[Bug 3295] Session Id mismatch

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Apr 21 10:41:51 AEST 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3295

--- Comment #4 from balu <balu.gajjala at gmail.com> ---
Scenario - Normal ssh connection fails when session_id length is not
32.
Code - V8.5 introduces new code (in monitor_apply_keystate(),
monitor.c) wherein authenticated sshd process verifies if the
session_id. If there is a mismatch in the session id then it closes the
connection. 

https://github.com/openssh/openssh-portable/blob/0727dd09eca355e7539cbcb23b148fcee9b21513/monitor.c#L1726

        if (memcmp(sshbuf_ptr(ssh->kex->session_id), session_id2,
            session_id2_len) != 0)
                fatal_f("session ID mismatch");

strlen(sshbuf_ptr(ssh->kex->session_id)) is not always 32 but
session_id2_len is always 32. If the
strlen(sshbuf_ptr(ssh->kex->session_id)) is not 32 then memcmp
condition fails on windows.

Fix - Use strlen(sshbuf_ptr(ssh->kex->session_id)) instead of
session_id2_len.

        if (memcmp(sshbuf_ptr(ssh->kex->session_id), session_id2,
            strlen(sshbuf_ptr(ssh->kex->session_id))) != 0)
                fatal_f("session ID mismatch");

FYI, I have attached the client, server-side logs on my windows machine
for this issue when the session id is not 32 bytes.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list