[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-misc
Subject: Re: OPENSSHv2.51 sshd Packet Integrity Error
From: Markus Friedl <markus.friedl () informatik ! uni-erlangen ! de>
Date: 2001-02-28 12:32:20
[Download RAW message or body]
On Wed, Feb 21, 2001 at 07:39:42PM -0400, Rick Ballard wrote:
> After reading about the problems with SSH, did a cvs update for usr.bin/ssh.
> There were a few make errors, it could not find openssl/dhs.h or ssl/hmac.h.
> I just made soft links into the ssh build dir and the make completed.
> After installing, I started getting packet integrity errors when trying to
> connect from a win95 F-Secure SSH 1.0 client. I am subscribed to both tech
> and misc, but I've seen no mention of this.
the "win95 F-Secure SSH 1.0 client" is broken.
turn off x11 fwding in the client, cvs update ssh/session.c or try this patch
Index: session.c
===================================================================
RCS file: /home/markus/cvs/ssh/session.c,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- session.c 2001/02/16 14:03:43 1.56
+++ session.c 2001/02/23 15:37:45 1.57
@@ -33,7 +33,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.56 2001/02/16 14:03:43 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.57 2001/02/23 15:37:45 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -184,6 +184,7 @@
int n_bytes;
int plen;
u_int proto_len, data_len, dlen;
+ int screen_flag;
/*
* Cancel the alarm we set to limit the time taken for
@@ -308,13 +309,18 @@
s->auth_proto = packet_get_string(&proto_len);
s->auth_data = packet_get_string(&data_len);
- if (packet_get_protocol_flags() & SSH_PROTOFLAG_SCREEN_NUMBER) {
- debug2("SSH_PROTOFLAG_SCREEN_NUMBER == true");
+ screen_flag = packet_get_protocol_flags() &
+ SSH_PROTOFLAG_SCREEN_NUMBER;
+ debug2("SSH_PROTOFLAG_SCREEN_NUMBER: %d", screen_flag);
+
+ if (packet_remaining() == 4) {
+ if (!screen_flag)
+ debug2("Buggy client: "
+ "X11 screen flag missing");
packet_integrity_check(plen,
4 + proto_len + 4 + data_len + 4, type);
s->screen = packet_get_int();
} else {
- debug2("SSH_PROTOFLAG_SCREEN_NUMBER == false");
packet_integrity_check(plen,
4 + proto_len + 4 + data_len, type);
s->screen = 0;
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic