HomePhabricator

server: fix sending SSH_MSG_EXT_INFO upon rekey

Authored by simonsj on Wed, Apr 24, 8:09 PM.

Description

server: fix sending SSH_MSG_EXT_INFO upon rekey

Fix libssh server sending SSH_MSG_EXT_INFO messages upon rekey: clients
do not expect that message during rekey, and OpenSSH in particular will
log error messages along the lines of:

"kex protocol error: type 7 seq 15"

when the message is received during a rekey.

To fix, check against the session connected flag, which only transitions
to non-zero following the first successful authentication.

bf2c7128ab67cca007b2ba6a59fbfb82afb8c8c6 adds logic to resolve this
issue, but it turns out that checking the session_state to avoid
sending the message is insufficient, because that state is re-set
to SSH_SESSION_STATE_KEXINIT_RECEIVED during rekey.

The before-and-after effects of this change can be observed using the
pkd --rekey flag as so:

./pkd_hello -t torture_pkd_openssh_rsa_rsa_sha2_256 \
  -i1 --rekey=16 -v -v -v 2>&1 |
  grep -e 'KEY' -e 'EXT'

^ where before the change, multiple SSH_MSG_EXT_INFO send messages are
logged; after, there is only a single SSH_MSG_EXT_INFO logged once upon
the first initial key exchange.

Cross-reference: https://bugs.libssh.org/T121.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

Details

Committed
asnMon, Apr 29, 2:00 PM
Parents
rLIBSSHc0f3a9608961: server: fix queued USERAUTH_SUCCESS rekey bug
Branches
Unknown
Tags
Unknown