Page MenuHomePhabricator

Handling of "auth-agent-req@openssh.com" Does Not Honor "want reply" (can cause Putty clients to hang)
Open, NormalPublic

Description

It looks like libssh does not honor the "want reply" boolean which can be
set for "auth-agent-req`openssh.com" messages.

In testing between Putty's 'plink.exe' on Windows and a libssh-based server,
some invocations ('plink.exe -A ...') can result in such messages being
sent with "want reply" set. If these messages are dropped on the server
side, sessions will hang on the client-side.

I haven't been able to reproduce this using 'plink' on Linux.

Attached is a hack patch which disables the "auth-agent-req`openssh.com"
message callback and sends back SSH2MSGCHANNEL//FAILURE for the case
that "want reply" was set. (this resolves the problem for my case where
agent forwarding is not desired).

It's not clear to me what the right fix is here, though: should the
channelauthagentreqfunction callback signature be updated so that
clients can return a success or failure, and channelrcvrequest
updated to respond with FAILURE/SUCCESS based on that, if "want
reply" is set?

ssh2setupagent here http://svn.tartarus.org/sgt/putty/ssh.c sets up
these messages on the Putty side.
~~~~

I see too that "keepalive`openssh.com" messages are always replied to
regardless of whether "want reply" is set~~~~maybe that can be fixed to
be more pedantic (not sure if it matters in practice; it has not caused
any issues in my experience).

Event Timeline

migration created this object with visibility "Restricted Project (Project)".
migration created this object with edit policy "Restricted Project (Project)".
migration updated the task description. (Show Details)Jun 19 2017, 8:49 AM
migration updated the task description. (Show Details)
migration updated the task description. (Show Details)Jun 19 2017, 8:52 AM
asn claimed this task.Sep 4 2018, 9:02 PM
asn changed the visibility from "Restricted Project (Project)" to "Public (No Login Required)".
asn added a subscriber: simonsj.

Jon, I think this patch is still valid. Could you please use ssh_buffer_pack() and resend the patch to the mailinglist?

Thanks!