From nobody Tue Oct 04 21:17:23 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MhrBW5V8gz4dkN9; Tue, 4 Oct 2022 21:17:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MhrBW4yxJz3HdG; Tue, 4 Oct 2022 21:17:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1664918243; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5UmMP4+p4biVFidsf67krMVJfP+nwfJsiUsEL2DiVNI=; b=DhX3Ri4kfnFTfw/qhqoYLRLTyKLzGUQKqv9uwE4See55YfQWPcqgzG1lA2lIQnIrnB5lha na5A9i+VAhQrMQV6nyPsMOL76X8gXpdrOgYM/MVfq6zuxIOfyzHmihPuVGIXi0IvENk554 RcMKPPbX1FymL/+LYt/7Z8z8mRvtnuFcGVT/MmZNCOG3gNkC8eLQibyy5Q+tVpA4nkzJ2i qqtpz9NiC1SfzhLutKCqzGmSu02Gr72dYHmK9acG9jM6lh9XUtTgbWXuVeKB82MSXBuBHD NgSiqZdZm8B7LT1K8OIUNx+RPOcf+i9zsAhxwQtyO4DIy15nWWGISIwDClWBtQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4MhrBW3m4qzhPJ; Tue, 4 Oct 2022 21:17:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 294LHNnF012356; Tue, 4 Oct 2022 21:17:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 294LHNlj012355; Tue, 4 Oct 2022 21:17:23 GMT (envelope-from git) Date: Tue, 4 Oct 2022 21:17:23 GMT Message-Id: <202210042117.294LHNlj012355@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ed Maste Subject: git: 5e5ebbee81bf - main - ssh-keyscan: Strictly enforce the maximum allowed SSH2 banner size List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5e5ebbee81bfd1c034caffa00d58d4e06e1b26ee Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1664918243; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5UmMP4+p4biVFidsf67krMVJfP+nwfJsiUsEL2DiVNI=; b=HZ5N0PUgxBFxK0SSFWo6GIysY4BOdzdyYKQUxlB8DLP+GMk74YRNd8tliyFId28bXaN0a7 NBp97aeY60hvIiBYHnPr1DIrr3T/zP6vPLCFoGtO0njcUH/5tC9O5MLsxQosHArdvxowFO 1mYBHNDRedgXXtXVfaeeYcUVF651/mUdlCQWdoN2joolYusTLDzUJPJdEWOO5z4/4pHeCl scK5H254UJXt8JVrIyljpHsu9MLgT5FwzY4XRgzB7RW2YLZpypw9USZJkYnYHfl4Dj0E47 90sjDM+BdHAZhVQe6fnjr1S8kZ9Jng6sPgKmBSMOo/zcsd+Z76G/HcSXmq9LTQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1664918243; a=rsa-sha256; cv=none; b=LeJ62hp0dTswhogl+lBHgnilfwLTz0R+3sYFDxsA4UtxjHv18mBV48iit8rTdP/W/nai0v XTpaPDDIoMj0RsyszOSfyiu3on4/AwjNEgkQbCI/PeGGFZrKi0rHY8wyeGePGYsVkp2eXK aYUsOcLWO3R/w6iC13hc3qs/CVDnuaoaFpdtsb1YyqJIKqjq5bDz5BxazfCcAFeShkODDU KdfsQjuXOxfVnH3lyRwvWAMR/9d6dnFKiCdAn9Wpz6o742fas5jUhD/uJ1d2RvQsZQbwzL 0qCHGs9C6zKB9uIDyIgLVbofc838dj/yoYfw/dy5vLWlVbePSzfafEQhRKQB9g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=5e5ebbee81bfd1c034caffa00d58d4e06e1b26ee commit 5e5ebbee81bfd1c034caffa00d58d4e06e1b26ee Author: Ed Maste AuthorDate: 2022-10-04 20:28:13 +0000 Commit: Ed Maste CommitDate: 2022-10-04 20:30:00 +0000 ssh-keyscan: Strictly enforce the maximum allowed SSH2 banner size From OpenSSH-portable commit ff89b1bed807, OpenBSD commit 6ae664f9f4db. MFC after: 3 days --- crypto/openssh/ssh-keyscan.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/crypto/openssh/ssh-keyscan.c b/crypto/openssh/ssh-keyscan.c index d29a03b4e68a..d7283136c7d2 100644 --- a/crypto/openssh/ssh-keyscan.c +++ b/crypto/openssh/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.145 2022/01/21 00:53:40 deraadt Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.146 2022/08/19 04:02:46 dtucker Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -490,6 +490,15 @@ congreet(int s) return; } + /* + * Read the server banner as per RFC4253 section 4.2. The "SSH-" + * protocol identification string may be preceeded by an arbitarily + * large banner which we must read and ignore. Loop while reading + * newline-terminated lines until we have one starting with "SSH-". + * The ID string cannot be longer than 255 characters although the + * preceeding banner lines may (in which case they'll be discarded + * in multiple iterations of the outer loop). + */ for (;;) { memset(buf, '\0', sizeof(buf)); bufsiz = sizeof(buf); @@ -517,6 +526,11 @@ congreet(int s) conrecycle(s); return; } + if (cp >= buf + sizeof(buf)) { + error("%s: greeting exceeds allowable length", c->c_name); + confree(s); + return; + } if (*cp != '\n' && *cp != '\r') { error("%s: bad greeting", c->c_name); confree(s);