Re: OpenSSH 6.6.x sends invalid SSH_MSG_USERAUTH_INFO_REQUEST

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Tue, Apr 7, 2015 at 3:08 PM, Peter Gutmann <pgut001@xxxxxxxxxxxxxxxxx>
wrote:

> Darren Tucker <dtucker@xxxxxxxxxx> writes:
> [...]
> My code checks for sane values in the fields in the packet, so it rejects
> it
> as malformed before it gets to the interesting philosophical issue of how
> to
> send a response to a request for zero responses.


IMO it's not malformed, see below.

>If it was just the prompt part of the packet, what's in the name and
> >instruction fields?
>
> Nothing.  All fields are empty,


That's explicitly allowed by RFC4256.  In addition to allowing zero
prompts, section 3.2 also says:

 "The language tag is deprecated and SHOULD be the empty string."

and

  "The name and instruction fields MAY be empty strings; the client MUST
   be prepared to handle this correctly.  The prompt field(s) MUST NOT
   be empty strings."


> >Zero prompts is specifically allowed by RFC4256 section 3.2:
>
[...]

> Sure, but since they're also empty there's nothing to display.

So it's really
> a case of "what do you do in response to a request for zero responses?".


Do what it says in RFC4256 section 3.4?

   "In the case that the server sends a `0' num-prompts field in the
   request message, the client MUST send a response message with a `0'
   num-responses field to complete the exchange."

  I'm not sure if promulgating koans was a goal of OpenSSH.


I'd like to think one of the goals was implementing the RFCs :-)

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux