Re: OpenSSH 7.6p1 ssh-agent exiting if passed an invalid key blob

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Nov 14, 2017, at 5:43 PM, Damien Miller <djm@xxxxxxxxxxx> wrote:
> On Tue, 14 Nov 2017, Ron Frederick wrote:
> 
>> Thanks Damien, but I’m not sure this is a good fix. Now both cases
>> turn into an error(), but if there is a problem reading the initial
>> pair of strings and u32 value, you really can’t safely keep the
>> connection open to receive additional requests.
> 
> That's not the case: this function is called in the context of one
> message with delimited length (see process_message()). A failure here
> just disregards that message and doesn't need to kill the entire
> connection.
> 
> There are some other input parsing cases that should be downgraded
> from fatal() in ssh-agent.c, but I'll do those separately.


Ah, ok - my mistake. I didn’t remember there was an overall length field on each message, but going back and looking at my client code, I see you’re right. In that case, I agree that it shouldn’t be a problem to allow parsing failures at this level, or in similar places for other messages.

Thanks very much!
-- 
Ron Frederick
ronf@xxxxxxxxxxxxx



_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux