'Re: OPENSSHv2.51 sshd Packet Integrity Error'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    Re: OPENSSHv2.51 sshd Packet Integrity Error
From:       Markus Friedl <markus.friedl () informatik ! uni-erlangen ! de>
Date:       2001-02-28 12:32:20
[Download RAW message or body]

On Wed, Feb 21, 2001 at 07:39:42PM -0400, Rick Ballard wrote:
> After reading about the problems with SSH,  did a cvs update for usr.bin/ssh. 
> There were a few make errors, it could not find openssl/dhs.h or ssl/hmac.h. 
> I just made soft links into the ssh build dir and the make completed.
> After installing, I started getting packet integrity errors when trying to 
> connect from a win95 F-Secure SSH 1.0 client. I am subscribed to both tech 
> and misc, but I've seen no mention of this.

the "win95 F-Secure SSH 1.0 client" is broken.

turn off x11 fwding in the client, cvs update ssh/session.c or try this patch

Index: session.c
===================================================================
RCS file: /home/markus/cvs/ssh/session.c,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- session.c	2001/02/16 14:03:43	1.56
+++ session.c	2001/02/23 15:37:45	1.57
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.56 2001/02/16 14:03:43 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.57 2001/02/23 15:37:45 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -184,6 +184,7 @@
 	int n_bytes;
 	int plen;
 	u_int proto_len, data_len, dlen;
+	int screen_flag;
 
 	/*
 	 * Cancel the alarm we set to limit the time taken for
@@ -308,13 +309,18 @@
 			s->auth_proto = packet_get_string(&proto_len);
 			s->auth_data = packet_get_string(&data_len);
 
-			if (packet_get_protocol_flags() & SSH_PROTOFLAG_SCREEN_NUMBER) {
-				debug2("SSH_PROTOFLAG_SCREEN_NUMBER == true");
+			screen_flag = packet_get_protocol_flags() &
+			    SSH_PROTOFLAG_SCREEN_NUMBER;
+			debug2("SSH_PROTOFLAG_SCREEN_NUMBER: %d", screen_flag);
+
+			if (packet_remaining() == 4) {
+				if (!screen_flag)
+					debug2("Buggy client: "
+					    "X11 screen flag missing");
 				packet_integrity_check(plen,
 				    4 + proto_len + 4 + data_len + 4, type);
 				s->screen = packet_get_int();
 			} else {
-				debug2("SSH_PROTOFLAG_SCREEN_NUMBER == false");
 				packet_integrity_check(plen,
 				    4 + proto_len + 4 + data_len, type);
 				s->screen = 0;

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic