[openssh-commits] [openssh] branch master updated: upstream: the messaging layer between sshd-session and sshd-auth had a

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Jul 4 17:50:12 AEST 2025 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

The following commit(s) were added to refs/heads/master by this push:
     new 0cf38d744 upstream: the messaging layer between sshd-session and sshd-auth had a
0cf38d744 is described below

commit 0cf38d74463bcf80510e7fd1b3d9328e7d91eb00
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Fri Jul 4 07:47:35 2025 +0000

    upstream: the messaging layer between sshd-session and sshd-auth had a
    
    maximum message size of 256KB. Some people apparently have configurations
    larger than this and would hit this limit.
    
    Worse, there was no good logging that could help diagnose what was
    going wrong.
    
    So this bumps the maximum message size to 4MB and implements an early
    check (usable via the sshd -t test mode) that will report it to the
    user where it is hopefully more visible.
    
    bz3808, reported by Dmitry Belyavskiy, ok dtucker@
    
    OpenBSD-Commit-ID: 69c303fb68cbd1a4735936835d67a71e7b57f63b
---
 monitor_wrap.c |  6 +++---
 monitor_wrap.h |  6 +++++-
 sshd.c         | 11 ++++++++---
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/monitor_wrap.c b/monitor_wrap.c
index c30a7902d..fea576213 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.139 2025/05/05 02:40:30 djm Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.140 2025/07/04 07:47:35 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos at citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus at openbsd.org>
@@ -150,7 +150,7 @@ mm_request_send(int sock, enum monitor_reqtype type, struct sshbuf *m)
 
 	debug3_f("entering, type %d", type);
 
-	if (mlen >= 0xffffffff)
+	if (mlen >= MONITOR_MAX_MSGLEN)
 		fatal_f("bad length %zu", mlen);
 	POKE_U32(buf, mlen + 1);
 	buf[4] = (u_char) type;		/* 1st byte of payload is mesg-type */
@@ -183,7 +183,7 @@ mm_request_receive(int sock, struct sshbuf *m)
 		fatal_f("read: %s", strerror(errno));
 	}
 	msg_len = PEEK_U32(buf);
-	if (msg_len > 256 * 1024)
+	if (msg_len > MONITOR_MAX_MSGLEN)
 		fatal_f("read: bad msg_len %d", msg_len);
 	sshbuf_reset(m);
 	if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
diff --git a/monitor_wrap.h b/monitor_wrap.h
index 7134afeec..c87295388 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.h,v 1.51 2024/05/17 06:42:04 jsg Exp $ */
+/* $OpenBSD: monitor_wrap.h,v 1.53 2025/07/04 07:47:35 djm Exp $ */
 
 /*
  * Copyright 2002 Niels Provos <provos at citi.umich.edu>
@@ -28,6 +28,10 @@
 #ifndef _MM_WRAP_H_
 #define _MM_WRAP_H_
 
+#define MONITOR_MAX_MSGLEN		(4 * 1024 * 1024)
+/* The configuration has to fit in a monitor message along with other state */
+#define MONITOR_MAX_CFGLEN		(MONITOR_MAX_MSGLEN - (64 * 1024))
+
 enum mm_keytype { MM_NOKEY, MM_HOSTKEY, MM_USERKEY };
 
 struct ssh;
diff --git a/sshd.c b/sshd.c
index 91608eff7..5a4db309d 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.619 2025/05/24 06:43:37 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.620 2025/07/04 07:47:35 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001, 2002 Markus Friedl.  All rights reserved.
  * Copyright (c) 2002 Niels Provos.  All rights reserved.
@@ -94,6 +94,7 @@
 #include "addr.h"
 #include "srclimit.h"
 #include "atomicio.h"
+#include "monitor_wrap.h"
 
 /* Re-exec fds */
 #define REEXEC_DEVCRYPTO_RESERVED_FD	(STDERR_FILENO + 1)
@@ -1753,6 +1754,12 @@ main(int ac, char **av)
 	if (test_flag > 1)
 		print_config(&connection_info);
 
+	config = pack_config(cfg);
+	if (sshbuf_len(config) > MONITOR_MAX_CFGLEN) {
+		fatal("Configuration file is too large (have %zu, max %d)",
+		    sshbuf_len(config), MONITOR_MAX_CFGLEN);
+	}
+
 	/* Configuration looks good, so exit if in test mode. */
 	if (test_flag)
 		exit(0);
@@ -1830,8 +1837,6 @@ main(int ac, char **av)
 	/* ignore SIGPIPE */
 	ssh_signal(SIGPIPE, SIG_IGN);
 
-	config = pack_config(cfg);
-
 	/* Get a connection, either from inetd or a listening TCP socket */
 	if (inetd_flag) {
 		/* Send configuration to ancestor sshd-session process */

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list