openssh bugs - Jul 2012 - [Bug 2025] New: Comments with 1024 chars or more break sshd_config

https://bugzilla.mindrot.org/show_bug.cgi?id=2025

          Priority: P5
            Bug ID: 2025
          Assignee: unassigned-bugs at mindrot.org
           Summary: Comments with 1024 chars or more break sshd_config
          Severity: normal
    Classification: Unclassified
                OS: Linux
          Reporter: bugzilla.mindrot.org-mail at nils.toedtmann.net
          Hardware: All
            Status: NEW
           Version: 6.0p1
         Component: sshd
           Product: Portable OpenSSH

Created attachment 2173
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2173&action=edit
Prepends a comment longer than 1024 chars to sshd_config

(I searched and i did not find this behaviour documented e.g. as known
bug. Forgive me if i have missed it)


When sshd_config contains a comment of more than 1023 chars, it treats
char 1024+ as valid configuration. That usually breaks the config, or
(in case there accidentally is valid sshd_config syntax) is unwanted.

To verify the bug, apply appended patch to sshd_config (that prepends a
long comment) and try to start ssh. You will see this:

  $ sudo /usr/local/sbin/sshd
  /usr/local/etc/sshd_config: line 2: Bad configuration option:
ThisIsTheEndOfALongComment
  /usr/local/etc/sshd_config: terminating, 1 bad configuration options

Note that it complains about line 2 though the offending comment is in
line 1.

It is worth mentioning that active configuration lines longer than 1023
chars work fine. (I discovered this bug when i commented out a long
"Match Address" list)

This bug strikes at on
 * openssh-6.0p1 from openssh.com (built on Ubuntu 11.10 i686)
 * openssh-server-5.3p1-70.el6_2.2.x86_64 (CentOS 6.2)
 * openssh-server 1:5.3p1-3ubuntu7 (Ubuntu 10.04 LTS)
 * openssh-server 1:5.8p1-7ubuntu1 (Ubuntu 11.10)
 * openssh-server 1:5.9p1-5ubuntu1 (Ubuntu 12.04 LTS)

(See also
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1023360)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2025

--- Comment #1 from Darren Tucker <dtucker at zip.com.au> ---
Created attachment 2174
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2174&action=edit
extend config line length limit and detect if it's exceeded

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2025

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED
             Blocks|                            |1986

--- Comment #2 from Darren Tucker <dtucker at zip.com.au> ---
This has been fixed and the fix will be in the next release.

Thanks.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2025

--- Comment #3 from Nils Toedtmann <bugzilla.mindrot.org-mail at
nils.toedtmann.net> ---
Wow, that was quick. Thanks!

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2025

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.