IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Can an SSH_MSG_EXT_INFO have zero entries?



Mouse <mouse%Rodents-Montreal.ORG@localhost> writes:

>But I would say that, in as far as conformance to the spec goes, that's a
>perfectly good SSH_MSG_EXT_INFO.

It's technically legal according to the spec, but then so is a message with
four billion extensions (assuming the packet length requirement is met).
However, both of those values indicate that there's something severely wrong
with the implementation sending it, sort of like running into someone wearing
their underpants on their head the instinctive response is to cross the street
to avoid them.  Why is the other side sending an extensions message that
contains no extensions?  Or four billion extensions?

(As an aside, this is why a lot of security software is so full of vulns,
it'll accept any old rubbish as input whether it makes sense or not.  I've had
to stop opportunistically putting strange values in count fields just to see
what happens after taking out carrier-grade routers, an IBM mainframe, and at
least one commercial CA by doing so).

Peter.




Home | Main Index | Thread Index | Old Index