IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Can an SSH_MSG_EXT_INFO have zero entries?



On Fri, 31 Mar 2023, Peter Gutmann wrote:

> 
> Someone has just reported an SSH implementation that sends SSH_MSG_EXT_INFO
> with zero extensions present, i.e.:
> 
>     byte       SSH_MSG_EXT_INFO (value 7)
>     uint32     0
>     (No extensions present in the extensions message)
> 
> The RFC says:
> 
>    Implementations MUST accept well-formed SSH_MSG_EXT_INFO messages up to the
>    maximum packet length they accept.
> 
> but never defines what a well-formed SSH_MSG_EXT_INFO message actually is.  In
> my case I've defined one with zero entries as not well-formed, since it's a
> message used to communicate extensions that communicates no actual extensions.
> 
> Should a message like this be accepted?

Sure, the extension list is defined as an array and an array with zero
length both valid and common (e.g. it's requried in RFC4256 and common in
sftp attribute extensions).

I don't know why a server should send such a message, but I don't see any
reason that a client should refuse it.

FWIW OpenSSH should accept such a message.

-d



Home | Main Index | Thread Index | Old Index