You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Goldstein Lyor (JIRA)" <ji...@apache.org> on 2018/11/18 05:04:00 UTC
[jira] [Work started] (SSHD-868) Add some protection against
maliciously crafted packets
[ https://issues.apache.org/jira/browse/SSHD-868?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on SSHD-868 started by Goldstein Lyor.
-------------------------------------------
> Add some protection against maliciously crafted packets
> -------------------------------------------------------
>
> Key: SSHD-868
> URL: https://issues.apache.org/jira/browse/SSHD-868
> Project: MINA SSHD
> Issue Type: Improvement
> Affects Versions: 2.1.1
> Reporter: Goldstein Lyor
> Assignee: Goldstein Lyor
> Priority: Major
> Labels: memory, overflow, security
>
> According to [RFC4256 - section 3.2|https://tools.ietf.org/html/rfc4256]
> {quote}
> The server SHOULD take into consideration that some clients may not
> be able to properly display a long name or prompt field (see next
> section), and limit the lengths of those fields if possible.
> {quote}
> The current code in {{UserAuthKeyboardInteractive#processAuthDataRequest}} does not make sure that the number of challenges or the length of each challenge is reasonable (not to mention the other packet components). Therefore, a maliciously crafted packet can cause out-of-memory errors by requesting an extremely large number of responses or sending very large challenges.
> It is important to notice that this problem is not limited to the {{keyboard-interactive}} protocol but to the entire packet encode/decode mechanism since it is a RLE (read-length encoding). Wherever possible we should add some reasonable but large enough limitations on the expected size of strings/arrays/etc.. being decoded from incoming SSH packets.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)