[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH version or banner string maximum length?

Hi,

Andreas pushed a patch adressing this issue. Thanks for the report.

Aris

On 16/04/16 05:32, Saju Panikulam wrote:
>
> Need confirmation on the maximum length of the version or banner
> string that an SSH server can send to the client. According to
> RFC-4253 it is 255.  Can someone please confirm.  If it is 255 there
> may be an error in procedure callback_receive_banner() in client.c –
> around line# 129
>
>  
>
> Thanks,
>
> Saju
>
>  
>
> /**
>
> * @internal
>
> *
>
> * @brief Gets the banner from socket and saves it in session.
>
> * Updates the session state
>
> *
>
> * @param  data pointer to the beginning of header
>
> * @param  len size of the banner
>
> * @param  user is a pointer to session
>
> * @returns Number of bytes processed, or zero if the banner is not
> complete.
>
> */
>
> static int callback_receive_banner(const void *data, size_t len, void
> *user) {
>
>   char *buffer = (char *)data;
>
>   ssh_session session=(ssh_session) user;
>
>   char *str = NULL;
>
>   size_t i;
>
>   int ret=0;
>
>  
>
>   if(session->session_state != SSH_SESSION_STATE_SOCKET_CONNECTED){
>
>                 ssh_set_error(session,SSH_FATAL,"Wrong state in
> callback_receive_banner : %d",session->session_state);
>
>  
>
>                 return SSH_ERROR;
>
>   }
>
>   for(i=0;i<len;++i){
>
> #ifdef WITH_PCAP
>
>                 if(session->pcap_ctx && buffer[i] == '\n'){
>
>                                
> ssh_pcap_context_write(session->pcap_ctx,SSH_PCAP_DIR_IN,buffer,i+1,i+1);
>
>                 }
>
> #endif
>
>     if(buffer[i]=='\r') {
>
>         buffer[i]='\0';
>
>     }
>
>     if (buffer[i]=='\n') {
>
>         buffer[i] = '\0';
>
>         str = strdup(buffer);
>
>         if (str == NULL) {
>
>             return SSH_ERROR;
>
>         }
>
>         /* number of bytes read */
>
>         ret = i + 1;
>
>         session->serverbanner = str;
>
>                                
> session->session_state=SSH_SESSION_STATE_BANNER_RECEIVED;
>
>                                 SSH_LOG(SSH_LOG_PACKET,"Received
> banner: %s",str);
>
>                                 session->ssh_connection_callback(session);
>
>  
>
>                                 return ret;
>
>                 }
>
>                 if(i>127){
>
>                                 /* Too big banner */
>
>                                
> session->session_state=SSH_SESSION_STATE_ERROR;
>
>                                
> ssh_set_error(session,SSH_FATAL,"Receiving banner: too large banner");
>
>  
>
>                                 return 0;
>
>                 }
>
>   }
>
>  
>
>   return ret;
>
> }
>
>  
>
>  
>
Follow-Ups:
Re: SSH version or banner string maximum length?Saju Panikulam <spanikulam@xxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org