Affects Version/s: 0.3.0
Fix Version/s: 0.4.0
I found a bug in the exchange hash calculation but I'm
not quite sure my solution is the right one.
The hash H is calculated (from the RFC) using this formula:
H = hash(V_C || V_S || I_C || I_S || K_S || e || f || K)
This cumulative buffer is build in mina SSHD 0.3.0 here:
This is all good but using a particular SSH client library (http://www.libssh2.org/), I can reproduce a bug where I_C (defined as the payload of the client's SSH_MSG_KEXINIT) is larger than what the client has sent, resulting in an invalid hash and where the calculated hostkey signature is invalid (does not verify on the client).
I traced the problem back to this file (receiveKexInit method):
The receiveKexInit method returns this I_C component, but it's size is "buffer.available() + 1". The problem I found was that the buffer may contain more than the SSH_MSG_KEXINIT command data.. which results in an invalid (larger) I_C buffer.
|Status||Open [ 1 ]||Resolved [ 5 ]|
|Assignee||Guillaume Nodet [ gnt ]|
|Fix Version/s||0.4.0 [ 12314444 ]|
|Resolution||Fixed [ 1 ]|
|Transition||Time In Source Status||Execution Times||Last Executer||Last Execution Date|
|41d 35m||1||Guillaume Nodet||28/Apr/10 20:19|