summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--auth/authentication.php2
-rw-r--r--libs/phpseclib-1.0.6/Crypt/AES.php (renamed from libs/phpseclib-1.0.5/Crypt/AES.php)0
-rw-r--r--libs/phpseclib-1.0.6/Crypt/Base.php (renamed from libs/phpseclib-1.0.5/Crypt/Base.php)0
-rw-r--r--libs/phpseclib-1.0.6/Crypt/Blowfish.php (renamed from libs/phpseclib-1.0.5/Crypt/Blowfish.php)2
-rw-r--r--libs/phpseclib-1.0.6/Crypt/DES.php (renamed from libs/phpseclib-1.0.5/Crypt/DES.php)0
-rw-r--r--libs/phpseclib-1.0.6/Crypt/Hash.php (renamed from libs/phpseclib-1.0.5/Crypt/Hash.php)2
-rw-r--r--libs/phpseclib-1.0.6/Crypt/RC2.php (renamed from libs/phpseclib-1.0.5/Crypt/RC2.php)0
-rw-r--r--libs/phpseclib-1.0.6/Crypt/RC4.php (renamed from libs/phpseclib-1.0.5/Crypt/RC4.php)17
-rw-r--r--libs/phpseclib-1.0.6/Crypt/RSA.php (renamed from libs/phpseclib-1.0.5/Crypt/RSA.php)0
-rw-r--r--libs/phpseclib-1.0.6/Crypt/Random.php (renamed from libs/phpseclib-1.0.5/Crypt/Random.php)0
-rw-r--r--libs/phpseclib-1.0.6/Crypt/Rijndael.php (renamed from libs/phpseclib-1.0.5/Crypt/Rijndael.php)0
-rw-r--r--libs/phpseclib-1.0.6/Crypt/TripleDES.php (renamed from libs/phpseclib-1.0.5/Crypt/TripleDES.php)0
-rw-r--r--libs/phpseclib-1.0.6/Crypt/Twofish.php (renamed from libs/phpseclib-1.0.5/Crypt/Twofish.php)0
-rw-r--r--libs/phpseclib-1.0.6/File/ANSI.php (renamed from libs/phpseclib-1.0.5/File/ANSI.php)0
-rw-r--r--libs/phpseclib-1.0.6/File/ASN1.php (renamed from libs/phpseclib-1.0.5/File/ASN1.php)4
-rw-r--r--libs/phpseclib-1.0.6/File/X509.php (renamed from libs/phpseclib-1.0.5/File/X509.php)3
-rw-r--r--libs/phpseclib-1.0.6/Math/BigInteger.php (renamed from libs/phpseclib-1.0.5/Math/BigInteger.php)0
-rw-r--r--libs/phpseclib-1.0.6/Net/SCP.php (renamed from libs/phpseclib-1.0.5/Net/SCP.php)3
-rw-r--r--libs/phpseclib-1.0.6/Net/SFTP.php (renamed from libs/phpseclib-1.0.5/Net/SFTP.php)110
-rw-r--r--libs/phpseclib-1.0.6/Net/SFTP/Stream.php (renamed from libs/phpseclib-1.0.5/Net/SFTP/Stream.php)0
-rw-r--r--libs/phpseclib-1.0.6/Net/SSH1.php (renamed from libs/phpseclib-1.0.5/Net/SSH1.php)27
-rw-r--r--libs/phpseclib-1.0.6/Net/SSH2.php (renamed from libs/phpseclib-1.0.5/Net/SSH2.php)240
-rw-r--r--libs/phpseclib-1.0.6/System/SSH/Agent.php (renamed from libs/phpseclib-1.0.5/System/SSH/Agent.php)0
-rw-r--r--libs/phpseclib-1.0.6/System/SSH_Agent.php (renamed from libs/phpseclib-1.0.5/System/SSH_Agent.php)0
-rw-r--r--libs/phpseclib-1.0.6/bootstrap.php (renamed from libs/phpseclib-1.0.5/bootstrap.php)0
-rw-r--r--libs/phpseclib-1.0.6/openssl.cnf (renamed from libs/phpseclib-1.0.5/openssl.cnf)0
26 files changed, 372 insertions, 38 deletions
diff --git a/auth/authentication.php b/auth/authentication.php
index 440181d..e460724 100644
--- a/auth/authentication.php
+++ b/auth/authentication.php
@@ -19,7 +19,7 @@
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-ini_set('include_path', ini_get('include_path').':./libs/phpseclib-1.0.5');
+ini_set('include_path', ini_get('include_path').':./libs/phpseclib-1.0.6');
require_once('ssh.php');
require_once('telnet.php');
diff --git a/libs/phpseclib-1.0.5/Crypt/AES.php b/libs/phpseclib-1.0.6/Crypt/AES.php
index 594011e..594011e 100644
--- a/libs/phpseclib-1.0.5/Crypt/AES.php
+++ b/libs/phpseclib-1.0.6/Crypt/AES.php
diff --git a/libs/phpseclib-1.0.5/Crypt/Base.php b/libs/phpseclib-1.0.6/Crypt/Base.php
index 91ebe59..91ebe59 100644
--- a/libs/phpseclib-1.0.5/Crypt/Base.php
+++ b/libs/phpseclib-1.0.6/Crypt/Base.php
