date:20100329

[libssh2] #169: segmentation fault in pubkey authentication

2010-03-29 Thread libssh2 Trac

#169: segmentation fault in pubkey authentication
-+--
 Reporter:  suyogjadhav  |   Owner:   
 Type:  defect   |  Status:  new  
 Priority:  high |   Milestone:   
Component:  API  | Version:  1.2.4
 Keywords:   |Blocking:   
Blockedby:   |  
-+--
 libssh2 encounter SIGSEGV when null passphrase is passed to
 libssh2_userauth_publickey_fromfile while the passed key requires a valid
 passphrase.

 My application takes these configuration from user,and when passed along
 they cause app to crash.

 The error is traced to passphrase_cb in openssl.c.
 This function does not check for null passphrase and tries to find strlen
 causing the segmentation fault.

 A simple check such as this would suffice,

 passphrase_len = 0;
 if(passphrase != NULL)
 passphrase_len = strlen(passphrase);

-- 
Ticket URL: 
libssh2 
C library for writing portable SSH2 clients
___
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

pubkey auth needs to verify supplied passphrase

2010-03-29 Thread suyog jadhav

Hi,

The scenario is like the follows,

I have a key which has passphrase as NULL(no passphrase).
Now I give it as parameter to libssh2_userauth_publickey_fromfile along with 
NOT-NULL(anything) passphrase.
The pubkey auth succeeds in this case,as there is nowhere check for this 
scenario.

I understand that default ssh client doesn't ask for passphrase for such 
key,which was the requirement for such case,I think.

Anyway,my application asks user to configure these values (pubkey 
path,passphrase).Now if user has given SOME passphrase for a key which doesn't 
require passphrase, all the operations such as login and command execution 
succeeds contrary to wrong configuration.
There is no way to detect this and notify user.

I am trying to find a way around this,but could anybody please suggest where is 
the appropriate place to put such check and transmit that error back?

I have also raised a ticket http://libssh2.stuge.se/ticket/169 for a fix 
similar to this problem.

Regards
Suyog



  The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. 
http://in.yahoo.com/___
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Re: [libssh2] #169: segmentation fault in pubkey authentication

2010-03-29 Thread Mikhail Gusarov


Twas brillig at 12:18:05 29.03.2010 UTC+00 when t...@libssh2.stuge.se did gyre 
and gimble:

 lT> libssh2 encounter SIGSEGV when null passphrase is passed to
 lT> libssh2_userauth_publickey_fromfile while the passed key requires a
 lT> valid passphrase.

Looks like GIGO for me.

-- 
  http://fossarchy.blogspot.com/


pgpN60xdN9yhL.pgp
Description: PGP signature
___
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Re: pubkey auth needs to verify supplied passphrase

2010-03-29 Thread Daniel Stenberg


On Mon, 29 Mar 2010, suyog jadhav wrote:


I have a key which has passphrase as NULL(no passphrase).


Now I give it as parameter to libssh2_userauth_publickey_fromfile along with 
NOT-NULL(anything) passphrase. The pubkey auth succeeds in this case,as 
there is nowhere check for this scenario.


You could easily first try with a blank passphrase to see if this is indeed 
the case.


I understand that default ssh client doesn't ask for passphrase for such 
key,which was the requirement for such case,I think.


The "default ssh client" ? Are you referring to the openssh tool?

I have also raised a ticket http://libssh2.stuge.se/ticket/169 for a fix 
similar to this problem.


Sorry, but ticket 169 is not a fix. It simply says you crash libssh2 by 
passing in a NULL pointer instead of a pointer to a passphrase. I agree that 
the man page doesn't say explicitly what is allowed there but it also doesn't 
say that NULL is a legitimate input.


I still think we should check for a NULL pointer to make it more robust.

--

 / daniel.haxx.se
___
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Re: [libssh2] #169: segmentation fault in pubkey authentication

2010-03-29 Thread libssh2 Trac

#169: segmentation fault in pubkey authentication
--+-
  Reporter:  suyogjadhav  |   Owner:
  Type:  defect   |  Status:  closed
  Priority:  high |   Milestone:  1.2.5 
 Component:  API  | Version:  1.2.4 
Resolution:  fixed|Keywords:
  Blocking:   |   Blockedby:
--+-
Changes (by bagder):

  * status:  new => closed
  * resolution:  => fixed
  * milestone:  => 1.2.5


Comment:

 Thanks, this is now fixed in git!

-- 
Ticket URL: 
libssh2 
C library for writing portable SSH2 clients
___
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Re: [libssh2] #169: segmentation fault in pubkey authentication

2010-03-29 Thread libssh2 Trac

#169: segmentation fault in pubkey authentication
--+-
  Reporter:  suyogjadhav  |   Owner:
  Type:  defect   |  Status:  closed
  Priority:  high |   Milestone:  1.2.5 
 Component:  API  | Version:  1.2.4 
Resolution:  fixed|Keywords:
  Blocking:   |   Blockedby:
--+-

Comment(by stuge):

 Replying to [comment:1 bagder]:
 > Thanks, this is now fixed in git!

 I'm with Mikhail on this one: garbage in => garbage out. I don't think it
 is the job of libssh2 to validate every string pointer that applications
 pass in to the library. I'd moderately prefer the commit to be reverted.

