Skip Menu |
 

This queue is for tickets about the Net-SSH-Perl CPAN distribution.

Report information
The Basics
Id: 118335
Status: resolved
Priority: 0/
Queue: Net-SSH-Perl

People
Owner: Nobody in particular
Requestors: allan [...] oepping.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



CC: allan-cpan [...] oepping.com
Subject: Net::SSH::Perl 2.01 - available length miscalculation in Packet.pm - patch included
Date: Tue, 11 Oct 2016 16:03:21 -0600
To: bug-Net-SSH-Perl [...] rt.cpan.org
From: Allan Oepping <allan [...] oepping.com>
Download (untitled) / with headers
text/plain 1.1k
Version string in Packet.pm: Packet.pm,v 1.25 2008/09/24 19:21:20 turnstep Exp In Packet.pm in fuction read_poll_ssh2 if $mac && $mac->enabled but not $mac->etm then $block_size bytes are also read from the $incoming buffer but the $incoming->length may not be large enough to include a full read of $stored_mac later in the code. I added the a return if the length including block_size is not available (Line after the comment "RETURN IF INSUFFICIENT BUF") and that seems to fix the issue. if ($mac && $mac->enabled) { if ($mac->etm) { $p_str = $incoming->bytes(0, $aadlen + $need, ''); $macbuf = $mac->hmac(pack("N", $seqnr) . $p_str); # remove packet length bytes substr($p_str,0,$aadlen,''); } else { #RETURN IF INSUFFICIENT BUF return if $incoming->length < $aadlen + $need + $authlen + $maclen + $block_size; # not etm mac, append bytes already decrypted above $buffer->append( $incoming->bytes(0, $block_size, '') ); $p_str = $incoming->bytes(0, $need, ''); } Unified diff/patch attached. Thanks, Allan Oepping
Download packet-pm.patch
text/x-diff 606b

Message body is not shown because sender requested not to inline it.

