[Bug 2810] New: Broken compatibility with old SSH clients sending 1.99 identification
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Dec 13 23:30:59 AEDT 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2810
Bug ID: 2810
Summary: Broken compatibility with old SSH clients sending 1.99
identification
Product: Portable OpenSSH
Version: 7.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: jjelen at redhat.com
The git commit 97f4d30 [1] introduced a the following change that I
suspect is wrong:
- if (remote_major == 2 ||
- (remote_major == 1 && remote_minor == 99)) {
- enable_compat20();
- } else {
+ if (remote_major != 2 ||
+ (remote_major == 1 && remote_minor != 99)) {
The first part of condition is correctly negated to leave the same
behavior for 2.0 clients, but not the second part. The correct result
should look like this:
+ if (remote_major != 2 &&
+ !(remote_major == 1 && remote_minor == 99)) {
So we will not bail out on comparing 2.0 with 1.99 protocol versions.
Additionally, if I read the RFC 4253, Section 5.1 [1] correctly, the
client should not send the 1.99 identification and therefore it is also
a bug of a client. But it worked before OpenSSH 7.6 and the above
change is clearly wrong.
This was initially discussed in Red Hat bugzilla [3].
[1]
https://github.com/openssh/openssh-portable/commit/97f4d3083b036ce3e68d6346a6140a22123d5864#diff-4035368a40ab0fedd413faefcbf832d7
[2] https://tools.ietf.org/html/rfc4253#section-5.1
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1524392#c26
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list