On Nov 14, 2017, at 5:43 PM, Damien Miller <djm@xxxxxxxxxxx> wrote: > On Tue, 14 Nov 2017, Ron Frederick wrote: > >> Thanks Damien, but I’m not sure this is a good fix. Now both cases >> turn into an error(), but if there is a problem reading the initial >> pair of strings and u32 value, you really can’t safely keep the >> connection open to receive additional requests. > > That's not the case: this function is called in the context of one > message with delimited length (see process_message()). A failure here > just disregards that message and doesn't need to kill the entire > connection. > > There are some other input parsing cases that should be downgraded > from fatal() in ssh-agent.c, but I'll do those separately. Ah, ok - my mistake. I didn’t remember there was an overall length field on each message, but going back and looking at my client code, I see you’re right. In that case, I agree that it shouldn’t be a problem to allow parsing failures at this level, or in similar places for other messages. Thanks very much! -- Ron Frederick ronf@xxxxxxxxxxxxx _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev