[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SSH version or banner string maximum length?

Subject: SSH version or banner string maximum length?
From: Saju Panikulam <spanikulam@xxxxxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Sat, 16 Apr 2016 03:32:26 +0000
To: "'libssh@xxxxxxxxxx'" <libssh@xxxxxxxxxx>

Need confirmation on the maximum length of the version or banner string that an SSH server can send to the client. According to RFC-4253 it is 255.  Can someone please confirm.  If it is 255 there may be an error in procedure callback_receive_banner() in client.c - around line# 129

Thanks,
Saju

/**
* @internal
*
* @brief Gets the banner from socket and saves it in session.
* Updates the session state
*
* @param  data pointer to the beginning of header
* @param  len size of the banner
* @param  user is a pointer to session
* @returns Number of bytes processed, or zero if the banner is not complete.
*/
static int callback_receive_banner(const void *data, size_t len, void *user) {
  char *buffer = (char *)data;
  ssh_session session=(ssh_session) user;
  char *str = NULL;
  size_t i;
  int ret=0;

  if(session->session_state != SSH_SESSION_STATE_SOCKET_CONNECTED){
                ssh_set_error(session,SSH_FATAL,"Wrong state in callback_receive_banner : %d",session->session_state);

                return SSH_ERROR;
  }
  for(i=0;i<len;++i){
#ifdef WITH_PCAP
                if(session->pcap_ctx && buffer[i] == '\n'){
                                ssh_pcap_context_write(session->pcap_ctx,SSH_PCAP_DIR_IN,buffer,i+1,i+1);
                }
#endif
    if(buffer[i]=='\r') {
        buffer[i]='\0';
    }
    if (buffer[i]=='\n') {
        buffer[i] = '\0';
        str = strdup(buffer);
        if (str == NULL) {
            return SSH_ERROR;
        }
        /* number of bytes read */
        ret = i + 1;
        session->serverbanner = str;
                                session->session_state=SSH_SESSION_STATE_BANNER_RECEIVED;
                                SSH_LOG(SSH_LOG_PACKET,"Received banner: %s",str);
                                session->ssh_connection_callback(session);

                                return ret;
                }
                if(i>127){
                                /* Too big banner */
                                session->session_state=SSH_SESSION_STATE_ERROR;
                                ssh_set_error(session,SSH_FATAL,"Receiving banner: too large banner");

                                return 0;
                }
  }

  return ret;
}

Archive administrator: postmaster@lists.cynapses.org