On Tue, Apr 7, 2015 at 3:08 PM, Peter Gutmann <pgut001@xxxxxxxxxxxxxxxxx> wrote: > Darren Tucker <dtucker@xxxxxxxxxx> writes: > [...] > My code checks for sane values in the fields in the packet, so it rejects > it > as malformed before it gets to the interesting philosophical issue of how > to > send a response to a request for zero responses. IMO it's not malformed, see below. >If it was just the prompt part of the packet, what's in the name and > >instruction fields? > > Nothing. All fields are empty, That's explicitly allowed by RFC4256. In addition to allowing zero prompts, section 3.2 also says: "The language tag is deprecated and SHOULD be the empty string." and "The name and instruction fields MAY be empty strings; the client MUST be prepared to handle this correctly. The prompt field(s) MUST NOT be empty strings." > >Zero prompts is specifically allowed by RFC4256 section 3.2: > [...] > Sure, but since they're also empty there's nothing to display. So it's really > a case of "what do you do in response to a request for zero responses?". Do what it says in RFC4256 section 3.4? "In the case that the server sends a `0' num-prompts field in the request message, the client MUST send a response message with a `0' num-responses field to complete the exchange." I'm not sure if promulgating koans was a goal of OpenSSH. I'd like to think one of the goals was implementing the RFCs :-) -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev