Problem/bug report for "bad decrypted len" error in OpenSSH
Markus Friedl
markus at openbsd.org
Tue Jun 17 19:00:23 EST 2003
I'm not sure whether this fix is correct.
could you print out the 'extra bytes' ?
e.g. add
if (len > hlen + oidlen) {
Buffer b;
buffer_init(&b);
buffer_append(&b, decrypted + hlen + oidlen,
len - hlen - oidlen);
buffer_dump(&b);
buffer_clear(&b);
}
and start sshd with
sshd -dddp1234
and connect to port 1234 with your client?
On Tue, Jun 17, 2003 at 11:24:12AM +0300, Stefan Hadjistoytchev wrote:
> 10x for the fix !!!
> ----- Original Message -----
> From: "Markus Friedl" <markus at openbsd.org>
> To: "Stefan Hadjistoytchev" <sth at hq.bsbg.net>
> Cc: "Damien Miller" <djm at mindrot.org>; <openssh-unix-dev at mindrot.org>
> Sent: Monday, June 16, 2003 11:28 AM
> Subject: Re: Problem/bug report for "bad decrypted len" error in OpenSSH
>
>
> > replace
> >
> > if (len != hlen + oidlen) {
> > with
> > if (len < hlen + oidlen) {
> >
> > instead of deleting lines.
> >
> >
> > On Mon, Jun 16, 2003 at 09:36:16AM +0300, Stefan Hadjistoytchev wrote:
> > > I've posted the bug in BugZilla (bug 592). What should I do next ?
> > >
> > > Stefan
> > > ----- Original Message -----
> > > From: "Markus Friedl" <markus at openbsd.org>
> > > To: "Stefan Hadjistoytchev" <sth at hq.bsbg.net>; "Damien Miller"
> > > <djm at mindrot.org>
> > > Cc: <openssh-unix-dev at mindrot.org>
> > > Sent: Friday, June 13, 2003 5:39 PM
> > > Subject: Re: Problem/bug report for "bad decrypted len" error in OpenSSH
> > >
> > >
> > > > On Sat, Jun 14, 2003 at 12:17:56AM +1000, Damien Miller wrote:
> > > > > Stefan Hadjistoytchev wrote:
> > > > > > Should I report it to BugZilla ?
> > > > >
> > > > > Only if you can justify _why_ the length check is not correct.
> > > >
> > > > make sure to include:
> > > >
> > > > This is a redundant length check that is not technically
> > > > correct. The OpenSSH team is aware of the problem but don't
> > > > care since they have no idea how to use certificates.
> > > >
> > > > The length check is not redundant since the result might be
> > > > too small for example.
> > > >
> > > >
> > >
> > >
> > > _______________________________________________
> > > openssh-unix-dev mailing list
> > > openssh-unix-dev at mindrot.org
> > > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> >
> >
>
>
More information about the openssh-unix-dev
mailing list