[libssh2] [ libssh2-Bugs-2665432 ] auth_cookie generation is broken (channel_x11_req)

Sat, 07 Mar 2009 14:11:04 -0800 

Bugs item #2665432, was opened at 2009-03-05 16:14
Message generated for change (Comment added) made by bagder
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=703942&aid=2665432&group_id=125852

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: misc
Group: None
>Status: Closed
>Resolution: Duplicate
Priority: 5
Private: No
Submitted By: Olivier Hervieu (ohervieu)
>Assigned to: Daniel Stenberg (bagder)
Summary: auth_cookie generation is broken (channel_x11_req)

Initial Comment:
Hi guys, 

When using libssh2_channel_x11_req, on linux, the auth_cookie is generated by 
the following code :

unsigned char buffer[LIBSSH2_X11_RANDOM_COOKIE_LEN / 2];
libssh2_random(buffer, LIBSSH2_X11_RANDOM_COOKIE_LEN / 2);
for(i = 0; i < (LIBSSH2_X11_RANDOM_COOKIE_LEN / 2); i++) {
    snprintf((char *) s + (i * 2), 2, "%02X", buffer[i]);
}

where s is a buffer of LIBSSH2_X11_RANDOM_COOKIE_LEN length.

When executing this, I always have a strange generated cookie. On the server 
side, sshd says : 
/usr/bin/X11/xauth: (stdin):2:  key contains odd number of or non-hex characters

In fact the auth_cookie sent has a length of .... 1.

Refering to the man page of snprintf, it says : The  functions snprintf()  and  
vsnprintf()  write  at most size bytes (including the trailing null byte 
(’\0’)) to str.

So, if you a define a buffer : buffer[]="AAAAAAAAAAAAAAAA"

snprintf((char *)s +(i*2),2,"%02X", buffer[i]);

will always write '4\0' in the buffer for each loop of the for statement.

So, a correct cookie is generated by using :

snprintf((char *)s +(i*2),2+1 ,"%02X", buffer[i]);


Regards, 

Olivier





----------------------------------------------------------------------

>Comment By: Daniel Stenberg (bagder)
Date: 2009-03-07 23:08

Message:
Thanks, fixed committed to CVS just now!

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=703942&aid=2665432&group_id=125852

------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
libssh2-devel mailing list
libssh2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libssh2-devel

Reply via email to