SSH_MSG_USERAUTH_PASSWD_CHANGEREQ and 3.1.0 F-SECURE SSH - Pr oces s Software SSH for OpenVMS
Scott Rankin
scottra at wrq.com
Sat Jun 26 02:45:09 EST 2004
Darren,
> -----Original Message-----
> From: Darren Tucker [mailto:dtucker at zip.com.au]
> Sent: Thursday, June 17, 2004 11:08 PM
> To: Scott Rankin
> Subject: Re: SSH_MSG_USERAUTH_PASSWD_CHANGEREQ and 3.1.0
> F-SECURE SSH - Pr oces s Software SSH for OpenVMS
>
>
> Scott Rankin wrote:
> >>That will depend on which versions exhibit the problems. Is it
> >>specific to the VMS implementation? Can the vendor tell you?
> >
> > I have contacted Process Software to find out which
> versions exhibit
> > this behavior. I have no idea whether or not it is specific
> to VMS. I
> > assumed so since it looks like that is all Process Software does. I
> > unfortunately don't have access to an F-Secure server on UNIX.
> > Actually, this VMS system is a customer so it's not even mine...
>
> In the past I've gotten eval copies of other commercial SSH
> implementations for evaluation (ie interop testing under the terms of
> their evaluation license). I checked but F-Secure's is not readily
> available and I won't jump through hoops to help debug someone else's
> commercial software.
>
> If you get a good idea of which versions exhibit the problem,
> we should
> be able to add the workaround.
Here is a reply I received from Process Software related to this issue. " Hi
Scott,
I just received this information from our engineer here. "I wouldn't be
surprised if
the 3.2.0 code base makes it "work". I think the SSHUCX V2 probably fixes
what he's seeing. "
Here are the answers to your original questions:
1. Is this a known bug? Is there a patch?
No to both questions above.
2. 2. Do you know the versions of F-SECURE SSH - Process Software SSH for
OpenVMS that are effected?
We believe that the problem with fixed with Version 2 for both. "
I'm not sure what "both" they are referring to and they didn't reply when I
asked.
I pasted the latest incantation of this patch below. I don't know how to
determine how many prior versions they (Process) have for OpenVMS (another
question I asked but didn't receive a reply to) or which of these exhibit
this bug (other than this 3.1.0). I would guess this string may need to
specifically include OpenVMS but I'm not certain?
>
> --
[trim signature]
Cheers,
scott
Index: compat.c
===================================================================
RCS file: /cvs/openssh/compat.c,v
retrieving revision 1.70
diff -d -u -r1.70 compat.c
--- compat.c 3 Nov 2003 09:09:03 -0000 1.70
+++ compat.c 22 Jun 2004 22:22:40 -0000
@@ -134,6 +134,8 @@
"1.2.22*", SSH_BUG_IGNOREMSG },
{ "1.3.2*", /* F-Secure */
SSH_BUG_IGNOREMSG },
+ { "3.1.0 F-SECURE*",/* Process Software SSH for OpenVMS */
+ SSH_BUG_PWDCHGREQ },
{ "*SSH Compatible Server*", /* Netscreen
*/
SSH_BUG_PASSWORDPAD },
{ "*OSU_0*,"
Index: compat.h
===================================================================
RCS file: /cvs/openssh/compat.h,v
retrieving revision 1.35
diff -d -u -r1.35 compat.h
--- compat.h 3 Nov 2003 09:09:03 -0000 1.35
+++ compat.h 22 Jun 2004 22:22:40 -0000
@@ -55,6 +55,7 @@
#define SSH_BUG_EXTEOF 0x00200000
#define SSH_BUG_PROBE 0x00400000
#define SSH_BUG_FIRSTKEX 0x00800000
+#define SSH_BUG_PWDCHGREQ 0x01000000
void enable_compat13(void);
void enable_compat20(void);
Index: sshconnect2.c
===================================================================
RCS file: /cvs/openssh/sshconnect2.c,v
retrieving revision 1.127
diff -d -u -r1.127 sshconnect2.c
--- sshconnect2.c 15 Jun 2004 00:30:09 -0000 1.127
+++ sshconnect2.c 22 Jun 2004 22:22:43 -0000
@@ -767,11 +767,13 @@
"no authentication context");
info = packet_get_string(NULL);
- lang = packet_get_string(NULL);
+ if (!(datafellows & SSH_BUG_PWDCHGREQ)) {
+ lang = packet_get_string(NULL);
+ xfree(lang);
+ }
if (strlen(info) > 0)
logit("%s", info);
xfree(info);
- xfree(lang);
packet_start(SSH2_MSG_USERAUTH_REQUEST);
packet_put_cstring(authctxt->server_user);
packet_put_cstring(authctxt->service);
More information about the openssh-unix-dev
mailing list