openssh bugs - Dec 2017 - [Bug 2810] New: Broken compatibility with old SSH clients sending 1.99 identification

https://bugzilla.mindrot.org/show_bug.cgi?id=2810

            Bug ID: 2810
           Summary: Broken compatibility with old SSH clients sending 1.99
                    identification
           Product: Portable OpenSSH
           Version: 7.6p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

The git commit 97f4d30 [1] introduced a the following change that I
suspect is wrong:

-       if (remote_major == 2 ||
-           (remote_major == 1 && remote_minor == 99)) {
-               enable_compat20();
-       } else {
+       if (remote_major != 2 ||
+           (remote_major == 1 && remote_minor != 99)) { 

The first part of condition is correctly negated to leave the same
behavior for 2.0 clients, but not the second part. The correct result
should look like this:

+       if (remote_major != 2 &&
+           !(remote_major == 1 && remote_minor == 99)) { 

So we will not bail out on comparing 2.0 with 1.99 protocol versions.

Additionally, if I read the RFC 4253, Section 5.1 [1] correctly, the
client should not send the 1.99 identification and therefore it is also
a bug of a client. But it worked before OpenSSH 7.6 and the above
change is clearly wrong.

This was initially discussed in Red Hat bugzilla [3].

[1]
https://github.com/openssh/openssh-portable/commit/97f4d3083b036ce3e68d6346a6140a22123d5864#diff-4035368a40ab0fedd413faefcbf832d7
[2] https://tools.ietf.org/html/rfc4253#section-5.1
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1524392#c26

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2810

jouk <joukj at hrem.nano.tudelft.nl> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |joukj at hrem.nano.tudelft.nl

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2810

--- Comment #1 from jouk <joukj at hrem.nano.tudelft.nl> ---
Some discussion on clients sending 1.99 can be found here:

https://community.hpe.com/t5/Operating-System-OpenVMS/SSH-1-99-sent-by-client-not-RFC-compliant/td-p/4688885

                 Jouk

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2810

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
   Attachment #3109|                            |ok?
              Flags|                            |

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Created attachment 3109
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3109&action=edit
don't refuse SSH-1.99 clients

doh, you're quite right

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2810

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net
   Attachment #3109|ok?                         |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2810

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Blocks|                            |2782
             Status|NEW                         |RESOLVED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Fix applied, will be in OpenSSH 7.7


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2782
[Bug 2782] Tracking bug for OpenSSH 7.7 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2810

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.