[Bug 3295] ssh connection is closed when session id is not 32 bytes (Error - Session Id mismatch error)
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Apr 30 14:04:04 AEST 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3295
--- Comment #6 from Damien Miller <djm at mindrot.org> ---
I don't have any idea what is going wrong here - this does not occur
with OpenSSH as we release it, so it is likely related to changes made
by OpenSSH for Windows.
In any case, strlen() should never be called on the session ID and nor
should printf("%s"). It is binary data and may contain \0 characters.
For this reason the dumps in your sshd log aren't usable for debugging
this - they are truncated.
If you are at some point treating it as an ASCIIZ/UTF8 string, then
that's likely to be your problem.
I would recommend adding some sshbuf_dump(kex->session_id, stderr) to
kex.c:kex_derive_keys(), packet.c:kex_to_blob(),
packet.c:kex_from_blob() and monitor.c:monitor_apply_keystate()
Also sshbuf_dump_data(session_id2, session_id2_len, stderr) to
monitor.c:mm_answer_sign() and monitor.c:monitor_apply_keystate()
These will dump all the session ID copies at various stages of their
lifecycle and might clarify what is getting corrupted.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list