diff --git a/libs/phpseclib-1.0.5/Crypt/Blowfish.php b/libs/phpseclib-1.0.6/Crypt/Blowfish.php
index e610209..5be5ce3 100644
--- a/libs/phpseclib-1.0.5/Crypt/Blowfish.php
+++ b/libs/phpseclib-1.0.6/Crypt/Blowfish.php
@@ -390,7 +390,7 @@ class Crypt_Blowfish extends Crypt_Base
function isValidEngine($engine)
{
if ($engine == CRYPT_ENGINE_OPENSSL) {
- if ($this->key_length != 16) {
+ if ($this->key_length < 16) {
return false;
}
$this->cipher_name_openssl_ecb = 'bf-ecb';
diff --git a/libs/phpseclib-1.0.5/Crypt/DES.php b/libs/phpseclib-1.0.6/Crypt/DES.php
index 4c57401..4c57401 100644
--- a/libs/phpseclib-1.0.5/Crypt/DES.php
+++ b/libs/phpseclib-1.0.6/Crypt/DES.php
diff --git a/libs/phpseclib-1.0.5/Crypt/Hash.php b/libs/phpseclib-1.0.6/Crypt/Hash.php
index ca421ac..faa17c5 100644
--- a/libs/phpseclib-1.0.5/Crypt/Hash.php
+++ b/libs/phpseclib-1.0.6/Crypt/Hash.php
@@ -178,7 +178,7 @@ class Crypt_Hash
*/
function Crypt_Hash($hash = 'sha1')
{
- $this->__construct($mode);
+ $this->__construct($hash);
}
/**
diff --git a/libs/phpseclib-1.0.5/Crypt/RC2.php b/libs/phpseclib-1.0.6/Crypt/RC2.php
index 97b4550..97b4550 100644
--- a/libs/phpseclib-1.0.5/Crypt/RC2.php
+++ b/libs/phpseclib-1.0.6/Crypt/RC2.php
diff --git a/libs/phpseclib-1.0.5/Crypt/RC4.php b/libs/phpseclib-1.0.6/Crypt/RC4.php
index ce29e6a..6214554 100644
--- a/libs/phpseclib-1.0.5/Crypt/RC4.php
+++ b/libs/phpseclib-1.0.6/Crypt/RC4.php
@@ -189,21 +189,8 @@ class Crypt_RC4 extends Crypt_Base
*/
function isValidEngine($engine)
{
- switch ($engine) {
- case CRYPT_ENGINE_OPENSSL:
- switch (strlen($this->key)) {
- case 5:
- $this->cipher_name_openssl = 'rc4-40';
- break;
- case 8:
- $this->cipher_name_openssl = 'rc4-64';
- break;
- case 16:
- $this->cipher_name_openssl = 'rc4';
- break;
- default:
- return false;
- }
+ if ($engine == CRYPT_ENGINE_OPENSSL) {
+ $this->cipher_name_openssl = 'rc4-40';
}
return parent::isValidEngine($engine);
diff --git a/libs/phpseclib-1.0.5/Crypt/RSA.php b/libs/phpseclib-1.0.6/Crypt/RSA.php
index 3eacfe1..3eacfe1 100644
--- a/libs/phpseclib-1.0.5/Crypt/RSA.php
+++ b/libs/phpseclib-1.0.6/Crypt/RSA.php
diff --git a/libs/phpseclib-1.0.5/Crypt/Random.php b/libs/phpseclib-1.0.6/Crypt/Random.php
index 472d47c..472d47c 100644
--- a/libs/phpseclib-1.0.5/Crypt/Random.php
+++ b/libs/phpseclib-1.0.6/Crypt/Random.php
diff --git a/libs/phpseclib-1.0.5/Crypt/Rijndael.php b/libs/phpseclib-1.0.6/Crypt/Rijndael.php
index 56bc4e9..56bc4e9 100644
--- a/libs/phpseclib-1.0.5/Crypt/Rijndael.php
+++ b/libs/phpseclib-1.0.6/Crypt/Rijndael.php
diff --git a/libs/phpseclib-1.0.5/Crypt/TripleDES.php b/libs/phpseclib-1.0.6/Crypt/TripleDES.php
index 4c0b677..4c0b677 100644
--- a/libs/phpseclib-1.0.5/Crypt/TripleDES.php
+++ b/libs/phpseclib-1.0.6/Crypt/TripleDES.php
diff --git a/libs/phpseclib-1.0.5/Crypt/Twofish.php b/libs/phpseclib-1.0.6/Crypt/Twofish.php
index 7125f6a..7125f6a 100644
--- a/libs/phpseclib-1.0.5/Crypt/Twofish.php
+++ b/libs/phpseclib-1.0.6/Crypt/Twofish.php
diff --git a/libs/phpseclib-1.0.5/File/ANSI.php b/libs/phpseclib-1.0.6/File/ANSI.php
index 989537b..989537b 100644
--- a/libs/phpseclib-1.0.5/File/ANSI.php
+++ b/libs/phpseclib-1.0.6/File/ANSI.php
diff --git a/libs/phpseclib-1.0.5/File/ASN1.php b/libs/phpseclib-1.0.6/File/ASN1.php
index 2fd2339..7ce28bd 100644
--- a/libs/phpseclib-1.0.5/File/ASN1.php
+++ b/libs/phpseclib-1.0.6/File/ASN1.php
@@ -1222,7 +1222,7 @@ class File_ASN1
http://www.obj-sys.com/asn1tutorial/node14.html */
$pattern = $tag == FILE_ASN1_TYPE_UTC_TIME ?
