[jira] [Commented] (SSHD-699) Server receiving 0-length SSH_MSG_IGNORE causes Buffer Underflow exception
[
https://issues.apache.org/jira/browse/SSHD-699?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15496574#comment-15496574
]
Goldstein Lyor commented on SSHD-699:
-
No problem - in 1.3 (soon to be released) I have added code that specifically
ignores these malformed messages (along with {{SSH_MSG_UNIMPLEMENTED}}) since I
believe that such unusual and seldom used messages should not cause exceptions
in the code and we can tolerate their being malformed.
> Server receiving 0-length SSH_MSG_IGNORE causes Buffer Underflow exception
> --
>
> Key: SSHD-699
> URL: https://issues.apache.org/jira/browse/SSHD-699
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 1.2.0
>Reporter: Johan Östling
>Assignee: Goldstein Lyor
>Priority: Minor
> Fix For: 1.3.0
>
>
> Trying to establish the length of a message with only a header byte will
> cause a buffer underflow exception. I noticed it on SSH_MSG_IGNORE, but it is
> probably general to all messages.
> Reproducible with unit test:
> {code:title=AbstractSessionTest.java|borderStyle=solid}
> @Test
> public void testZeroLengthIgnoreMessage() throws Exception {
> Buffer msg = session.createBuffer(SshConstants.SSH_MSG_IGNORE,
> Byte.SIZE);
> session.handleIgnore(msg);
> }
> {code}
> This is a regression since 0.14.0, which did not have this problem.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SSHD-699) Server receiving 0-length SSH_MSG_IGNORE causes Buffer Underflow exception
[
https://issues.apache.org/jira/browse/SSHD-699?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15496470#comment-15496470
]
Johan Östling commented on SSHD-699:
Thanks for the clarification of the specs! I noticed this in conjunction with
sshj sending these kind of messages; but from what you are saying I should
report this as a bug with them instead.
> Server receiving 0-length SSH_MSG_IGNORE causes Buffer Underflow exception
> --
>
> Key: SSHD-699
> URL: https://issues.apache.org/jira/browse/SSHD-699
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 1.2.0
>Reporter: Johan Östling
>Assignee: Goldstein Lyor
>Priority: Minor
>
> Trying to establish the length of a message with only a header byte will
> cause a buffer underflow exception. I noticed it on SSH_MSG_IGNORE, but it is
> probably general to all messages.
> Reproducible with unit test:
> {code:title=AbstractSessionTest.java|borderStyle=solid}
> @Test
> public void testZeroLengthIgnoreMessage() throws Exception {
> Buffer msg = session.createBuffer(SshConstants.SSH_MSG_IGNORE,
> Byte.SIZE);
> session.handleIgnore(msg);
> }
> {code}
> This is a regression since 0.14.0, which did not have this problem.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SSHD-699) Server receiving 0-length SSH_MSG_IGNORE causes Buffer Underflow exception
[
https://issues.apache.org/jira/browse/SSHD-699?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15496387#comment-15496387
]
Goldstein Lyor commented on SSHD-699:
-
This is not entirely correct - according to [RFC 4253 - section
11.2|https://tools.ietf.org/html/rfc4253#section-11.2] the structure of an
{{SSH_MSG_IGNORE}} is as follows:
{quote}
11.2. Ignored Data Message
byte SSH_MSG_IGNORE
stringdata
{quote}
The _data_ field is a _string_ which means that even if it is *empty* then it
must have a zero length as described in [RFC 4251 section
5|https://tools.ietf.org/html/rfc4251#section-5]:
{quote}
string
Arbitrary length binary string. Strings are allowed to contain
arbitrary binary data, including null characters and 8-bit
characters. They are stored as a uint32 containing its length
(number of bytes that follow) and zero (= empty string) or more
bytes that are the value of the string. Terminating null
characters are not used.
{quote}
What is termed "regression" in this case is actually a misnomer - an
SSH_MSG_IGNORE as described in the test case is therefore *illegal* and should
cause a problem. The same can be said for *any* malformed message - it is way
too much to demand that the code deal with all possible ways in which a
message can be malformed. The previous code was therefore *wrong* in ignoring
such messages (as it would be wrong to ignore any other malformed one).
Specifically for {{SSG_MSG_IGNORE}} and {{SSH_MSG_DEBUG}} though perhaps the
code should be more tolerant and ignore malformed messages, So I will do a fix
along these lines - but *only* along these lines.
> Server receiving 0-length SSH_MSG_IGNORE causes Buffer Underflow exception
> --
>
> Key: SSHD-699
> URL: https://issues.apache.org/jira/browse/SSHD-699
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 1.2.0
>Reporter: Johan Östling
>
> Trying to establish the length of a message with only a header byte will
> cause a buffer underflow exception. I noticed it on SSH_MSG_IGNORE, but it is
> probably general to all messages.
> Reproducible with unit test:
> {code:title=AbstractSessionTest.java|borderStyle=solid}
> @Test
> public void testZeroLengthIgnoreMessage() throws Exception {
> Buffer msg = session.createBuffer(SshConstants.SSH_MSG_IGNORE,
> Byte.SIZE);
> session.handleIgnore(msg);
> }
> {code}
> This is a regression since 0.14.0, which did not have this problem.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
