[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] Allow SSH2_MSG_EXT_INFO when authenticated
[Thread Prev] | [Thread Next]
- Subject: Re: [PATCH] Allow SSH2_MSG_EXT_INFO when authenticated
- From: Jakub Jelen <jjelen@xxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Tue, 11 Dec 2018 12:10:34 +0100
- To: libssh@xxxxxxxxxx
On Mon, 2018-12-10 at 09:10 -0500, Anderson Sasaki wrote: > Hello, > > Continuing the investigation of the curl issue [1], I found the > actual problem which is a regression introduced by the CVE-2018-10933 > fix. > The SSH_MSG_EXT_INFO, used in key exchange, is being filtered when > the user is already authenticated. This breaks the re-keying. > Follows attached a patch to fix this regression. It can be reviewed > in gitlab [2]. I don't think your patch is right. The SSH_MSG_EXT_INFO is acceptable only during the first key exchange. See the discussion in OpenSSH bug about this + the RFC: https://bugzilla.mindrot.org/show_bug.cgi?id=2929 > o As the next packet following the server's first SSH_MSG_NEWKEYS. [0] The bug in OpenSSH server was that it send the EXT_INFO when the ext- info-c was sent by the libssh client in the rekey request (also wrongly, but already fixed in [1]). [0] https://tools.ietf.org/html/rfc8308#section-2.4 [1] https://gitlab.com/jjelen/libssh-mirror/commit/83f2ac4a > > Regards, > Anderson > > [1] https://github.com/curl/curl/issues/3310 > [2] https://gitlab.com/ansasaki/libssh-mirror/merge_requests/20 -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc.
| Re: [PATCH] Allow SSH2_MSG_EXT_INFO when authenticated | Anderson Sasaki <ansasaki@xxxxxxxxxx> |
| [PATCH] Allow SSH2_MSG_EXT_INFO when authenticated | Anderson Sasaki <ansasaki@xxxxxxxxxx> |