- '#(..)(..)(..)(..)(..)(..)(.*)#' :
+ '#^(..)(..)(..)(..)(..)(..)?(.*)$#' :
'#(....)(..)(..)(..)(..)(..).*([Z+-].*)$#';
preg_match($pattern, $content, $matches);
@@ -1247,7 +1247,7 @@ class File_ASN1
$timezone = 0;
}
- return @$mktime($hour, $minute, $second, $month, $day, $year) + $timezone;
+ return @$mktime((int)$hour, (int)$minute, (int)$second, (int)$month, (int)$day, (int)$year) + $timezone;
}
/**
diff --git a/libs/phpseclib-1.0.5/File/X509.php b/libs/phpseclib-1.0.6/File/X509.php
index 040551f..932262a 100644
--- a/libs/phpseclib-1.0.5/File/X509.php
+++ b/libs/phpseclib-1.0.6/File/X509.php
@@ -1939,6 +1939,9 @@ class File_X509
// "SET Secure Electronic Transaction Specification"
// http://www.maithean.com/docs/set_bk3.pdf
case '2.23.42.7.0': // id-set-hashedRootKey
+ // "Certificate Transparency"
+ // https://tools.ietf.org/html/rfc6962
+ case '1.3.6.1.4.1.11129.2.4.2':
return true;
// CSR attributes
diff --git a/libs/phpseclib-1.0.5/Math/BigInteger.php b/libs/phpseclib-1.0.6/Math/BigInteger.php
index 192ce82..192ce82 100644
--- a/libs/phpseclib-1.0.5/Math/BigInteger.php
+++ b/libs/phpseclib-1.0.6/Math/BigInteger.php
diff --git a/libs/phpseclib-1.0.5/Net/SCP.php b/libs/phpseclib-1.0.6/Net/SCP.php
index 83ae5cc..354acea 100644
--- a/libs/phpseclib-1.0.5/Net/SCP.php
+++ b/libs/phpseclib-1.0.6/Net/SCP.php
@@ -335,6 +335,9 @@ class Net_SCP
$response = $this->ssh->_get_binary_packet();
switch ($response[NET_SSH1_RESPONSE_TYPE]) {
case NET_SSH1_SMSG_STDOUT_DATA:
+ if (strlen($response[NET_SSH1_RESPONSE_DATA]) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $response[NET_SSH1_RESPONSE_DATA]));
return $this->ssh->_string_shift($response[NET_SSH1_RESPONSE_DATA], $length);
case NET_SSH1_SMSG_STDERR_DATA:
diff --git a/libs/phpseclib-1.0.5/Net/SFTP.php b/libs/phpseclib-1.0.6/Net/SFTP.php
index a279bdf..40c97da 100644
--- a/libs/phpseclib-1.0.5/Net/SFTP.php
+++ b/libs/phpseclib-1.0.6/Net/SFTP.php
@@ -413,7 +413,7 @@ class Net_SFTP extends Net_SSH2
);
if (!defined('NET_SFTP_QUEUE_SIZE')) {
- define('NET_SFTP_QUEUE_SIZE', 50);
+ define('NET_SFTP_QUEUE_SIZE', 32);
}
}
@@ -527,11 +527,20 @@ class Net_SFTP extends Net_SSH2
return false;
}
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nversion', $this->_string_shift($response, 4)));
$this->version = $version;
while (!empty($response)) {
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
$key = $this->_string_shift($response, $length);
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
$value = $this->_string_shift($response, $length);
$this->extensions[$key] = $value;
@@ -642,12 +651,15 @@ class Net_SFTP extends Net_SSH2
function _logError($response, $status = -1)
{
if ($status == -1) {
+ if (strlen($response) < 4) {
+ return;
+ }
extract(unpack('Nstatus', $this->_string_shift($response, 4)));
}
$error = $this->status_codes[$status];
- if ($this->version > 2) {
+ if ($this->version > 2 || strlen($response) < 4) {
extract(unpack('Nlength', $this->_string_shift($response, 4)));
$this->sftp_errors[] = $error . ': ' . $this->_string_shift($response, $length);
} else {
@@ -696,6 +708,9 @@ class Net_SFTP extends Net_SSH2
// should work on all SFTP versions since the only part of the SSH_FXP_NAME packet the following looks
// at is the first part and that part is defined the same in SFTP versions 3 through 6.
$this->_string_shift($response, 4); // skip over the count - it should be 1, anyway
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
return $this->_string_shift($response, $length);
case NET_SFTP_STATUS:
@@ -930,10 +945,19 @@ class Net_SFTP extends Net_SSH2
$response = $this->_get_sftp_packet();
switch ($this->packet_type) {
case NET_SFTP_NAME:
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Ncount', $this->_string_shift($response, 4)));
for ($i = 0; $i < $count; $i++) {
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
$shortname = $this->_string_shift($response, $length);
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
$longname = $this->_string_shift($response, $length);
$attributes = $this->_parseAttributes($response);
@@ -960,6 +984,9 @@ class Net_SFTP extends Net_SSH2
}
break;
case NET_SFTP_STATUS:
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nstatus', $this->_string_shift($response, 4)));
if ($status != NET_SFTP_STATUS_EOF) {
$this->_logError($response, $status);
@@ -1554,6 +1581,9 @@ class Net_SFTP extends Net_SSH2
return false;
}
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nstatus', $this->_string_shift($response, 4)));
if ($status != NET_SFTP_STATUS_OK) {
$this->_logError($response, $status);
@@ -1666,12 +1696,18 @@ class Net_SFTP extends Net_SSH2
return false;
}
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Ncount', $this->_string_shift($response, 4)));
// the file isn't a symlink
if (!$count) {
return false;
}
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
return $this->_string_shift($response, $length);
}
@@ -1706,6 +1742,9 @@ class Net_SFTP extends Net_SSH2
return false;
}
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nstatus', $this->_string_shift($response, 4)));
if ($status != NET_SFTP_STATUS_OK) {
$this->_logError($response, $status);
@@ -1769,6 +1808,9 @@ class Net_SFTP extends Net_SSH2
return false;
}
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nstatus', $this->_string_shift($response, 4)));
if ($status != NET_SFTP_STATUS_OK) {
$this->_logError($response, $status);
@@ -1806,6 +1848,9 @@ class Net_SFTP extends Net_SSH2
return false;
}
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nstatus', $this->_string_shift($response, 4)));
if ($status != NET_SFTP_STATUS_OK) {
// presumably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED?
@@ -1928,7 +1973,14 @@ class Net_SFTP extends Net_SSH2
break;
case is_resource($data):
$mode = $mode & ~NET_SFTP_LOCAL_FILE;
- $fp = $data;
+ $info = stream_get_meta_data($data);
+ if ($info['wrapper_type'] == 'PHP' && $info['stream_type'] == 'Input') {
+ $fp = fopen('php://memory', 'w+');
+ stream_copy_to_stream($data, $fp);
+ rewind($fp);
+ } else {
+ $fp = $data;
+ }
break;
case $mode & NET_SFTP_LOCAL_FILE:
if (!is_file($data)) {
@@ -2033,6 +2085,9 @@ class Net_SFTP extends Net_SSH2
return false;
}
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nstatus', $this->_string_shift($response, 4)));
if ($status != NET_SFTP_STATUS_OK) {
$this->_logError($response, $status);
@@ -2064,6 +2119,9 @@ class Net_SFTP extends Net_SSH2
return false;
}
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nstatus', $this->_string_shift($response, 4)));
if ($status != NET_SFTP_STATUS_OK) {
$this->_logError($response, $status);
@@ -2237,6 +2295,15 @@ class Net_SFTP extends Net_SSH2
return false;
}
+ if (is_object($path)) {
+ // It's an object. Cast it as string before we check anything else.
