[jira] [Commented] (SSHD-699) Server receiving 0-length SSH_MSG_IGNORE causes Buffer Underflow exception
[ https://issues.apache.org/jira/browse/SSHD-699?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15496574#comment-15496574 ] Goldstein Lyor commented on SSHD-699: - No problem - in 1.3 (soon to be released) I have added code that specifically ignores these malformed messages (along with {{SSH_MSG_UNIMPLEMENTED}}) since I believe that such unusual and seldom used messages should not cause exceptions in the code and we can tolerate their being malformed. > Server receiving 0-length SSH_MSG_IGNORE causes Buffer Underflow exception > -- > > Key: SSHD-699 > URL: https://issues.apache.org/jira/browse/SSHD-699 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.2.0 >Reporter: Johan Östling >Assignee: Goldstein Lyor >Priority: Minor > Fix For: 1.3.0 > > > Trying to establish the length of a message with only a header byte will > cause a buffer underflow exception. I noticed it on SSH_MSG_IGNORE, but it is > probably general to all messages. > Reproducible with unit test: > {code:title=AbstractSessionTest.java|borderStyle=solid} > @Test > public void testZeroLengthIgnoreMessage() throws Exception { > Buffer msg = session.createBuffer(SshConstants.SSH_MSG_IGNORE, > Byte.SIZE); > session.handleIgnore(msg); > } > {code} > This is a regression since 0.14.0, which did not have this problem. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SSHD-699) Server receiving 0-length SSH_MSG_IGNORE causes Buffer Underflow exception
[ https://issues.apache.org/jira/browse/SSHD-699?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15496470#comment-15496470 ] Johan Östling commented on SSHD-699: Thanks for the clarification of the specs! I noticed this in conjunction with sshj sending these kind of messages; but from what you are saying I should report this as a bug with them instead. > Server receiving 0-length SSH_MSG_IGNORE causes Buffer Underflow exception > -- > > Key: SSHD-699 > URL: https://issues.apache.org/jira/browse/SSHD-699 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.2.0 >Reporter: Johan Östling >Assignee: Goldstein Lyor >Priority: Minor > > Trying to establish the length of a message with only a header byte will > cause a buffer underflow exception. I noticed it on SSH_MSG_IGNORE, but it is > probably general to all messages. > Reproducible with unit test: > {code:title=AbstractSessionTest.java|borderStyle=solid} > @Test > public void testZeroLengthIgnoreMessage() throws Exception { > Buffer msg = session.createBuffer(SshConstants.SSH_MSG_IGNORE, > Byte.SIZE); > session.handleIgnore(msg); > } > {code} > This is a regression since 0.14.0, which did not have this problem. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SSHD-699) Server receiving 0-length SSH_MSG_IGNORE causes Buffer Underflow exception
[ https://issues.apache.org/jira/browse/SSHD-699?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15496387#comment-15496387 ] Goldstein Lyor commented on SSHD-699: - This is not entirely correct - according to [RFC 4253 - section 11.2|https://tools.ietf.org/html/rfc4253#section-11.2] the structure of an {{SSH_MSG_IGNORE}} is as follows: {quote} 11.2. Ignored Data Message byte SSH_MSG_IGNORE stringdata {quote} The _data_ field is a _string_ which means that even if it is *empty* then it must have a zero length as described in [RFC 4251 section 5|https://tools.ietf.org/html/rfc4251#section-5]: {quote} string Arbitrary length binary string. Strings are allowed to contain arbitrary binary data, including null characters and 8-bit characters. They are stored as a uint32 containing its length (number of bytes that follow) and zero (= empty string) or more bytes that are the value of the string. Terminating null characters are not used. {quote} What is termed "regression" in this case is actually a misnomer - an SSH_MSG_IGNORE as described in the test case is therefore *illegal* and should cause a problem. The same can be said for *any* malformed message - it is way too much to demand that the code deal with all possible ways in which a message can be malformed. The previous code was therefore *wrong* in ignoring such messages (as it would be wrong to ignore any other malformed one). Specifically for {{SSG_MSG_IGNORE}} and {{SSH_MSG_DEBUG}} though perhaps the code should be more tolerant and ignore malformed messages, So I will do a fix along these lines - but *only* along these lines. > Server receiving 0-length SSH_MSG_IGNORE causes Buffer Underflow exception > -- > > Key: SSHD-699 > URL: https://issues.apache.org/jira/browse/SSHD-699 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 1.2.0 >Reporter: Johan Östling > > Trying to establish the length of a message with only a header byte will > cause a buffer underflow exception. I noticed it on SSH_MSG_IGNORE, but it is > probably general to all messages. > Reproducible with unit test: > {code:title=AbstractSessionTest.java|borderStyle=solid} > @Test > public void testZeroLengthIgnoreMessage() throws Exception { > Buffer msg = session.createBuffer(SshConstants.SSH_MSG_IGNORE, > Byte.SIZE); > session.handleIgnore(msg); > } > {code} > This is a regression since 0.14.0, which did not have this problem. -- This message was sent by Atlassian JIRA (v6.3.4#6332)