Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
0.3.0
-
None
Description
Hi,
I found a bug in the exchange hash calculation but I'm
not quite sure my solution is the right one.
The hash H is calculated (from the RFC) using this formula:
H = hash(V_C || V_S || I_C || I_S || K_S || e || f || K)
This cumulative buffer is build in mina SSHD 0.3.0 here:
sshd/server/kex/AbstractDHGServer.java:98
This is all good but using a particular SSH client library (http://www.libssh2.org/), I can reproduce a bug where I_C (defined as the payload of the client's SSH_MSG_KEXINIT) is larger than what the client has sent, resulting in an invalid hash and where the calculated hostkey signature is invalid (does not verify on the client).
I traced the problem back to this file (receiveKexInit method):
sshd/common/session/AbstractSession.java
The receiveKexInit method returns this I_C component, but it's size is "buffer.available() + 1". The problem I found was that the buffer may contain more than the SSH_MSG_KEXINIT command data.. which results in an invalid (larger) I_C buffer.
Laurent