bugzilla-daemon at mindrot.org
2014-Aug-25 14:52 UTC
[Bug 2264] New: RekeyLimit option does not allow '4G' value when UINT_MAX is 0xffffffff
https://bugzilla.mindrot.org/show_bug.cgi?id=2264 Bug ID: 2264 Summary: RekeyLimit option does not allow '4G' value when UINT_MAX is 0xffffffff Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: glee at ciena.com When value '4G' is used to specify the RekeyLimit value, the configuration file parsing function, scan_scaled(), converts the 4G into value 4294967296 (in readconf.c and in servconf.c alike). On systems where UINT_MAX is 0xffffffff, we are not able to configure value '4G' due to the 4294967296 being greater than 4294967295. This appears to be a bug since one would expect a value of 4G to be able to be specified on a 32-bit OS. The way in which the function set_newkeys() sets the value of max_blocks, it seems like openssh should be able to allow value 4G and perform the math to determine number of blocks before rekey takes place. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-May-22 05:49 UTC
[Bug 2264] RekeyLimit option does not allow '4G' value when UINT_MAX is 0xffffffff
https://bugzilla.mindrot.org/show_bug.cgi?id=2264 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2403 CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- rekey_limit is actually an int64_t, so this could probably be increased. That being said, 4G is a bit long between rekeys... -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Aug-11 12:59 UTC
[Bug 2264] RekeyLimit option does not allow '4G' value when UINT_MAX is 0xffffffff
https://bugzilla.mindrot.org/show_bug.cgi?id=2264 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2443 --- Comment #2 from Damien Miller <djm at mindrot.org> --- Retarget pending bugs to openssh-7.1 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Aug-11 13:00 UTC
[Bug 2264] RekeyLimit option does not allow '4G' value when UINT_MAX is 0xffffffff
https://bugzilla.mindrot.org/show_bug.cgi?id=2264 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|2403 | -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Aug-21 10:56 UTC
[Bug 2264] RekeyLimit option does not allow '4G' value when UINT_MAX is 0xffffffff
https://bugzilla.mindrot.org/show_bug.cgi?id=2264 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2451 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2451 [Bug 2451] Bugs intended to be fixed in 7.2 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Aug-21 10:58 UTC
[Bug 2264] RekeyLimit option does not allow '4G' value when UINT_MAX is 0xffffffff
https://bugzilla.mindrot.org/show_bug.cgi?id=2264 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|2443 | Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2443 [Bug 2443] Bugs intended to be fixed for OpenSSH 7.1 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Feb-05 02:54 UTC
[Bug 2264] RekeyLimit option does not allow '4G' value when UINT_MAX is 0xffffffff
https://bugzilla.mindrot.org/show_bug.cgi?id=2264 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #3 from Darren Tucker <dtucker at zip.com.au> --- This has been fixed, you can now specify RekeyLimits up to 2**63. https://anongit.mindrot.org/openssh.git/commit/?id=921ff00b0ac429666fb361d2d6cb1c8fff0006cb upstream commit Allow RekeyLimits in excess of 4G up to 2**63 bits (limited by the return type of scan_scaled). Part of bz#2521, ok djm. Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-02 00:42 UTC
[Bug 2264] RekeyLimit option does not allow '4G' value when UINT_MAX is 0xffffffff
https://bugzilla.mindrot.org/show_bug.cgi?id=2264 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Damien Miller <djm at mindrot.org> --- Close all resolved bugs after 7.3p1 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Reasonably Related Threads
- [Bug 2252] New: RekeyLimit breaks ClientAlive
- [Bug 1390] New: RekeyLimit max value is too restrictive
- [Bug 1056] RekeyLimit can be ridiculously low and is undocumented.
- [Bug 2443] New: Bugs intended to be fixed for OpenSSH 7.1
- VisualHostKey vs. RekeyLimit vs. VerifyHostKeyDNS