On Wed, Aug 03, 2016 at 01:38:15PM +1000, Darren Tucker wrote: > OK, with this additional information I can now reproduce it. > > Based on some quick experiments it seems to be triggered when sshd is > built --with-ssh1 and the config does not *load* a Protocol 1 host > key. Looks like it was introducted here: https://anongit.mindrot.org/openssh.git/commit/?id=1a31d02b wherein - buffer_put_int(&m, 0); + if ((r = sshbuf_put_u32(m, 1)) != 0) This patch should fix it: diff --git a/sshd.c b/sshd.c index 799c771..8f2b322 100644 --- a/sshd.c +++ b/sshd.c @@ -1071,7 +1071,7 @@ send_rexec_state(int fd, struct sshbuf *conf) fatal("%s: buffer error: %s", __func__, ssh_err(r)); } else #endif - if ((r = sshbuf_put_u32(m, 1)) != 0) + if ((r = sshbuf_put_u32(m, 0)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
