aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssh
diff options
context:
space:
mode:
authorHans Nilsson <[email protected]>2017-01-18 16:08:01 +0100
committerHans Nilsson <[email protected]>2017-01-18 16:08:01 +0100
commit9ff231ba932dded5d712bb34fffe1f396d975a2c (patch)
treed26cea8abb1c2fef683ae50d71d415b2ade02bca /lib/ssh
parent1d947e619d805c76d0c9d5e1745af08da8d6cef4 (diff)
downloadotp-9ff231ba932dded5d712bb34fffe1f396d975a2c.tar.gz
otp-9ff231ba932dded5d712bb34fffe1f396d975a2c.tar.bz2
otp-9ff231ba932dded5d712bb34fffe1f396d975a2c.zip
ssh: Reduce info leakage on decrypt errors
Use same message when there are packet errors like too long length, MAC, decrypt or decode errors. This is regarded as good practise to prevent some attacks
Diffstat (limited to 'lib/ssh')
-rw-r--r--lib/ssh/src/ssh_connection_handler.erl9
1 files changed, 4 insertions, 5 deletions
diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl
index 7451c9e6d0..8718e92fa2 100644
--- a/lib/ssh/src/ssh_connection_handler.erl
+++ b/lib/ssh/src/ssh_connection_handler.erl
@@ -1206,7 +1206,7 @@ handle_event(info, {Proto, Sock, NewData}, StateName, D0 = #data{socket = Sock,
catch
_C:_E ->
disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR,
- description = "Encountered unexpected input"},
+ description = "Bad packet"},
StateName, D)
end;
@@ -1221,13 +1221,12 @@ handle_event(info, {Proto, Sock, NewData}, StateName, D0 = #data{socket = Sock,
{bad_mac, Ssh1} ->
disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR,
- description = "Bad mac"},
+ description = "Bad packet"},
StateName, D0#data{ssh_params=Ssh1});
- {error, {exceeds_max_size,PacketLen}} ->
+ {error, {exceeds_max_size,_PacketLen}} ->
disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR,
- description = "Bad packet length "
- ++ integer_to_list(PacketLen)},
+ description = "Bad packet"},
StateName, D0)
catch
_C:_E ->