SSH_MSG_USERAUTH_PASSWD_CHANGEREQ and 3.1.0 F-SECURE SSH - Proces s Software SSH for OpenVMS
Darren Tucker
dtucker at zip.com.au
Fri Jun 18 12:08:13 EST 2004
Scott Rankin wrote:
> I have found that this server,
> 3.1.0 F-SECURE SSH - Process Software SSH for OpenVMS
> does not follow the IETF secsh draft [1] related to the
> SSH_MSG_USERAUTH_PASSWD_CHANGEREQ message.
[...]
> Here is a patch that gets around this but I had some questions,
> 1. I wasn't sure I should combine this with the other F-Secure bug listed
> (the one for the 1.3.2*)? Is there a regression test to test
> SSH_BUG_IGNOREMSG?
No, different bugs should use different flags. I don't know if there's
a regression test for BUG_IGNOREMSG.
> 2. I wasn't sure how much of the server version string was needed.
That will depend on which versions exhibit the problems. Is it specific
to the VMS implementation? Can the vendor tell you?
> 3. The selection of SSH_BUG_PWDCHGREQ and it's define was totally arbitrary
> by me.
> #define SSH_BUG_PASSWORDPAD 0x00000400
> +#define SSH_BUG_PWDCHGREQ 0x00000402
> #define SSH_BUG_SCANNER 0x00000800
Those bugs are bitmasks, so you should add it to the end of the list and
use a value double the previous. What you've done there is set
SSH_BUG_PKSERVICE and SSH_BUG_PASSWORDPAD too.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list