Download (untitled) / with headers
text/plain 1.7k
Thanks! If by any chance you are able to try your patch against lkinley's github repository and send him a pull request, that would be great. lkinley is currently doing the actual work on this lib and I plan to merge and upload his new version soon. His repo is https://github.com/lkinley/Net-SSH-Perl This would help because I'm just co-maintaining the CPAN release but don't really know the internals. Thanks and kind regards, Steffen On Tue Oct 11 18:03:34 2016, allan@oepping.com wrote: Show quoted text
> Version string in Packet.pm: Packet.pm,v 1.25 2008/09/24 19:21:20 > turnstep Exp > > In Packet.pm in fuction read_poll_ssh2 if $mac && $mac->enabled but not > $mac->etm then $block_size bytes are also read from the $incoming buffer > but the $incoming->length may not be large enough to include a full read > of $stored_mac later in the code. > > I added the a return if the length including block_size is not available > (Line after the comment "RETURN IF INSUFFICIENT BUF") and that seems to > fix the issue. > > > if ($mac && $mac->enabled) { > if ($mac->etm) { > $p_str = $incoming->bytes(0, $aadlen + $need, ''); > $macbuf = $mac->hmac(pack("N", $seqnr) . $p_str); > # remove packet length bytes > substr($p_str,0,$aadlen,''); > } else { > #RETURN IF INSUFFICIENT BUF > return if $incoming->length < $aadlen + $need + $authlen > + $maclen + $block_size; > # not etm mac, append bytes already decrypted above > $buffer->append( $incoming->bytes(0, $block_size, '') ); > $p_str = $incoming->bytes(0, $need, ''); > } > > Unified diff/patch attached. > > Thanks, > > Allan Oepping
-- Steffen Schwigon <ss5@renormalist.net> Dresden Perl Mongers <http://dresden-pm.org/>
Download (untitled) / with headers
text/plain 1.9k
Hi, is this still an issue with the v2.12 that I just uploaded to CPAN? Thanks for checking. Kind regards, Steffen On Thu Oct 13 07:04:34 2016, SCHWIGON wrote: Show quoted text
> Thanks! > > If by any chance you are able to try your patch against lkinley's > github > repository and send him a pull request, that would be great. lkinley > is currently > doing the actual work on this lib and I plan to merge and upload his > new version soon. > > His repo is https://github.com/lkinley/Net-SSH-Perl > > This would help because I'm just co-maintaining the CPAN release but > don't really know the internals. > > Thanks and kind regards, > Steffen > > On Tue Oct 11 18:03:34 2016, allan@oepping.com wrote:
> > Version string in Packet.pm: Packet.pm,v 1.25 2008/09/24 19:21:20 > > turnstep Exp > > > > In Packet.pm in fuction read_poll_ssh2 if $mac && $mac->enabled but > > not > > $mac->etm then $block_size bytes are also read from the $incoming > > buffer > > but the $incoming->length may not be large enough to include a full > > read > > of $stored_mac later in the code. > > > > I added the a return if the length including block_size is not > > available > > (Line after the comment "RETURN IF INSUFFICIENT BUF") and that seems > > to > > fix the issue. > > > > > > if ($mac && $mac->enabled) { > > if ($mac->etm) { > > $p_str = $incoming->bytes(0, $aadlen + $need, ''); > > $macbuf = $mac->hmac(pack("N", $seqnr) . $p_str); > > # remove packet length bytes > > substr($p_str,0,$aadlen,''); > > } else { > > #RETURN IF INSUFFICIENT BUF > > return if $incoming->length < $aadlen + $need + $authlen > > + $maclen + $block_size; > > # not etm mac, append bytes already decrypted above > > $buffer->append( $incoming->bytes(0, $block_size, '') ); > > $p_str = $incoming->bytes(0, $need, ''); > > } > > > > Unified diff/patch attached. > > > > Thanks, > > > > Allan Oepping
-- Steffen Schwigon <ss5@renormalist.net> Dresden Perl Mongers <http://dresden-pm.org/>
Subject: Re: [rt.cpan.org #118335] Net::SSH::Perl 2.01 - available length miscalculation in Packet.pm - patch included
Date: Mon, 12 Jun 2017 11:18:35 -0600
To: bug-Net-SSH-Perl [...] rt.cpan.org
From: Allan Oepping <allan [...] oepping.com>
Download (untitled) / with headers
text/plain 2.6k
A connection worked, but the conditions of the original problem are no longer there, and running the original modules also did not present the problem. We are using it with the Net::SFTP module and one intermittent issue is fixed "Key verification failed for server host key" no longer occurs. But Net::SFTP depends on Net::SSH::Perl::Util SSH2MP.pm mp2bin and bin2mp and v2.12 no longer contains that module, so I had to modify Net::SFTP in order to test. It looks like you are also the maintainer for that package. I will run it in rotation and see if the problem presents itself again. Thanks, Allan On 06/12/2017 12:33 AM, Steffen Schwigon via RT wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=118335 > > > Hi, > > is this still an issue with the v2.12 that I just uploaded to CPAN? > > Thanks for checking. > > Kind regards, > Steffen > > On Thu Oct 13 07:04:34 2016, SCHWIGON wrote:
>> Thanks! >> >> If by any chance you are able to try your patch against lkinley's >> github >> repository and send him a pull request, that would be great. lkinley >> is currently >> doing the actual work on this lib and I plan to merge and upload his >> new version soon. >> >> His repo is https://github.com/lkinley/Net-SSH-Perl >> >> This would help because I'm just co-maintaining the CPAN release but >> don't really know the internals. >> >> Thanks and kind regards, >> Steffen >> >> On Tue Oct 11 18:03:34 2016, allan@oepping.com wrote:
>>> Version string in Packet.pm: Packet.pm,v 1.25 2008/09/24 19:21:20 >>> turnstep Exp >>> >>> In Packet.pm in fuction read_poll_ssh2 if $mac && $mac->enabled but >>> not >>> $mac->etm then $block_size bytes are also read from the $incoming >>> buffer >>> but the $incoming->length may not be large enough to include a full >>> read >>> of $stored_mac later in the code. >>> >>> I added the a return if the length including block_size is not >>> available >>> (Line after the comment "RETURN IF INSUFFICIENT BUF") and that seems >>> to >>> fix the issue. >>> >>> >>> if ($mac && $mac->enabled) { >>> if ($mac->etm) { >>> $p_str = $incoming->bytes(0, $aadlen + $need, ''); >>> $macbuf = $mac->hmac(pack("N", $seqnr) . $p_str); >>> # remove packet length bytes >>> substr($p_str,0,$aadlen,''); >>> } else { >>> #RETURN IF INSUFFICIENT BUF >>> return if $incoming->length < $aadlen + $need + $authlen >>> + $maclen + $block_size; >>> # not etm mac, append bytes already decrypted above >>> $buffer->append( $incoming->bytes(0, $block_size, '') ); >>> $p_str = $incoming->bytes(0, $need, ''); >>> } >>> >>> Unified diff/patch attached. >>> >>> Thanks, >>> >>> Allan Oepping
> >
Download (untitled) / with headers
text/plain 244b
I think the trouble with SFTP got sorted out in the meantime, so I'm closing this ticket. If I'm wrong please re-open it. Thanks for your report. Steffen -- Steffen Schwigon <ss5@renormalist.net> Dresden Perl Mongers <http://dresden-pm.org/>


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.