Re: OpenSSH sabotages protocol extension

To: denis bider <ietf-ssh3%denisbider.com@localhost>
Subject: Re: OpenSSH sabotages protocol extension
From: Damien Miller <djm%mindrot.org@localhost>
Date: Fri, 6 Nov 2015 13:19:42 +1100 (AEDT)

On Thu, 5 Nov 2015, denis bider wrote:

> Well, I'm slightly pissed.
> 
> Why does OpenSSL do stupid shit like this?

[snip]

> Note the genius inclusion of packet_check_eom() after decoding
> SERVICE_ACCEPT. Guess what this line does?
> 
>     #define ssh_packet_check_eom(ssh) \
...
>             logit("Packet integrity error (%d bytes remaining) at %s:%d", \
>                 _len ,__FILE__, __LINE__); \
>             ssh_packet_disconnect(ssh, \
>                 "Packet integrity error."); \
...
> Yes. It disconnects if there's any extra data after the recognized field in
> SERVICE_ACCEPT.
> 
> What possible purpose does this serve?

It verifies that the message is conformant to RFC4253 section 10 (which
specifies only a single string in a SSH_MSG_SERVICE_REQUEST) and not
gibberish.

> What possible purpose at all, other than to sabotage future extension?

... because an implementation of a security protocol that runs with
high privilege should strongly validate well-formedness.

> Thanks to this, we cannot add a field to SERVICE_ACCEPT so that the server
> could advertise what signature algorithms it accepts for user
> authentication.

No, you can't add one because RFC4253 specified it differently and you
don't get to retcon protocols by hoping that implementations don't
validate their input.

-d

References:
- OpenSSH sabotages protocol extension
  - From: denis bider

Prev by Date: New version of rsa-sha2-512 draft posted: no more DSA
Next by Date: Re: OpenSSH sabotages protocol extension
Previous by Thread: Re: OpenSSH sabotages protocol extension
Next by Thread: Re: OpenSSH sabotages protocol extension
Indexes:

Home | Main Index | Thread Index | Old Index