IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
RE: OpenSSH sabotages protocol extension
denis bider <ietf-ssh3%denisbider.com@localhost> writes:
>What possible purpose does this serve?
It's perfectly sensible, if the spec requires that a packet be x, y, z then
getting a packet containing x, y, z, extra garbage is at best a sign of data
corruption, at worst a sign of an active attack. Rejecting the packet and
closing the connection is good practice, it makes it harder for an attacker to
use you as an oracle.
For an example of what happens if you do ignore extra garbage at the end of
your data, look at the padding attacks on PKCS #1...
Peter.
Home |
Main Index |
Thread Index |
Old Index