+ $path = (string) $path;
+ }
+
+ if (!is_string($path) || $path == '') {
+ return false;
+ }
+
$path = $this->_realpath($path);
if ($path === false) {
return false;
@@ -2254,6 +2321,9 @@ class Net_SFTP extends Net_SSH2
}
// if $status isn't SSH_FX_OK it's probably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nstatus', $this->_string_shift($response, 4)));
if ($status != NET_SFTP_STATUS_OK) {
$this->_logError($response, $status);
@@ -2679,6 +2749,9 @@ class Net_SFTP extends Net_SSH2
}
// if $status isn't SSH_FX_OK it's probably SSH_FX_NO_SUCH_FILE or SSH_FX_PERMISSION_DENIED
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nstatus', $this->_string_shift($response, 4)));
if ($status != NET_SFTP_STATUS_OK) {
$this->_logError($response, $status);
@@ -2706,6 +2779,10 @@ class Net_SFTP extends Net_SSH2
function _parseAttributes(&$response)
{
$attr = array();
+ if (strlen($response) < 4) {
+ user_error('Malformed file attributes');
+ return array();
+ }
extract(unpack('Nflags', $this->_string_shift($response, 4)));
// SFTPv4+ have a type field (a byte) that follows the above flag field
foreach ($this->attributes as $key => $value) {
@@ -2720,9 +2797,17 @@ class Net_SFTP extends Net_SSH2
$attr['size'] = hexdec(bin2hex($this->_string_shift($response, 8)));
break;
case NET_SFTP_ATTR_UIDGID: // 0x00000002 (SFTPv3 only)
+ if (strlen($response) < 8) {
+ user_error('Malformed file attributes');
+ return $attr;
+ }
$attr+= unpack('Nuid/Ngid', $this->_string_shift($response, 8));
break;
case NET_SFTP_ATTR_PERMISSIONS: // 0x00000004
+ if (strlen($response) < 4) {
+ user_error('Malformed file attributes');
+ return $attr;
+ }
$attr+= unpack('Npermissions', $this->_string_shift($response, 4));
// mode == permissions; permissions was the original array key and is retained for bc purposes.
// mode was added because that's the more industry standard terminology
@@ -2733,13 +2818,29 @@ class Net_SFTP extends Net_SSH2
}
break;
case NET_SFTP_ATTR_ACCESSTIME: // 0x00000008
+ if (strlen($response) < 8) {
+ user_error('Malformed file attributes');
+ return $attr;
+ }
$attr+= unpack('Natime/Nmtime', $this->_string_shift($response, 8));
break;
case NET_SFTP_ATTR_EXTENDED: // 0x80000000
+ if (strlen($response) < 4) {
+ user_error('Malformed file attributes');
+ return $attr;
+ }
extract(unpack('Ncount', $this->_string_shift($response, 4)));
for ($i = 0; $i < $count; $i++) {
+ if (strlen($response) < 4) {
+ user_error('Malformed file attributes');
+ return $attr;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
$key = $this->_string_shift($response, $length);
+ if (strlen($response) < 4) {
+ user_error('Malformed file attributes');
+ return $attr;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
$attr[$key] = $this->_string_shift($response, $length);
}
@@ -2893,6 +2994,9 @@ class Net_SFTP extends Net_SSH2
}
$this->packet_buffer.= $temp;
}
+ if (strlen($this->packet_buffer) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($this->packet_buffer, 4)));
$tempLength = $length;
$tempLength-= strlen($this->packet_buffer);
diff --git a/libs/phpseclib-1.0.5/Net/SFTP/Stream.php b/libs/phpseclib-1.0.6/Net/SFTP/Stream.php
index a944d7f..a944d7f 100644
--- a/libs/phpseclib-1.0.5/Net/SFTP/Stream.php
+++ b/libs/phpseclib-1.0.6/Net/SFTP/Stream.php
diff --git a/libs/phpseclib-1.0.5/Net/SSH1.php b/libs/phpseclib-1.0.6/Net/SSH1.php
index fb23daa..55473d0 100644
--- a/libs/phpseclib-1.0.5/Net/SSH1.php
+++ b/libs/phpseclib-1.0.6/Net/SSH1.php
@@ -614,20 +614,32 @@ class Net_SSH1
$this->_string_shift($response[NET_SSH1_RESPONSE_DATA], 4);
+ if (strlen($response[NET_SSH1_RESPONSE_DATA]) < 2) {
+ return false;
+ }
$temp = unpack('nlen', $this->_string_shift($response[NET_SSH1_RESPONSE_DATA], 2));
$server_key_public_exponent = new Math_BigInteger($this->_string_shift($response[NET_SSH1_RESPONSE_DATA], ceil($temp['len'] / 8)), 256);
$this->server_key_public_exponent = $server_key_public_exponent;
+ if (strlen($response[NET_SSH1_RESPONSE_DATA]) < 2) {
+ return false;
+ }
$temp = unpack('nlen', $this->_string_shift($response[NET_SSH1_RESPONSE_DATA], 2));
$server_key_public_modulus = new Math_BigInteger($this->_string_shift($response[NET_SSH1_RESPONSE_DATA], ceil($temp['len'] / 8)), 256);
$this->server_key_public_modulus = $server_key_public_modulus;
$this->_string_shift($response[NET_SSH1_RESPONSE_DATA], 4);
+ if (strlen($response[NET_SSH1_RESPONSE_DATA]) < 2) {
+ return false;
+ }
$temp = unpack('nlen', $this->_string_shift($response[NET_SSH1_RESPONSE_DATA], 2));
$host_key_public_exponent = new Math_BigInteger($this->_string_shift($response[NET_SSH1_RESPONSE_DATA], ceil($temp['len'] / 8)), 256);
$this->host_key_public_exponent = $host_key_public_exponent;
+ if (strlen($response[NET_SSH1_RESPONSE_DATA]) < 2) {
+ return false;
+ }
$temp = unpack('nlen', $this->_string_shift($response[NET_SSH1_RESPONSE_DATA], 2));
$host_key_public_modulus = new Math_BigInteger($this->_string_shift($response[NET_SSH1_RESPONSE_DATA], ceil($temp['len'] / 8)), 256);
$this->host_key_public_modulus = $host_key_public_modulus;
@@ -635,6 +647,9 @@ class Net_SSH1
$this->_string_shift($response[NET_SSH1_RESPONSE_DATA], 4);
// get a list of the supported ciphers
+ if (strlen($response[NET_SSH1_RESPONSE_DATA]) < 4) {
+ return false;
+ }
extract(unpack('Nsupported_ciphers_mask', $this->_string_shift($response[NET_SSH1_RESPONSE_DATA], 4)));
