bugzilla-daemon at mindrot.org
2023-Aug-29 22:59 UTC
[Bug 3356] sshconnect2: SSH_MSG_EXT_INFO implementation seems broken based on RFC 8308
https://bugzilla.mindrot.org/show_bug.cgi?id=3356
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 3725
--> https://bugzilla.mindrot.org/attachment.cgi?id=3725&action=edit
relax reception of 2nd EXT_INFO message
Yes, this is a bug :(
Unfortunately, the 2nd KEX_INFO message is fairly useless anyway
because it happens too late to affect userauth. E.g. it's not possible
to use EXT_INFO to vary server-sig-algs per user which is the one thing
we'd want to be able to do with it currently.
It would be usable for the other options in RFC8308, but IMO they are
either irrelevant to OpenSSH ("elevation"), already implemented
differently in OpenSSH ("zlib at openssh.com") just useless
"no-flow-control" (a peer could just advertise arbitrarily large
channel windows).
The attached patch relaxes reception of the 2nd EXT_INFO message to
allow it at any time during userauth. This makes us bug-compatible with
OpenSSH <9.5, compatible with the spec and potentially usable for
advertising server-sig-algs during userauth (though doing so would be a
separate violation of RFC8308).
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
Reasonably Related Threads
- [Bug 2929] New: OpenSSH server should not send the SSH_MSG_EXT_INFO message after rekeying
- [Bug 2642] New: [sshconnect2] publickey authentication only properly works if used first: pubkey_prepare doesn't work after pubkey_cleanup
- OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthentication no + PermitEmptyPasswords yes (followup)
- Automatic FIDO2 key negotiation (request for comments)
- [PATCH] PROTOCOL: make section numbers unique