Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.3.0
    • Fix Version/s: 0.4.0
    • Labels:
      None

      Description

      Hi,

      I found a bug in the exchange hash calculation but I'm
      not quite sure my solution is the right one.

      The hash H is calculated (from the RFC) using this formula:
      H = hash(V_C || V_S || I_C || I_S || K_S || e || f || K)

      This cumulative buffer is build in mina SSHD 0.3.0 here:
      sshd/server/kex/AbstractDHGServer.java:98

      This is all good but using a particular SSH client library (http://www.libssh2.org/), I can reproduce a bug where I_C (defined as the payload of the client's SSH_MSG_KEXINIT) is larger than what the client has sent, resulting in an invalid hash and where the calculated hostkey signature is invalid (does not verify on the client).

      I traced the problem back to this file (receiveKexInit method):
      sshd/common/session/AbstractSession.java

      The receiveKexInit method returns this I_C component, but it's size is "buffer.available() + 1". The problem I found was that the buffer may contain more than the SSH_MSG_KEXINIT command data.. which results in an invalid (larger) I_C buffer.

      Laurent

      1. ASF.LICENSE.NOT.GRANTED--sshclient.cpp
        1 kB
        Laurent Duchesne
      2. ASF.LICENSE.NOT.GRANTED--SshServerImpl.java
        0.6 kB
        Laurent Duchesne
      3. hostkeysign.diff
        1 kB
        Laurent Duchesne

        Activity

          People

          • Assignee:
            Guillaume Nodet
            Reporter:
            Laurent Duchesne
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development