bin/160279: sshd truncates the data when `HPNDisabled no'

HIROSHI OOTA nil at mad.dog.cx
Mon Aug 29 13:40:12 UTC 2011 

>Number:         160279
>Category:       bin
>Synopsis:       sshd truncates the data when `HPNDisabled no'
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 29 13:40:11 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     HIROSHI OOTA
>Release:        9--BETA2 (Aug 29 2011)
>Organization:
>Environment:
FreeBSD XXX 9.0-BETA2 FreeBSD 9.0-BETA2 #156 r225239M: Mon Aug 29 10:57:13 JST 2011     root@  amd64

>Description:
When HPN is enable, The data transmitted with plink(ssh client for windows) is truncated.
When `HPNDisabled yes' is set in sshd_config, the bug doesn't occur. 
The size of the data is different at every execution. 

client:
OS: Windows XpSP3
ssh-client:  plink(SSH-2.0-PuTTY_Release_0.60)

server:  FreeBSD 9.0-BETA2
>How-To-Repeat:
When I send data.dat(5,747,152 bytes), sshd truncates it.

Y:\test>plink -v  my-server.example.com dd of=/dev/null < data.dat
Looking up host "my-server.example.com"
Connecting to xxx.xxx.xxx.xxx port 22
Server version: SSH-2.0-OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503
We claim version: SSH-2.0-PuTTY_Release_0.60
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Pageant is running. Requesting keys.
Pageant has 1 SSH-2 keys
Using username "xxx".
Trying Pageant key #0
Authenticating with public key "xxxx" from agent
Sending Pageant's response
Access granted
Opened channel for session
Started a shell/command
Sent EOF message
11155+37 records in
11173+1 records out
5720935 bytes transferred in 25.294115 secs (226177 bytes/sec) <== incorrect size
Server sent command exit status 0
Disconnected: All channels closed

Y:\test>dir
 Volume in drive Y has no label.
 Volume Serial Number is 000A-E626

 Directory of Y:\test

2011/08/29  21:52    <DIR>          .
2011/08/29  21:52    <DIR>          ..
2008/08/26  20:37         5,747,152 data.dat
               1 File(s)      5,747,152 bytes
               2 Dir(s)     440,913,920 bytes free
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list