[jira] [Created] (SSHD-1229) Infinite clientMethods iteration in ClientUserAuthService

Tue, 23 Nov 2021 06:27:09 -0800 

Sergey Panov created SSHD-1229:
----------------------------------

             Summary: Infinite clientMethods iteration in ClientUserAuthService
                 Key: SSHD-1229
                 URL: https://issues.apache.org/jira/browse/SSHD-1229
             Project: MINA SSHD
          Issue Type: Bug
    Affects Versions: 2.7.0
            Reporter: Sergey Panov


Hello,

 

I've come across that the 
org.apache.sshd.client.session.ClientUserAuthService#clientMethods list could 
be iterated over and over again until a client terminates connection. This 
happens when a server requires two-factor authentication. Despite RFC 4252 
([https://www.ietf.org/rfc/rfc4252.txt)] recommends the server returning only 
authentication methods that have not been successfully completed, some 
implementations ignore this. If the authentication is partially successful, but 
the server returns the same list of authentication methods, the 0th client 
authentication method will be used repeatedly.



{code:java}
protected void processUserAuth(Buffer buffer) throws Exception {
        ...
        if (cmd == SshConstants.SSH_MSG_USERAUTH_FAILURE) {
            String mths = buffer.getString();
            boolean partial = buffer.getBoolean();
            if (log.isDebugEnabled()) {
                log.debug("processUserAuth({}) Received 
SSH_MSG_USERAUTH_FAILURE - partial={}, methods={}",
                        session, partial, mths);
            }
            if (partial || (serverMethods == null)) {
                serverMethods = Arrays.asList(GenericUtils.split(mths, ','));   
// If a server is always returning the same list of methods, the "next" client 
method in clientMethods will be on index 0
                currentMethod = 0;
                if (userAuth != null) {
                    try {
                        try {
                            userAuth.signalAuthMethodFailure(
                                    session, service, partial, 
Collections.unmodifiableList(serverMethods), buffer);
                        } finally {
                            userAuth.destroy();
                        }
                    } finally {
                        userAuth = null;
                    }
                }
            }            tryNext(cmd);
            return;
        }
        ...
    }{code}
 
{code:java}
protected void tryNext(int cmd) throws Exception {
    ClientSession session = getClientSession();
    // Loop until we find something to try
    for (boolean debugEnabled = log.isDebugEnabled();; debugEnabled = 
log.isDebugEnabled()) {
        ...
        String method = null;
        for (; currentMethod < clientMethods.size(); currentMethod++) {
            method = clientMethods.get(currentMethod);  // Always selects the 
0th client method when the previous authentication method was "partially 
successful"
            if (serverMethods.contains(method)) {
                break;
            }
        }
        ...
    }
} {code}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to