[Bug 2810] New: Broken compatibility with old SSH clients sending 1.99 identification

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Dec 13 23:30:59 AEDT 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2810

            Bug ID: 2810
           Summary: Broken compatibility with old SSH clients sending 1.99
                    identification
           Product: Portable OpenSSH
           Version: 7.6p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

The git commit 97f4d30 [1] introduced a the following change that I
suspect is wrong:

-       if (remote_major == 2 ||
-           (remote_major == 1 && remote_minor == 99)) {
-               enable_compat20();
-       } else {
+       if (remote_major != 2 ||
+           (remote_major == 1 && remote_minor != 99)) { 

The first part of condition is correctly negated to leave the same
behavior for 2.0 clients, but not the second part. The correct result
should look like this:

+       if (remote_major != 2 &&
+           !(remote_major == 1 && remote_minor == 99)) { 

So we will not bail out on comparing 2.0 with 1.99 protocol versions.

Additionally, if I read the RFC 4253, Section 5.1 [1] correctly, the
client should not send the 1.99 identification and therefore it is also
a bug of a client. But it worked before OpenSSH 7.6 and the above
change is clearly wrong.

This was initially discussed in Red Hat bugzilla [3].

[1]
https://github.com/openssh/openssh-portable/commit/97f4d3083b036ce3e68d6346a6140a22123d5864#diff-4035368a40ab0fedd413faefcbf832d7
[2] https://tools.ietf.org/html/rfc4253#section-5.1
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1524392#c26

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list