foreach ($this->supported_ciphers as $mask => $name) {
if (($supported_ciphers_mask & (1 << $mask)) == 0) {
@@ -643,6 +658,9 @@ class Net_SSH1
}
// get a list of the supported authentications
+ if (strlen($response[NET_SSH1_RESPONSE_DATA]) < 4) {
+ return false;
+ }
extract(unpack('Nsupported_authentications_mask', $this->_string_shift($response[NET_SSH1_RESPONSE_DATA], 4)));
foreach ($this->supported_authentications as $mask => $name) {
if (($supported_authentications_mask & (1 << $mask)) == 0) {
@@ -1139,7 +1157,11 @@ class Net_SSH1
}
$start = strtok(microtime(), ' ') + strtok(''); // http://php.net/microtime#61838
- $temp = unpack('Nlength', fread($this->fsock, 4));
+ $data = fread($this->fsock, 4);
+ if (strlen($data) < 4) {
+ return false;
+ }
+ $temp = unpack('Nlength', $data);
$padding_length = 8 - ($temp['length'] & 7);
$length = $temp['length'] + $padding_length;
@@ -1160,6 +1182,9 @@ class Net_SSH1
$type = $raw[$padding_length];
$data = substr($raw, $padding_length + 1, -4);
+ if (strlen($raw) < 4) {
+ return false;
+ }
$temp = unpack('Ncrc', substr($raw, -4));
//if ( $temp['crc'] != $this->_crc($padding . $type . $data) ) {
diff --git a/libs/phpseclib-1.0.5/Net/SSH2.php b/libs/phpseclib-1.0.6/Net/SSH2.php
index 8281e73..d104b81 100644
--- a/libs/phpseclib-1.0.5/Net/SSH2.php
+++ b/libs/phpseclib-1.0.6/Net/SSH2.php
@@ -1040,7 +1040,10 @@ class Net_SSH2
if (!is_resource($this->fsock)) {
$start = strtok(microtime(), ' ') + strtok(''); // http://php.net/microtime#61838
- $this->fsock = @fsockopen($this->host, $this->port, $errno, $errstr, $this->curTimeout);
+ // with stream_select a timeout of 0 means that no timeout takes place;
+ // with fsockopen a timeout of 0 means that you instantly timeout
+ // to resolve this incompatibility a timeout of 100,000 will be used for fsockopen if timeout is 0
+ $this->fsock = @fsockopen($this->host, $this->port, $errno, $errstr, $this->curTimeout == 0 ? 100000 : $this->curTimeout);
if (!$this->fsock) {
$host = $this->host . ':' . $this->port;
user_error(rtrim("Cannot connect to $host. Error $errno. $errstr"));
@@ -1056,6 +1059,10 @@ class Net_SSH2
}
}
+ $this->identifier = $this->_generate_identifier();
+
+ fputs($this->fsock, $this->identifier . "\r\n");
+
/* According to the SSH2 specs,
"The server MAY send other lines of data before sending the version
@@ -1099,8 +1106,6 @@ class Net_SSH2
return false;
}
- $this->identifier = $this->_generate_identifier();
-
if (defined('NET_SSH2_LOGGING')) {
$this->_append_log('<-', $extra . $temp);
$this->_append_log('->', $this->identifier . "\r\n");
@@ -1116,15 +1121,13 @@ class Net_SSH2
return false;
}
- fputs($this->fsock, $this->identifier . "\r\n");
-
$response = $this->_get_binary_packet();
if ($response === false) {
user_error('Connection closed by server');
return false;
}
- if (ord($response[0]) != NET_SSH2_MSG_KEXINIT) {
+ if (!strlen($response) || ord($response[0]) != NET_SSH2_MSG_KEXINIT) {
user_error('Expected SSH_MSG_KEXINIT');
return false;
}
@@ -1313,36 +1316,69 @@ class Net_SSH2
$this->_string_shift($response, 1); // skip past the message number (it should be SSH_MSG_KEXINIT)
$server_cookie = $this->_string_shift($response, 16);
+ if (strlen($response) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($response, 4));
$this->kex_algorithms = explode(',', $this->_string_shift($response, $temp['length']));
+ if (strlen($response) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($response, 4));
$this->server_host_key_algorithms = explode(',', $this->_string_shift($response, $temp['length']));
+ if (strlen($response) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($response, 4));
$this->encryption_algorithms_client_to_server = explode(',', $this->_string_shift($response, $temp['length']));
+ if (strlen($response) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($response, 4));
$this->encryption_algorithms_server_to_client = explode(',', $this->_string_shift($response, $temp['length']));
+ if (strlen($response) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($response, 4));
$this->mac_algorithms_client_to_server = explode(',', $this->_string_shift($response, $temp['length']));
+ if (strlen($response) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($response, 4));
$this->mac_algorithms_server_to_client = explode(',', $this->_string_shift($response, $temp['length']));
+ if (strlen($response) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($response, 4));
$this->compression_algorithms_client_to_server = explode(',', $this->_string_shift($response, $temp['length']));
+ if (strlen($response) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($response, 4));
$this->compression_algorithms_server_to_client = explode(',', $this->_string_shift($response, $temp['length']));
+ if (strlen($response) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($response, 4));
$this->languages_client_to_server = explode(',', $this->_string_shift($response, $temp['length']));
+ if (strlen($response) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($response, 4));
$this->languages_server_to_client = explode(',', $this->_string_shift($response, $temp['length']));
+ if (!strlen($response)) {
+ return false;
+ }
extract(unpack('Cfirst_kex_packet_follows', $this->_string_shift($response, 1)));
$first_kex_packet_follows = $first_kex_packet_follows != 0;
@@ -1426,16 +1462,25 @@ class Net_SSH2
user_error('Connection closed by server');
return false;
}
+ if (!strlen($response)) {
+ return false;
+ }
extract(unpack('Ctype', $this->_string_shift($response, 1)));
if ($type != NET_SSH2_MSG_KEXDH_GEX_GROUP) {
user_error('Expected SSH_MSG_KEX_DH_GEX_GROUP');
return false;
}
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('NprimeLength', $this->_string_shift($response, 4)));
$primeBytes = $this->_string_shift($response, $primeLength);
$prime = new Math_BigInteger($primeBytes, -256);
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('NgLength', $this->_string_shift($response, 4)));
$gBytes = $this->_string_shift($response, $gLength);
$g = new Math_BigInteger($gBytes, -256);
@@ -1518,6 +1563,9 @@ class Net_SSH2
user_error('Connection closed by server');
return false;
}
+ if (!strlen($response)) {
+ return false;
+ }
extract(unpack('Ctype', $this->_string_shift($response, 1)));
if ($type != $serverKexReplyMessage) {
@@ -1525,19 +1573,34 @@ class Net_SSH2
return false;
}
+ if (strlen($response) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($response, 4));
$this->server_public_host_key = $server_public_host_key = $this->_string_shift($response, $temp['length']);
+ if (strlen($server_public_host_key) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
$public_key_format = $this->_string_shift($server_public_host_key, $temp['length']);
+ if (strlen($response) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($response, 4));
$fBytes = $this->_string_shift($response, $temp['length']);
$f = new Math_BigInteger($fBytes, -256);
+ if (strlen($response) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($response, 4));
$this->signature = $this->_string_shift($response, $temp['length']);
+ if (strlen($this->signature) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($this->signature, 4));
$this->signature_format = $this->_string_shift($this->signature, $temp['length']);
@@ -1598,6 +1661,9 @@ class Net_SSH2
return false;
}
+ if (!strlen($response)) {
+ return false;
+ }
extract(unpack('Ctype', $this->_string_shift($response, 1)));
if ($type != NET_SSH2_MSG_NEWKEYS) {
@@ -2030,6 +2096,9 @@ class Net_SSH2
return false;
}
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Ctype', $this->_string_shift($response, 1)));
if ($type != NET_SSH2_MSG_SERVICE_ACCEPT) {
@@ -2083,6 +2152,9 @@ class Net_SSH2
return false;
}
+ if (!strlen($response)) {
+ return false;
+ }
extract(unpack('Ctype', $this->_string_shift($response, 1)));
switch ($type) {
@@ -2138,6 +2210,9 @@ class Net_SSH2
return false;
}
+ if (!strlen($response)) {
+ return false;
+ }
extract(unpack('Ctype', $this->_string_shift($response, 1)));
switch ($type) {
@@ -2145,14 +2220,23 @@ class Net_SSH2
if (defined('NET_SSH2_LOGGING')) {
$this->message_number_log[count($this->message_number_log) - 1] = 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ';
}
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
$this->errors[] = 'SSH_MSG_USERAUTH_PASSWD_CHANGEREQ: ' . utf8_decode($this->_string_shift($response, $length));
return $this->_disconnect(NET_SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER);
case NET_SSH2_MSG_USERAUTH_FAILURE:
// can we use keyboard-interactive authentication? if not then either the login is bad or the server employees
// multi-factor authentication
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
$auth_methods = explode(',', $this->_string_shift($response, $length));
+ if (!strlen($response)) {
+ return false;
+ }
extract(unpack('Cpartial_success', $this->_string_shift($response, 1)));
$partial_success = $partial_success != 0;
@@ -2227,16 +2311,31 @@ class Net_SSH2
}
}
+ if (!strlen($response)) {
+ return false;
+ }
extract(unpack('Ctype', $this->_string_shift($response, 1)));
switch ($type) {
case NET_SSH2_MSG_USERAUTH_INFO_REQUEST:
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
$this->_string_shift($response, $length); // name; may be empty
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
$this->_string_shift($response, $length); // instruction; may be empty
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
$this->_string_shift($response, $length); // language tag; may be empty
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nnum_prompts', $this->_string_shift($response, 4)));
for ($i = 0; $i < count($responses); $i++) {
@@ -2251,6 +2350,9 @@ class Net_SSH2
if (isset($this->keyboard_requests_responses)) {
for ($i = 0; $i < $num_prompts; $i++) {
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
// prompt - ie. "Password: "; must not be empty
$prompt = $this->_string_shift($response, $length);
@@ -2396,10 +2498,16 @@ class Net_SSH2
return false;
}
+ if (!strlen($response)) {
+ return false;
+ }
extract(unpack('Ctype', $this->_string_shift($response, 1)));
switch ($type) {
case NET_SSH2_MSG_USERAUTH_FAILURE:
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
$this->errors[] = 'SSH_MSG_USERAUTH_FAILURE: ' . $this->_string_shift($response, $length);
return false;
@@ -2431,6 +2539,9 @@ class Net_SSH2
return false;
}
+ if (!strlen($response)) {
+ return false;
+ }
extract(unpack('Ctype', $this->_string_shift($response, 1)));
switch ($type) {
@@ -2486,7 +2597,12 @@ class Net_SSH2
$this->is_timeout = false;
$this->stdErrorLog = '';
- if (!($this->bitmap & NET_SSH2_MASK_LOGIN)) {
+ if (!$this->isAuthenticated()) {
+ return false;
+ }
+
+ if ($this->in_request_pty_exec) {
+ user_error('If you want to run multiple exec()\'s you will need to disable (and re-enable if appropriate) a PTY for each one.');
return false;
}
@@ -2549,6 +2665,9 @@ class Net_SSH2
return false;
}
+ if (!strlen($response)) {
+ return false;
+ }
list(, $type) = unpack('C', $this->_string_shift($response, 1));
switch ($type) {
@@ -2686,6 +2805,9 @@ class Net_SSH2
return false;
}
+ if (!strlen($response)) {
+ return false;
+ }
list(, $type) = unpack('C', $this->_string_shift($response, 1));
switch ($type) {
@@ -2779,7 +2901,7 @@ class Net_SSH2
$this->curTimeout = $this->timeout;
$this->is_timeout = false;
- if (!($this->bitmap & NET_SSH2_MASK_LOGIN)) {
+ if (!$this->isAuthenticated()) {
user_error('Operation disallowed prior to login()');
return false;
}
@@ -2821,7 +2943,7 @@ class Net_SSH2
*/
function write($cmd)
{
- if (!($this->bitmap & NET_SSH2_MASK_LOGIN)) {
+ if (!$this->isAuthenticated()) {
user_error('Operation disallowed prior to login()');
return false;
}
@@ -3021,6 +3143,9 @@ class Net_SSH2
return false;
}
+ if (strlen($raw) < 5) {
+ return false;
+ }
extract(unpack('Npacket_length/Cpadding_length', $this->_string_shift($raw, 5)));
$remaining_length = $packet_length + 4 - $this->decrypt_block_size;
@@ -3096,6 +3221,9 @@ class Net_SSH2
switch (ord($payload[0])) {
case NET_SSH2_MSG_DISCONNECT:
$this->_string_shift($payload, 1);
+ if (strlen($payload) < 8) {
+ return false;
+ }
extract(unpack('Nreason_code/Nlength', $this->_string_shift($payload, 8)));
$this->errors[] = 'SSH_MSG_DISCONNECT: ' . $this->disconnect_reasons[$reason_code] . "\r\n" . utf8_decode($this->_string_shift($payload, $length));
$this->bitmap = 0;
@@ -3105,6 +3233,9 @@ class Net_SSH2
break;
case NET_SSH2_MSG_DEBUG:
$this->_string_shift($payload, 2);
+ if (strlen($payload) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($payload, 4)));
$this->errors[] = 'SSH_MSG_DEBUG: ' . utf8_decode($this->_string_shift($payload, $length));
$payload = $this->_get_binary_packet();
@@ -3122,17 +3253,23 @@ class Net_SSH2
}
// see http://tools.ietf.org/html/rfc4252#section-5.4; only called when the encryption has been activated and when we haven't already logged in
- if (($this->bitmap & NET_SSH2_MASK_CONNECTED) && !($this->bitmap & NET_SSH2_MASK_LOGIN) && ord($payload[0]) == NET_SSH2_MSG_USERAUTH_BANNER) {
+ if (($this->bitmap & NET_SSH2_MASK_CONNECTED) && !$this->isAuthenticated() && ord($payload[0]) == NET_SSH2_MSG_USERAUTH_BANNER) {
$this->_string_shift($payload, 1);
+ if (strlen($payload) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($payload, 4)));
$this->banner_message = utf8_decode($this->_string_shift($payload, $length));
$payload = $this->_get_binary_packet();
}
// only called when we've already logged in
- if (($this->bitmap & NET_SSH2_MASK_CONNECTED) && ($this->bitmap & NET_SSH2_MASK_LOGIN)) {
+ if (($this->bitmap & NET_SSH2_MASK_CONNECTED) && $this->isAuthenticated()) {
switch (ord($payload[0])) {
case NET_SSH2_MSG_GLOBAL_REQUEST: // see http://tools.ietf.org/html/rfc4254#section-4
+ if (strlen($payload) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($payload, 4)));
$this->errors[] = 'SSH_MSG_GLOBAL_REQUEST: ' . $this->_string_shift($payload, $length);
@@ -3144,8 +3281,14 @@ class Net_SSH2
break;
case NET_SSH2_MSG_CHANNEL_OPEN: // see http://tools.ietf.org/html/rfc4254#section-5.1
$this->_string_shift($payload, 1);
+ if (strlen($payload) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($payload, 4)));
$data = $this->_string_shift($payload, $length);
+ if (strlen($payload) < 4) {
+ return false;
+ }
extract(unpack('Nserver_channel', $this->_string_shift($payload, 4)));
switch ($data) {
case 'auth-agent':
@@ -3153,6 +3296,9 @@ class Net_SSH2
if (isset($this->agent)) {
$new_channel = NET_SSH2_CHANNEL_AGENT_FORWARD;
+ if (strlen($payload) < 8) {
+ return false;
+ }
extract(unpack('Nremote_window_size', $this->_string_shift($payload, 4)));
extract(unpack('Nremote_maximum_packet_size', $this->_string_shift($payload, 4)));
@@ -3198,6 +3344,9 @@ class Net_SSH2
break;
case NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST:
$this->_string_shift($payload, 1);
+ if (strlen($payload) < 8) {
+ return false;
+ }
extract(unpack('Nchannel', $this->_string_shift($payload, 4)));
extract(unpack('Nwindow_size', $this->_string_shift($payload, 4)));
$this->window_size_client_to_server[$channel]+= $window_size;
@@ -3264,6 +3413,10 @@ class Net_SSH2
*/
function disablePTY()
{
+ if ($this->in_request_pty_exec) {
+ $this->_close_channel(NET_SSH2_CHANNEL_EXEC);
+ $this->in_request_pty_exec = false;
+ }
$this->request_pty = false;
}
@@ -3330,8 +3483,14 @@ class Net_SSH2
return '';
}
+ if (!strlen($response)) {
+ return false;
+ }
extract(unpack('Ctype', $this->_string_shift($response, 1)));
+ if (strlen($response) < 4) {
+ return false;
+ }
if ($type == NET_SSH2_MSG_CHANNEL_OPEN) {
extract(unpack('Nlength', $this->_string_shift($response, 4)));
} else {
@@ -3355,14 +3514,23 @@ class Net_SSH2
case NET_SSH2_MSG_CHANNEL_OPEN:
switch ($type) {
case NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION:
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nserver_channel', $this->_string_shift($response, 4)));
