ConnectionClosedException('Connection closed by server');
|
throw new ConnectionClosedException('Connection closed by server');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2721,7 +2728,7 @@ class SSH2
|
|||||||
|
|
||||||
$response = $this->get_binary_packet();
|
$response = $this->get_binary_packet();
|
||||||
if ($response === false) {
|
if ($response === false) {
|
||||||
$this->bitmap = 0;
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
|
||||||
throw new ConnectionClosedException('Connection closed by server');
|
throw new ConnectionClosedException('Connection closed by server');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2956,7 +2963,6 @@ class SSH2
|
|||||||
$this->channel_status[self::CHANNEL_SUBSYSTEM] = NET_SSH2_MSG_CHANNEL_REQUEST;
|
$this->channel_status[self::CHANNEL_SUBSYSTEM] = NET_SSH2_MSG_CHANNEL_REQUEST;
|
||||||
|
|
||||||
$response = $this->get_channel_packet(self::CHANNEL_SUBSYSTEM);
|
$response = $this->get_channel_packet(self::CHANNEL_SUBSYSTEM);
|
||||||
|
|
||||||
if ($response === false) {
|
if ($response === false) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -3254,7 +3260,7 @@ class SSH2
|
|||||||
if ($this->hmac_check instanceof Hash) {
|
if ($this->hmac_check instanceof Hash) {
|
||||||
$hmac = stream_get_contents($this->fsock, $this->hmac_size);
|
$hmac = stream_get_contents($this->fsock, $this->hmac_size);
|
||||||
if ($hmac === false || strlen($hmac) != $this->hmac_size) {
|
if ($hmac === false || strlen($hmac) != $this->hmac_size) {
|
||||||
$this->bitmap = 0;
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_MAC_ERROR);
|
||||||
throw new \RuntimeException('Error reading socket');
|
throw new \RuntimeException('Error reading socket');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3264,10 +3270,12 @@ class SSH2
|
|||||||
if (($this->hmac_check->getHash() & "\xFF\xFF\xFF\xFF") == 'umac') {
|
if (($this->hmac_check->getHash() & "\xFF\xFF\xFF\xFF") == 'umac') {
|
||||||
$this->hmac_check->setNonce("\0\0\0\0" . pack('N', $this->get_seq_no));
|
$this->hmac_check->setNonce("\0\0\0\0" . pack('N', $this->get_seq_no));
|
||||||
if ($hmac != $this->hmac_check->hash($reconstructed)) {
|
if ($hmac != $this->hmac_check->hash($reconstructed)) {
|
||||||
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_MAC_ERROR);
|
||||||
throw new \RuntimeException('Invalid UMAC');
|
throw new \RuntimeException('Invalid UMAC');
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if ($hmac != $this->hmac_check->hash(pack('Na*', $this->get_seq_no, $reconstructed))) {
|
if ($hmac != $this->hmac_check->hash(pack('Na*', $this->get_seq_no, $reconstructed))) {
|
||||||
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_MAC_ERROR);
|
||||||
throw new \RuntimeException('Invalid HMAC');
|
throw new \RuntimeException('Invalid HMAC');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -3338,7 +3346,7 @@ class SSH2
|
|||||||
while ($remaining_length > 0) {
|
while ($remaining_length > 0) {
|
||||||
$temp = stream_get_contents($this->fsock, $remaining_length);
|
$temp = stream_get_contents($this->fsock, $remaining_length);
|
||||||
if ($temp === false || feof($this->fsock)) {
|
if ($temp === false || feof($this->fsock)) {
|
||||||
$this->bitmap = 0;
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
|
||||||
throw new \RuntimeException('Error reading from socket');
|
throw new \RuntimeException('Error reading from socket');
|
||||||
}
|
}
|
||||||
$buffer.= $temp;
|
$buffer.= $temp;
|
||||||
@ -3615,7 +3623,7 @@ class SSH2
|
|||||||
|
|
||||||
$response = $this->get_binary_packet(true);
|
$response = $this->get_binary_packet(true);
|
||||||
if ($response === false) {
|
if ($response === false) {
|
||||||
$this->bitmap = 0;
|
$this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
|
||||||
throw new ConnectionClosedException('Connection closed by server');
|
throw new ConnectionClosedException('Connection closed by server');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -4086,7 +4094,10 @@ class SSH2
|
|||||||
{
|
{
|
||||||
if ($this->bitmap & self::MASK_CONNECTED) {
|
if ($this->bitmap & self::MASK_CONNECTED) {
|
||||||
$data = Strings::packSSH2('CNss', NET_SSH2_MSG_DISCONNECT, $reason, '', '');
|
$data = Strings::packSSH2('CNss', NET_SSH2_MSG_DISCONNECT, $reason, '', '');
|
||||||
|
try {
|
||||||
$this->send_binary_packet($data);
|
$this->send_binary_packet($data);
|
||||||
|
} catch (\Exception $e) {
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->bitmap = 0;
|
$this->bitmap = 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user