Packet integrity error. (34)
Markus Friedl
Markus.Friedl at informatik.uni-erlangen.de
Thu Feb 22 19:11:09 EST 2001
On Wed, Feb 21, 2001 at 07:00:39PM -0500, Richard E. Silverman wrote:
>
> markus> it seems that SecureCRT sends a display 'screen' number in the x11
> markus> request packet, but did not set the matching protocol flag in an
> markus> earlier message. this worked before because OpenSSH-2.3.0p1 was buggy
> markus> and ignored the protocol flag....
>
> I actually also noticed this also a day or so ago, and was about to post about
> it here when I checked and saw this thread.
>
> This is a problem with the F-Secure client as well as SecureCRT. Both
> programs do not set the SSH_PROTOFLAG_SCREEN_NUMBER protocol flag in SSH-1
> sessions, even though they do in fact include the X11 screen number field in
> SSH_CMSG_X11_REQUEST_FORWARDING packets. This was not a problem -- until
> Markus added code to session.c in 2.5 to check actual vs expected packet
> lengths on these requests.
well the code was there befoe, but it was broken.
the old (2.3.0) code did not check the flag and always asumed
that a screen number will be given. this resulted in
"packet integrity error."
for other clients :(
> Now, SSH-1 connections with X forwarding from
> these clients fail immediately with the message, "packet integrity error."
> I've submitted bug reports to both companies.
>
> A small note: I think it would be good to change the error message -- "packet
> integrity error" sounds like the crc-32 integrity check failed, which isn't
> what happened. Perhaps instead, "expected packet length did not match
> actual."
i'll think about this.
-m
More information about the openssh-unix-dev
mailing list