WIP

Author: ejohnstown

src/internal.c

@@ -638,6 +638,13 @@ INLINE static int IsMessageAllowedServer(WOLFSSH *ssh, byte msg)
 #ifndef NO_WOLFSSH_CLIENT
 INLINE static int IsMessageAllowedClient(WOLFSSH *ssh, byte msg)
 {
+    /* Transport Layer Generic messages are always allowed. */
+    if (MSGIDLIMIT_TRANS_GEN(msg)) {
+        return 1;
+    }
+
+    if (ssh->service == SVC_USERAUTH) {}
+
     /* Is KEX complete? */
     if (ssh->connectState < CONNECT_KEYED && ssh->handshake) {
         /* If expecting a specific message, and didn't receive it, error. */
@@ -648,6 +655,7 @@ INLINE static int IsMessageAllowedClient(WOLFSSH *ssh, byte msg)
                 return 0;
             }
             ssh->handshake->expectMsgId = MSGID_NONE;
+            return 1;
         }
     }
     /* Has client userauth started? */

wolfssh/internal.h

@@ -741,6 +741,7 @@ struct WOLFSSH {
     byte isKeying;
     byte authId;           /* if using public key or password */
     byte supportedAuth[4]; /* supported auth IDs public key , password */
+    byte service;
 
 #ifdef WOLFSSH_SCP
     byte   scpState;
@@ -1178,6 +1179,13 @@ enum ProcessReplyStates {
 };
 
 
+enum WS_ServiceTypes {
+    SVC_NONE,
+    SVC_USERAUTH,
+    SVC_CONNECTION,
+};
+
+
 enum WS_MessageIds {
     MSGID_NONE = 0,
     MSGID_DISCONNECT = 1,
@@ -1249,6 +1257,55 @@ enum WS_MessageIds {
  * user auth messages, it sends them. (>50) */
 #define MSGID_USERAUTH_RESTRICT 50
 
+/* The following message ID ranges are described in RFC 5251, section 7. */
+enum WS_MessageIdLimits {
+/* Transport Layer Protocol: */
+    MSGIDLIMIT_TRANS_MIN = 1,
+    MSGIDLIMIT_TRANS_GEN_MIN = 1,
+    MSGIDLIMIT_TRANS_GEN_MAX = 19,
+    MSGIDLIMIT_TRANS_ALGO_MIN = 20,
+    MSGIDLIMIT_TRANS_ALGO_MAX = 29,
+    MSGIDLIMIT_TRANS_KEX_MIN = 30,
+    MSGIDLIMIT_TRANS_KEX_MAX = 49,
+    MSGIDLIMIT_TRANS_MAX = 49,
+/* User Authentication Protocol: */
+    MSGIDLIMIT_AUTH_MIN = 50,
+    MSGIDLIMIT_AUTH_GEN_MIN = 50,
+    MSGIDLIMIT_AUTH_GEN_MAX = 59,
+    MSGIDLIMIT_AUTH_METH_MIN = 60,
+    MSGIDLIMIT_AUTH_METH_MAX = 79,
+    MSGIDLIMIT_AUTH_MAX = 79,
+/* Connection Protocol: */
+    MSGIDLIMIT_CONN_MIN = 80,
+    MSGIDLIMIT_CONN_GEN_MIN = 80,
+    MSGIDLIMIT_CONN_GEN_MAX = 89,
+    MSGIDLIMIT_CONN_CHAN_MIN = 90,
+    MSGIDLIMIT_CONN_CHAN_MAX = 127,
+    MSGIDLIMIT_CONN_MAX = 127,
+/* Reserved For Client Protocols: */
+    MSGIDLIMIT_RESERVED_MIN = 128,
+    MSGIDLIMIT_RESERVED_MAX = 191,
+/* Local Extensions: */
+    MSGIDLIMIT_EXTENDED_MIN = 192,
+    MSGIDLIMIT_EXTENDED_MAX = 255,
+};
+
+/* Message ID bounds checking. */
+#define MSGIDLIMIT_BOUND(x,name) \
+    ((x) >= (MSGIDLIMIT_##name##_MIN) && (x) <= MSGIDLIMIT_##name##_MAX)
+#define MSGIDLIMIT_TRANS(x) MSGIDLIMIT_BOUND((x),TRANS)
+#define MSGIDLIMIT_TRANS_GEN(x) MSGIDLIMIT_BOUND((x),TRANS_GEN)
+#define MSGIDLIMIT_TRANS_ALGO(x) MSGIDLIMIT_BOUND((x),TRANS_ALGO)
+#define MSGIDLIMIT_TRANS_KEX(x) MSGIDLIMIT_BOUND((x),TRANS_KEX)
+#define MSGIDLIMIT_AUTH(x) MSGIDLIMIT_BOUND((x),AUTH)
+#define MSGIDLIMIT_AUTH_GEN(x) MSGIDLIMIT_BOUND((x),AUTH_GEN)
+#define MSGIDLIMIT_AUTH_METH(x) MSGIDLIMIT_BOUND((x),AUTH_METH)
+#define MSGIDLIMIT_CONN(x) MSGIDLIMIT_BOUND((x),CONN)
+#define MSGIDLIMIT_CONN_GEN(x) MSGIDLIMIT_BOUND((x),CONN_GEN)
+#define MSGIDLIMIT_CONN_CHAN(x) MSGIDLIMIT_BOUND((x),CONN_CHAN)
+#define MSGIDLIMIT_RESERVED(x) MSGIDLIMIT_BOUND((x),RESERVED)
+#define MSGIDLIMIT_EXTENDED(x) MSGIDLIMIT_BOUND((x),EXTENDED)
+
 
 #define CHANNEL_EXTENDED_DATA_STDERR WOLFSSH_EXT_DATA_STDERR