Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.3.0
    • Fix Version/s: 0.4.0
    • Labels:
      None

      Description

      Hi,

      I found a bug in the exchange hash calculation but I'm
      not quite sure my solution is the right one.

      The hash H is calculated (from the RFC) using this formula:
      H = hash(V_C || V_S || I_C || I_S || K_S || e || f || K)

      This cumulative buffer is build in mina SSHD 0.3.0 here:
      sshd/server/kex/AbstractDHGServer.java:98

      This is all good but using a particular SSH client library (http://www.libssh2.org/), I can reproduce a bug where I_C (defined as the payload of the client's SSH_MSG_KEXINIT) is larger than what the client has sent, resulting in an invalid hash and where the calculated hostkey signature is invalid (does not verify on the client).

      I traced the problem back to this file (receiveKexInit method):
      sshd/common/session/AbstractSession.java

      The receiveKexInit method returns this I_C component, but it's size is "buffer.available() + 1". The problem I found was that the buffer may contain more than the SSH_MSG_KEXINIT command data.. which results in an invalid (larger) I_C buffer.

      Laurent

      1. ASF.LICENSE.NOT.GRANTED--sshclient.cpp
        1 kB
        Laurent Duchesne
      2. ASF.LICENSE.NOT.GRANTED--SshServerImpl.java
        0.6 kB
        Laurent Duchesne
      3. hostkeysign.diff
        1 kB
        Laurent Duchesne

        Activity

        Hide
        Laurent Duchesne added a comment -

        Here is my patch which seems to work with the libssh2 library as a client. I also tested the connection with the openssh 5.4p1 client and the hostkey signature was validated (which means the exchange hash is OK). I'm not sure this is the best way to do it, but it seems to work

        In the patch the initial size 22 is the header length, and the += 4 is for each proposal length, which is also included in the I_C buffer.

        Laurent

        Show
        Laurent Duchesne added a comment - Here is my patch which seems to work with the libssh2 library as a client. I also tested the connection with the openssh 5.4p1 client and the hostkey signature was validated (which means the exchange hash is OK). I'm not sure this is the best way to do it, but it seems to work In the patch the initial size 22 is the header length, and the += 4 is for each proposal length, which is also included in the I_C buffer. Laurent
        Hide
        Guillaume Nodet added a comment -

        Do you have steps to reproduce the problem ?
        I'll try to have a look at the openssh code to see how they handle the problem.

        Show
        Guillaume Nodet added a comment - Do you have steps to reproduce the problem ? I'll try to have a look at the openssh code to see how they handle the problem.
        Hide
        Laurent Duchesne added a comment -

        Our setup is kind of complicated, but here is a small sample I can run to reproduce the problem.

        You need to:

        • Change "hostkey.pem" in the java code to a fully qualified filename
        • Change the "localhost" hostname he c++ code if you run the server and the client on seperate machines.

        Also, you will need both boost 1.42 and libssh2 available in your include/linker path for the c++ part.

        You will notice that the libssh2_session_startup call will fail with the sshd-core-0.3.0.jar, but not with the patch applied to it.

        Also note that I am running the server in Eclipse on Linux (x86_64) and the client in Visual Studio 2005 on Windows 7 (x86).. but I don't think this is important to reproduce the bug.

        Hope this helps!

        Show
        Laurent Duchesne added a comment - Our setup is kind of complicated, but here is a small sample I can run to reproduce the problem. You need to: Change "hostkey.pem" in the java code to a fully qualified filename Change the "localhost" hostname he c++ code if you run the server and the client on seperate machines. Also, you will need both boost 1.42 and libssh2 available in your include/linker path for the c++ part. You will notice that the libssh2_session_startup call will fail with the sshd-core-0.3.0.jar, but not with the patch applied to it. Also note that I am running the server in Eclipse on Linux (x86_64) and the client in Visual Studio 2005 on Windows 7 (x86).. but I don't think this is important to reproduce the bug. Hope this helps!
        Hide
        Guillaume Nodet added a comment -

        Committing to https://svn.apache.org/repos/asf/mina/sshd/trunk ...
        M sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java
        Committed r939056

        Show
        Guillaume Nodet added a comment - Committing to https://svn.apache.org/repos/asf/mina/sshd/trunk ... M sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java Committed r939056

          People

          • Assignee:
            Guillaume Nodet
            Reporter:
            Laurent Duchesne
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development