Re: Can an SSH_MSG_EXT_INFO have zero entries?

To: Mouse <mouse%Rodents-Montreal.ORG@localhost>, "ietf-ssh%NetBSD.org@localhost" <ietf-ssh%NetBSD.org@localhost>
Subject: Re: Can an SSH_MSG_EXT_INFO have zero entries?
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Mon, 3 Apr 2023 10:43:33 +0000

Mouse <mouse%Rodents-Montreal.ORG@localhost> writes:

>But I would say that, in as far as conformance to the spec goes, that's a
>perfectly good SSH_MSG_EXT_INFO.

It's technically legal according to the spec, but then so is a message with
four billion extensions (assuming the packet length requirement is met).
However, both of those values indicate that there's something severely wrong
with the implementation sending it, sort of like running into someone wearing
their underpants on their head the instinctive response is to cross the street
to avoid them.  Why is the other side sending an extensions message that
contains no extensions?  Or four billion extensions?

(As an aside, this is why a lot of security software is so full of vulns,
it'll accept any old rubbish as input whether it makes sense or not.  I've had
to stop opportunistically putting strange values in count fields just to see
what happens after taking out carrier-grade routers, an IBM mainframe, and at
least one commercial CA by doing so).

Peter.

Follow-Ups:
- Re: Can an SSH_MSG_EXT_INFO have zero entries?
  - From: Mouse
- Re: Can an SSH_MSG_EXT_INFO have zero entries?
  - From: Peter Gutmann

References:
- Can an SSH_MSG_EXT_INFO have zero entries?
  - From: Peter Gutmann
- Re: Can an SSH_MSG_EXT_INFO have zero entries?
  - From: Mouse

Prev by Date: Re: Can an SSH_MSG_EXT_INFO have zero entries?
Next by Date: Re: Can an SSH_MSG_EXT_INFO have zero entries?
Previous by Thread: Re: Can an SSH_MSG_EXT_INFO have zero entries?
Next by Thread: Re: Can an SSH_MSG_EXT_INFO have zero entries?
Indexes:

Home | Main Index | Thread Index | Old Index