Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 3295] ssh connection is closed when session id is not 32 bytes (Error - Session Id mismatch error)
bugzilla-daemon at mindrot
Apr 20, 2021, 5:44 PM
Post #1 of 5 (244 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3295

balu <balu.gajjala@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Summary|ssh connection is closed |ssh connection is closed
|when session id is not 32 |when session id is not 32
|bytes with Session Id |bytes (Error - Session Id
|mismatch error |mismatch error)

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3295] ssh connection is closed when session id is not 32 bytes (Error - Session Id mismatch error) [ In reply to ]
bugzilla-daemon at mindrot
Apr 26, 2021, 6:48 PM
Post #2 of 5 (244 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3295

--- Comment #5 from balu <balu.gajjala@gmail.com> ---
ping.
Did you get a chance to look at this issue?

Thank you.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3295] ssh connection is closed when session id is not 32 bytes (Error - Session Id mismatch error) [ In reply to ]
bugzilla-daemon at mindrot
Apr 29, 2021, 9:04 PM
Post #3 of 5 (244 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3295

--- Comment #6 from Damien Miller <djm@mindrot.org> ---
I don't have any idea what is going wrong here - this does not occur
with OpenSSH as we release it, so it is likely related to changes made
by OpenSSH for Windows.

In any case, strlen() should never be called on the session ID and nor
should printf("%s"). It is binary data and may contain \0 characters.
For this reason the dumps in your sshd log aren't usable for debugging
this - they are truncated.

If you are at some point treating it as an ASCIIZ/UTF8 string, then
that's likely to be your problem.

I would recommend adding some sshbuf_dump(kex->session_id, stderr) to
kex.c:kex_derive_keys(), packet.c:kex_to_blob(),
packet.c:kex_from_blob() and monitor.c:monitor_apply_keystate()

Also sshbuf_dump_data(session_id2, session_id2_len, stderr) to
monitor.c:mm_answer_sign() and monitor.c:monitor_apply_keystate()

These will dump all the session ID copies at various stages of their
lifecycle and might clarify what is getting corrupted.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3295] ssh connection is closed when session id is not 32 bytes (Error - Session Id mismatch error) [ In reply to ]
bugzilla-daemon at mindrot
May 3, 2021, 11:45 AM
Post #4 of 5 (240 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3295

--- Comment #7 from balu <balu.gajjala@gmail.com> ---
Thank you for your input.

Windows don't have the fork() so we added code (3 years back) to pass
the required information from sshd root process to sshd authenticated
process.
OpenSSH V8.5 verifies the sessionid2 in the authenticated sshd process.
I added a new code to pass the sessionid2 from sshd root process to
sshd authenticated process. The bug lies here, I used
sshbuf_put_cstring() which caused the bug.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3295] ssh connection is closed when session id is not 32 bytes (Error - Session Id mismatch error) [ In reply to ]
bugzilla-daemon at mindrot
May 3, 2021, 11:45 AM
Post #5 of 5 (240 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3295

balu <balu.gajjala@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal