Skip to content

Commit e7f66e7

Browse files
committed
GH-891: Fix format of injected SSH_MSG_IGNORE
The message was constructed wrongly as SSH_MSG_IGNORE + (random data) instead of as SSH_MSG_IGNORE + (length of random data) + (random data). This is a bug only in the 3.0 branch; in the 2.x branch the packet is constructed correctly. Our regression tests failed to catch this because neither Apache MINA SSHD nor openSSH look at the body of an SSH_MSG_IGNORE packet. Some other servers do. Tighten the InjectIgnoreFilterTest to also verify the full packet format.
1 parent fff5fe2 commit e7f66e7

3 files changed

Lines changed: 10 additions & 2 deletions

File tree

CHANGES.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@ newer Java versions the already built-in cryptographic algorithms for ChaCha20,
3333
## Bug Fixes
3434

3535
* [GH-852](https://github.com/apache/mina-sshd/issues/852) Fix wrong import
36+
* [GH-891](https://github.com/apache/mina-sshd/issues/891) (Regression in 3.0.0-M1) Fix format of injected SSH_MSG_IGNORE
3637

3738
## Major Code Re-factoring
3839

sshd-core/src/main/java/org/apache/sshd/common/session/filters/InjectIgnoreFilter.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -141,10 +141,12 @@ private int shouldSendIgnore(int cmd) {
141141

142142
private Buffer createIgnoreBuffer(int length) {
143143
int size = length + random.random(length + 1);
144-
Buffer buffer = new ByteArrayBuffer(SshConstants.SSH_PACKET_HEADER_LEN + 1 + size + CryptFilter.MAX_PADDING + 64);
144+
Buffer buffer = new ByteArrayBuffer(
145+
SshConstants.SSH_PACKET_HEADER_LEN + 1 + Integer.BYTES + size + CryptFilter.MAX_PADDING + 64);
145146
buffer.rpos(SshConstants.SSH_PACKET_HEADER_LEN);
146147
buffer.wpos(SshConstants.SSH_PACKET_HEADER_LEN);
147148
buffer.putByte(SshConstants.SSH_MSG_IGNORE);
149+
buffer.putUInt(size);
148150
int start = buffer.wpos();
149151
buffer.wpos(buffer.wpos() + size);
150152
random.fill(buffer.array(), start, size);

sshd-core/src/test/java/org/apache/sshd/common/session/filters/InjectIgnoreFilterTest.java

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,15 +76,20 @@ void expectIgnores() throws Exception {
7676
}
7777
assertEquals((frequency + 1) * rounds, outputs.outputs.size());
7878
List<IoWriteFutureWithData> out = outputs.outputs;
79+
int foundIgnore = 0;
7980
for (int i = 0; i < outputs.outputs.size();) {
8081
for (int j = 0; j < frequency - 1; j++) {
8182
Buffer data = out.get(i++).data;
8283
assertEquals(-1, data.rawByte(data.rpos()));
8384
}
8485
Buffer data = out.get(i++).data;
85-
assertEquals(SshConstants.SSH_MSG_IGNORE, data.rawByte(data.rpos()));
86+
assertEquals(SshConstants.SSH_MSG_IGNORE, data.getByte());
87+
foundIgnore++;
88+
long dataLength = data.getUInt();
89+
assertEquals(data.available(), dataLength);
8690
data = out.get(i++).data;
8791
assertEquals(-1, data.rawByte(data.rpos()));
8892
}
93+
assertEquals(rounds, foundIgnore);
8994
}
9095
}

0 commit comments

Comments
 (0)