openssh bugs - Nov 2015 - [Bug 2494] New: kex_protocol_error should send SSH2_MSG_UNIMPLEMENTED

https://bugzilla.mindrot.org/show_bug.cgi?id=2494

            Bug ID: 2494
           Summary: kex_protocol_error should send SSH2_MSG_UNIMPLEMENTED
           Product: Portable OpenSSH
           Version: 6.9p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: cjwatson at debian.org

At least in the compat20 case, kex_protocol_error should send
SSH2_MSG_UNIMPLEMENTED as dispatch_protocol_error does rather than
simply logging and ignoring the message.  This would make it possible
for a client to actually find out that a message it has sent was
unrecognised rather than simply hanging, and perhaps even have a
fallback.  This would appear to be a MUST in RFC 4253 section 11.4, if
I'm reading it correctly.

(Discovered while debugging a twisted.conch hang that turned out to be
due to sending SSH2_MSG_KEX_DH_GEX_REQUEST_OLD, but it would have been
easier to spot if I'd got an unimplemented packet back from sshd.)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2494

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
                 CC|                            |djm at mindrot.org,
                   |                            |dtucker at zip.com.au
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
   Attachment #2749|                            |ok?(dtucker at zip.com.au)
              Flags|                            |

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 2749
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2749&action=edit
send SSH_MSG_UNIMPLEMENTED on kex protocol error

I think this should do it; can you test against the conch version that
was sending the old key exchange?

Also, please send the banner string for the affected conch version so
we can add a compat flag for it.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2494

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2749|ok?(dtucker at zip.com.au)     |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2494

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2749|0                           |1
        is obsolete|                            |
   Attachment #2750|                            |ok?(dtucker at zip.com.au)
              Flags|                            |

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Created attachment 2750
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2750&action=edit
fixed diff

oops, previous diff forgot to declare a variable

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2494

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2750|ok?(dtucker at zip.com.au)     |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2494

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2451

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Patch applied - this will be in OpenSSH 7.2. (Please do let us know the
affected conch version though)


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2494

--- Comment #4 from Colin Watson <cjwatson at debian.org> ---
Thanks, that does indeed produce a sensible unimplemented message
against that conch version, not that conch does anything with it other
than logging it.  Still better than nothing.

I'm afraid that conch doesn't currently send a useful banner string for
the purposes of compat flags:

debug1: Client protocol version 2.0; client software version Twisted

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2494

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|ASSIGNED                    |RESOLVED

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Patch has been applied - will be in OpenSSH 7.2

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2494

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #6 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.