$this->server_channels[$channel] = $server_channel;
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nwindow_size', $this->_string_shift($response, 4)));
if ($window_size < 0) {
$window_size&= 0x7FFFFFFF;
$window_size+= 0x80000000;
}
$this->window_size_client_to_server[$channel] = $window_size;
+ if (strlen($response) < 4) {
+ return false;
+ }
$temp = unpack('Npacket_size_client_to_server', $this->_string_shift($response, 4));
$this->packet_size_client_to_server[$channel] = $temp['packet_size_client_to_server'];
$result = $client_channel == $channel ? true : $this->_get_channel_packet($client_channel, $skip_extended);
@@ -3402,6 +3570,9 @@ class Net_SSH2
$this->_send_channel_packet($channel, chr(0));
}
*/
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
$data = $this->_string_shift($response, $length);
@@ -3428,6 +3599,9 @@ class Net_SSH2
}
*/
// currently, there's only one possible value for $data_type_code: NET_SSH2_EXTENDED_DATA_STDERR
+ if (strlen($response) < 8) {
+ return false;
+ }
extract(unpack('Ndata_type_code/Nlength', $this->_string_shift($response, 8)));
$data = $this->_string_shift($response, $length);
$this->stdErrorLog.= $data;
@@ -3443,14 +3617,23 @@ class Net_SSH2
$this->channel_buffers[$channel][] = $data;
break;
case NET_SSH2_MSG_CHANNEL_REQUEST:
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
$value = $this->_string_shift($response, $length);
switch ($value) {
case 'exit-signal':
$this->_string_shift($response, 1);
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
$this->errors[] = 'SSH_MSG_CHANNEL_REQUEST (exit-signal): ' . $this->_string_shift($response, $length);
$this->_string_shift($response, 1);
+ if (strlen($response) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($response, 4)));
if ($length) {
$this->errors[count($this->errors)].= "\r\n" . $this->_string_shift($response, $length);
@@ -3463,6 +3646,9 @@ class Net_SSH2
break;
case 'exit-status':
+ if (strlen($response) < 5) {
+ return false;
+ }
extract(unpack('Cfalse/Nexit_status', $this->_string_shift($response, 5)));
$this->exit_status = $exit_status;
@@ -3796,10 +3982,9 @@ class Net_SSH2
switch (NET_SSH2_LOGGING) {
case NET_SSH2_LOG_SIMPLE:
return $this->message_number_log;
- break;
case NET_SSH2_LOG_COMPLEX:
- return $this->_format_log($this->message_log, $this->message_number_log);
- break;
+ $log = $this->_format_log($this->message_log, $this->message_number_log);
+ return PHP_SAPI == 'cli' ? $log : '<pre>' . $log . '</pre>';
default:
return false;
}
@@ -4091,6 +4276,9 @@ class Net_SSH2
$signature = $this->signature;
$server_public_host_key = $this->server_public_host_key;
+ if (strlen($server_public_host_key) < 4) {
+ return false;
+ }
extract(unpack('Nlength', $this->_string_shift($server_public_host_key, 4)));
$this->_string_shift($server_public_host_key, $length);
@@ -4106,15 +4294,27 @@ class Net_SSH2
case 'ssh-dss':
$zero = new Math_BigInteger();
+ if (strlen($server_public_host_key) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
$p = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
+ if (strlen($server_public_host_key) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
$q = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
+ if (strlen($server_public_host_key) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
$g = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
+ if (strlen($server_public_host_key) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
$y = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
@@ -4161,15 +4361,24 @@ class Net_SSH2
break;
case 'ssh-rsa':
+ if (strlen($server_public_host_key) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
$e = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
+ if (strlen($server_public_host_key) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
$rawN = $this->_string_shift($server_public_host_key, $temp['length']);
$n = new Math_BigInteger($rawN, -256);
$nLength = strlen(ltrim($rawN, "\0"));
/*
+ if (strlen($signature) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($signature, 4));
$signature = $this->_string_shift($signature, $temp['length']);
@@ -4186,6 +4395,9 @@ class Net_SSH2
}
*/
+ if (strlen($signature) < 4) {
+ return false;
+ }
$temp = unpack('Nlength', $this->_string_shift($signature, 4));
$s = new Math_BigInteger($this->_string_shift($signature, $temp['length']), 256);
diff --git a/libs/phpseclib-1.0.5/System/SSH/Agent.php b/libs/phpseclib-1.0.6/System/SSH/Agent.php
index 7388cb4..7388cb4 100644
--- a/libs/phpseclib-1.0.5/System/SSH/Agent.php
+++ b/libs/phpseclib-1.0.6/System/SSH/Agent.php
diff --git a/libs/phpseclib-1.0.5/System/SSH_Agent.php b/libs/phpseclib-1.0.6/System/SSH_Agent.php
index ea434b9..ea434b9 100644
--- a/libs/phpseclib-1.0.5/System/SSH_Agent.php
+++ b/libs/phpseclib-1.0.6/System/SSH_Agent.php
diff --git a/libs/phpseclib-1.0.5/bootstrap.php b/libs/phpseclib-1.0.6/bootstrap.php
index 0da0999..0da0999 100644
--- a/libs/phpseclib-1.0.5/bootstrap.php
+++ b/libs/phpseclib-1.0.6/bootstrap.php
diff --git a/libs/phpseclib-1.0.5/openssl.cnf b/libs/phpseclib-1.0.6/openssl.cnf
index 2b8b52f..2b8b52f 100644
--- a/libs/phpseclib-1.0.5/openssl.cnf
+++ b/libs/phpseclib-1.0.6/openssl.cnf
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-29 16:23:42 +0000