bugzilla-daemon at bugzilla.mindrot.org
2017-Dec-03 00:44 UTC
[Bug 2803] New: User input for cont.connection w/ new key doesn't checks properly
https://bugzilla.mindrot.org/show_bug.cgi?id=2803
Bug ID: 2803
Summary: User input for cont.connection w/ new key doesn't
checks properly
Product: Portable OpenSSH
Version: 7.6p1
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: ntfs.hard at gmail.com
When you connecting to an unknown server you will get a message
"The authenticity of host ABC can't be established.
ECDSA key fingerprint is SHA256:XYZ.
Are you sure you want to continue connecting (yes/no)?"
If you type 'yesno' for example it will be treated as 'yes'
It looks like the issue in `sshconnect.c: static int confirm(const char
*prompt)` function. It checks only 2||3 symbols from user input:
strncasecmp(p, "no", 2)||strncasecmp(p, "yes", 3)
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Dec-03 01:09 UTC
[Bug 2803] User input for cont.connection w/ new key doesn't checks properly
https://bugzilla.mindrot.org/show_bug.cgi?id=2803
Derbasov, Maksim <ntfs.hard at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ntfs.hard at gmail.com
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Jan-05 02:48 UTC
[Bug 2803] User input for cont.connection w/ new key doesn't checks properly
https://bugzilla.mindrot.org/show_bug.cgi?id=2803
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
CC| |djm at mindrot.org
Blocks| |2782
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Fixed in rev e0ce54c0b and will be in OpenSSH 7.7 - thanks!
commit e0ce54c0b9ca3a9388f9c50f4fa6cc25c28a3240
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Dec 6 05:06:21 2017 +0000
upstream commit
don't accept junk after "yes" or "no" responses to
hostkey prompts. bz#2803 reported by Maksim Derbasov; ok dtucker@
OpenBSD-Commit-ID: e1b159fb2253be973ce25eb7a7be26e6f967717c
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2782
[Bug 2782] Tracking bug for OpenSSH 7.7 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Apr-06 02:26 UTC
[Bug 2803] User input for cont.connection w/ new key doesn't checks properly
https://bugzilla.mindrot.org/show_bug.cgi?id=2803
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after release of OpenSSH 7.7.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-May-10 04:41 UTC
[Bug 2803] User input for cont.connection w/ new key doesn't checks properly
https://bugzilla.mindrot.org/show_bug.cgi?id=2803
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |troy at box293.com
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
*** Bug 2981 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.