Mailing List Archive

[Bug 2929] OpenSSH server should not send the SSH_MSG_EXT_INFO message after rekeying
https://bugzilla.mindrot.org/show_bug.cgi?id=2929

Pawel Jakub Dawidek <openssh@dawidek.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
Resolution|FIXED |---
Status|RESOLVED |REOPENED
CC| |openssh@dawidek.net

--- Comment #5 from Pawel Jakub Dawidek <openssh@dawidek.net> ---
Hi Damian,

I think the fix is incomplete. It probably only works with the OpenSSH
server when sandboxing is enabled, but it doesn't work with ssh_api.c.

When using API, the kex structure is allocated only once and during the
first KEX the ext_info_c field is set to 1. It is then never set to 0,
so during next rekeying, even though KEX_INITIAL is no longer set, the
SSH_MSG_EXT_INFO will be send again as ext_info_c remains 1.

To fix that it would be enough to add:

kex->ext_info_c = 0;

right after:

kex->flags &= ~KEX_INITIAL;

in the kex_input_newkeys() function.

Thank you.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2929] OpenSSH server should not send the SSH_MSG_EXT_INFO message after rekeying [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=2929

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3316| |ok?(dtucker@dtucker.net)
Flags| |

--- Comment #6 from Damien Miller <djm@mindrot.org> ---
Created attachment 3316
--> https://bugzilla.mindrot.org/attachment.cgi?id=3316&action=edit
check KEX_INITIAL before sending ext-info

IMO it's better to check KEX_INITIAL. Add some debug() to make it clear
whether/when the ext-info is sent.

Note that disabling privsep is not supported (there is no option) and
the API is still very much a work in progress.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2929] OpenSSH server should not send the SSH_MSG_EXT_INFO message after rekeying [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=2929

Darren Tucker <dtucker@dtucker.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3316|ok?(dtucker@dtucker.net) |ok+
Flags| |

--- Comment #7 from Darren Tucker <dtucker@dtucker.net> ---
Comment on attachment 3316
--> https://bugzilla.mindrot.org/attachment.cgi?id=3316
check KEX_INITIAL before sending ext-info

> (ssh->kex->flags & KEX_INITIAL) != 0

given that it's being used as a boolean you could omit the != 0.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs