You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Goldstein Lyor (JIRA)" <ji...@apache.org> on 2018/11/16 16:36:01 UTC

[jira] [Created] (SSHD-868) Add some protection against maliciously crafted packets

Goldstein Lyor created SSHD-868:
-----------------------------------

             Summary: Add some protection against maliciously crafted packets
                 Key: SSHD-868
                 URL: https://issues.apache.org/jira/browse/SSHD-868
             Project: MINA SSHD
          Issue Type: Improvement
    Affects Versions: 2.1.1
            Reporter: Goldstein Lyor
            Assignee: Goldstein Lyor


According to [RFC4256 - section 3.2|https://tools.ietf.org/html/rfc4256]
{quote}
The server SHOULD take into consideration that some clients may not
be able to properly display a long name or prompt field (see next
section), and limit the lengths of those fields if possible.
{quote}
The current code in {{UserAuthKeyboardInteractive#processAuthDataRequest}} does not make sure that the number of challenges or the length of each challenge is reasonable (not to mention the other packet components). Therefore, a maliciously crafted packet can cause out-of-memory errors by requesting an extremely large number of responses or sending very large challenges.

It is important to notice that this problem is not limited to the {{keyboard-interactive}} protocol but to the entire packet encode/decode mechanism since it is a RLE (read-length encoding). Wherever possible we should add some reasonable but large enough limitations on the expected size of strings/arrays/etc.. being decoded from incoming SSH packets.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)