diff options
author | Hans Nilsson <[email protected]> | 2017-01-18 16:08:01 +0100 |
---|---|---|
committer | Hans Nilsson <[email protected]> | 2017-01-18 16:08:01 +0100 |
commit | 9ff231ba932dded5d712bb34fffe1f396d975a2c (patch) | |
tree | d26cea8abb1c2fef683ae50d71d415b2ade02bca | |
parent | 1d947e619d805c76d0c9d5e1745af08da8d6cef4 (diff) | |
download | otp-9ff231ba932dded5d712bb34fffe1f396d975a2c.tar.gz otp-9ff231ba932dded5d712bb34fffe1f396d975a2c.tar.bz2 otp-9ff231ba932dded5d712bb34fffe1f396d975a2c.zip |
ssh: Reduce info leakage on decrypt errors
Use same message when there are packet errors like too long length, MAC, decrypt or decode errors.
This is regarded as good practise to prevent some attacks
-rw-r--r-- | lib/ssh/src/ssh_connection_handler.erl | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 7451c9e6d0..8718e92fa2 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1206,7 +1206,7 @@ handle_event(info, {Proto, Sock, NewData}, StateName, D0 = #data{socket = Sock, catch _C:_E -> disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Encountered unexpected input"}, + description = "Bad packet"}, StateName, D) end; @@ -1221,13 +1221,12 @@ handle_event(info, {Proto, Sock, NewData}, StateName, D0 = #data{socket = Sock, {bad_mac, Ssh1} -> disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Bad mac"}, + description = "Bad packet"}, StateName, D0#data{ssh_params=Ssh1}); - {error, {exceeds_max_size,PacketLen}} -> + {error, {exceeds_max_size,_PacketLen}} -> disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Bad packet length " - ++ integer_to_list(PacketLen)}, + description = "Bad packet"}, StateName, D0) catch _C:_E -> |