- Only request "none" cipher after auth has succeeded

--HG-- branch : insecure-nocrypto
2025-06-26 18:17:32 +00:00 · 2012-05-17 20:52:57 +08:00
parent a02d38072a
commit e719a9ef6f
5 changed files with 54 additions and 15 deletions
--- a/cli-session.c
+++ b/cli-session.c
@@ -133,6 +133,13 @@ static void cli_session_init() {
 	cli_ses.lastprivkey = NULL;
 	cli_ses.lastauthtype = 0;

+#ifdef DROPBEAR_NONE_CIPHER
+	cli_ses.cipher_none_after_auth = get_algo_usable(sshciphers, "none");
+	set_algo_usable(sshciphers, "none", 0);
+#else
+	cli_ses.cipher_none_after_auth = 0;
+#endif
+
 	/* For printing "remote host closed" for the user */
 	ses.remoteclosed = cli_remoteclosed;
 	ses.buf_match_algo = cli_buf_match_algo;
@@ -207,6 +214,14 @@ static void cli_sessionloop() {

 		case USERAUTH_SUCCESS_RCVD:

+#ifdef DROPBEAR_NONE_CIPHER
+			if (cli_ses.cipher_none_after_auth)
+			{
+				set_algo_usable(sshciphers, "none", 1);
+				send_msg_kexinit();
+			}
+#endif
+
 			if (cli_opts.backgrounded) {
 				int devnull;
 				/* keeping stdin open steals input from the terminal and