diff options
author | Hans Nilsson <[email protected]> | 2016-08-29 13:07:57 +0200 |
---|---|---|
committer | Hans Nilsson <[email protected]> | 2016-08-29 16:51:52 +0200 |
commit | 85fc9764cee4ba48bb6cac71efc400415508e0d0 (patch) | |
tree | ea3f46bb3b7e85b47ffddbfeb0b7bd16b6db5e96 /lib/ssh/src | |
parent | 912f701dde1aa24e81de6fa37dfec5de8f8c989d (diff) | |
download | otp-85fc9764cee4ba48bb6cac71efc400415508e0d0.tar.gz otp-85fc9764cee4ba48bb6cac71efc400415508e0d0.tar.bz2 otp-85fc9764cee4ba48bb6cac71efc400415508e0d0.zip |
ssh: fix Codenomicon/Defensics auth problem with incomplete pdu
Trailing pdu values being 0 or empty strings are just excluded from the pdu
by Codenomicon/Defensics.
This is wrong but some kind of habit "out there". This commit makes Erlang SSH
accept such pdu in one place because Defensics is king of security tests ...
Diffstat (limited to 'lib/ssh/src')
-rw-r--r-- | lib/ssh/src/ssh_auth.erl | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index fb5e086656..1dcf5d0708 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -264,12 +264,23 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, SessionId, #ssh{opts = Opts, userauth_supported_methods = Methods} = Ssh) -> - <<?BYTE(HaveSig), ?UINT32(ALen), BAlg:ALen/binary, - ?UINT32(KLen), KeyBlob:KLen/binary, SigWLen/binary>> = Data, - Alg = binary_to_list(BAlg), + + <<?BYTE(HaveSig), + ?UINT32(ALen), BAlg:ALen/binary, + Rest/binary>> = Data, + + {KeyBlob, SigWLen} = + case Rest of + <<?UINT32(KLen0), KeyBlob0:KLen0/binary, SigWLen0/binary>> -> + {KeyBlob0, SigWLen0}; + <<>> -> + {<<>>, <<>>} + end, + case HaveSig of ?TRUE -> - case verify_sig(SessionId, User, "ssh-connection", Alg, + case verify_sig(SessionId, User, "ssh-connection", + binary_to_list(BAlg), KeyBlob, SigWLen, Opts) of true -> {authorized, User, @@ -284,7 +295,7 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, ?FALSE -> {not_authorized, {User, undefined}, ssh_transport:ssh_packet( - #ssh_msg_userauth_pk_ok{algorithm_name = Alg, + #ssh_msg_userauth_pk_ok{algorithm_name = binary_to_list(BAlg), key_blob = KeyBlob}, Ssh)} end; |