-- 
Ticket URL: 
libssh2 
C library for writing portable SSH2 clients
___
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Re: [libssh2] #169: segmentation fault in pubkey authentication

2010-03-29 Thread libssh2 Trac

#169: segmentation fault in pubkey authentication
--+-
  Reporter:  suyogjadhav  |   Owner:
  Type:  defect   |  Status:  closed
  Priority:  high |   Milestone:  1.2.5 
 Component:  API  | Version:  1.2.4 
Resolution:  fixed|Keywords:
  Blocking:   |   Blockedby:
--+-

Comment(by alamaison):

 I've got to say I would find it very strange to revert a fix that makes
 using our library ''safer''.  Ideally, it should never be possible to
 crash no matter what inputs a component receives.

 -1 for reverting.

-- 
Ticket URL: 
libssh2 
C library for writing portable SSH2 clients
___
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Re: [libssh2] #169: segmentation fault in pubkey authentication

2010-03-29 Thread Daniel Stenberg


On Mon, 29 Mar 2010, libssh2 Trac wrote:


Comment(by alamaison):

I've got to say I would find it very strange to revert a fix that makes 
using our library ''safer''.  Ideally, it should never be possible to crash 
no matter what inputs a component receives.


-1 for reverting.


I don't quite understand that resistance either. As I said before: this 
function is not documented clearly to *not* accept a NULL for a blank 
passphrase even though it isn't documented to accept it either. Given that 
small uncertainty in API funcionality I think it is quite easy to check 
against this specific case.


It is not the same as to say that we always should check all arguments for 
junk or whatever.


--

 / daniel.haxx.se
___
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

RE: [libssh2] #169: segmentation fault in pubkey authentication

2010-03-29 Thread C Johnson

On Mon, 29 Mar 2010, Daniel Stenberg wrote:

> I don't quite understand that resistance either. As I said 
> before: this function is not documented clearly to *not* 
> accept a NULL for a blank passphrase even though it isn't 
> documented to accept it either. Given that small uncertainty 
> in API funcionality I think it is quite easy to check against 
> this specific case.

It would seem best to always clarify any points of uncertainty when ever
possible.

> It is not the same as to say that we always should check all 
> arguments for junk or whatever.

I would not rule this out.  Obviously it can be taken to absurd extremes,
but a reasonable step to sanitize inputs can be very important.  As a
library, you can not be sure of the source of the inputs being sent to your
library - did the application sanitize them enough or does doing nothing
leave open a potential exploit?  There has to be a balance somewhere between
so sanitizing so insanly it drags everything to a griding halt and just
leaving the barn door open and hoping no one notices or cares.

- C Johnson

___
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Re: [libssh2] #169: segmentation fault in pubkey authentication

2010-03-29 Thread libssh2 Trac

#169: segmentation fault in pubkey authentication
--+-
  Reporter:  suyogjadhav  |   Owner:
  Type:  defect   |  Status:  closed
  Priority:  high |   Milestone:  1.2.5 
 Component:  API  | Version:  1.2.4 
Resolution:  fixed|Keywords:
  Blocking:   |   Blockedby:
--+-

Comment(by suyogjadhav):

 just to point out that...these values are taken from user...and there is
 no way to know beforehand if the key requires a valid passphrase or
 null.If there is some way to do this please let me know.

-- 
Ticket URL: 
libssh2 
C library for writing portable SSH2 clients
___
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Re: Character conversion for sftp

2010-03-29 Thread NAGASEKHAR BHUVANAGIRI

On Mon, Mar 29, 2010 at 1:21 PM, Daniel Stenberg  wrote:

On Mon, 29 Mar 2010, NAGASEKHAR BHUVANAGIRI wrote:


Could someone advice me how the character conversion can be handled for
sftp?



(I removed the libssh2 list as a receiver, this is a libcurl question)

Why would libcurl do any conversion of data when doing SFTP? SFTP is defined
as a pure binary transfer and you get the data exactly the way the server
sends it!

If you want to convert it somehow, then that responsibility is yours.

-- 

 / daniel.haxx.se
---
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html



The conversion is for control responses and not for data. The reponse
received by banner_receive method in (libssh2's session.c) is garbled and
gived PACKET_FAIL error. This issue is specific to z/OS.
Thanks,
Nagasekhar

Aha, but then this issue is *competely* about libssh2 internals and the
libssh2-devel is the proper place for this discussion.
I don't think we have any support for such converions in libssh2 so it will
probably take some effort to get it added.

-- 
 / daniel.haxx.se
---
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html


Is anyone having similar problem with conversion of characters for control
responses with sftp?
Thanks,
___
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

[libssh2] #169: segmentation fault in pubkey authentication

pubkey auth needs to verify supplied passphrase

Re: [libssh2] #169: segmentation fault in pubkey authentication

Re: pubkey auth needs to verify supplied passphrase

Re: [libssh2] #169: segmentation fault in pubkey authentication

Re: [libssh2] #169: segmentation fault in pubkey authentication

Re: [libssh2] #169: segmentation fault in pubkey authentication

Re: [libssh2] #169: segmentation fault in pubkey authentication

RE: [libssh2] #169: segmentation fault in pubkey authentication

Re: [libssh2] #169: segmentation fault in pubkey authentication

Re: Character conversion for sftp

11 matches

Site Navigation

Mail list logo

Footer information