Mailing List Archive

https://bugzilla.mindrot.org/show_bug.cgi?id=3599

--- Comment #1 from Shreenidhi Shedi <sshedi@vmware.com> ---
Created attachment 3713
--> https://bugzilla.mindrot.org/attachment.cgi?id=3713&action=edit
attempt to fix.

Tried fixing the issue. PTAL.

I'm unaware of the development process in this project, so raised a
github PR as well.

https://github.com/openssh/openssh-portable/pull/424

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3599

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3713|application/octet-stream |text/plain
mime type| |
Attachment #3713|0 |1
is patch| |

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3599

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3713|0 |1
is obsolete| |
Attachment #3716| |ok?(dtucker@dtucker.net)
Flags| |

--- Comment #2 from Damien Miller <djm@mindrot.org> ---
Created attachment 3716
--> https://bugzilla.mindrot.org/attachment.cgi?id=3716&action=edit
Options for MACs and KexAlgorithms too, document

Thanks, I think you patch makes sense.

This tweaks it a little, but also adds support for overriding some
other things that might cause problems in restricted configurations
(MACs and key-exchange algorithms), and documents them all in the
ssh-keygen.8 manpage.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3599

--- Comment #3 from Shreenidhi Shedi <sshedi@vmware.com> ---
Awesome, yes. These additional changes makes this fix complete for now.
Thanks a lot.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3599

--- Comment #4 from Shreenidhi Shedi <sshedi@vmware.com> ---
One query, take this for example.

```
macs = xstrdup(optarg + 5);
```
When will macs get freed?

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3599

--- Comment #5 from Damien Miller <djm@mindrot.org> ---
It won't until the program exits. It will be around for the life of the
process because it's needed for the life of the process

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3599

--- Comment #6 from Shreenidhi Shedi <sshedi@vmware.com> ---
Okay, that looks fine. I was expecting these new pointers to get freed
programmatically, if we are delegating that job to system, that's fine
too. Thanks for the response.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3599

--- Comment #7 from Shreenidhi Shedi <sshedi@vmware.com> ---
Hi Damien Miller,

Any inputs on when this will get merged? I mean when will this be a
part of github repo? Thanks.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3599

--- Comment #8 from Shreenidhi Shedi <sshedi@vmware.com> ---
Hi Damien Miller,

Is there anything pending from my end? Please let me know.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3599

--- Comment #9 from Shreenidhi Shedi <sshedi@vmware.com> ---
There is a problem in the patch.

PTAL.
```
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 1fd5867..bb59b55 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -789,11 +789,11 @@ main(int argc, char **argv)
fatal("Unsupported hash
algorithm");
} else if (strncasecmp(optarg, "ciphers=", 8)
== 0) {
ciphers = xstrdup(optarg + 8);
- if (!mac_valid(ciphers))
+ if (!ciphers_valid(ciphers))
fatal("Unsupported ciphers");
} else if (strncasecmp(optarg, "macs=", 5) ==
0) {
macs = xstrdup(optarg + 5);
- if (!ciphers_valid(macs))
+ if (!mac_valid(macs))
fatal("Unsupported MACs");
} else if (strncasecmp(optarg,
"kexalgorithms=", 14) == 0) {
```

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs