Uploaded image for project: 'MINA SSHD'
  1. MINA SSHD
  2. SSHD-868

Add some protection against maliciously crafted packets

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.2.0
    • 2.2.0
    • Important

    Description

      According to RFC4256 - section 3.2

      The server SHOULD take into consideration that some clients may not
      be able to properly display a long name or prompt field (see next
      section), and limit the lengths of those fields if possible.

      The current code in UserAuthKeyboardInteractive#processAuthDataRequest does not make sure that the number of challenges or the length of each challenge is reasonable (not to mention the other packet components). Therefore, a maliciously crafted packet can cause out-of-memory errors by requesting an extremely large number of responses or sending very large challenges.

      It is important to notice that this problem is not limited to the keyboard-interactive protocol but to the entire packet encode/decode mechanism since it is a RLE (read-length encoding). Wherever possible we should add some reasonable but large enough limitations on the expected size of strings/arrays/etc.. being decoded from incoming SSH packets.

      Attachments

        Activity

          People

            lgoldstein Lyor Goldstein
            lgoldstein Lyor Goldstein
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: