Bug 244222

Summary:	>=net-misc/openssh-5.2 client incorrectly displays banners
Product:	Gentoo Linux	Reporter:	Michał Górny <mgorny>
Component:	Current packages	Assignee:	Gentoo's Team for Core System packages <base-system>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	thiemel, tim
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugzilla.mindrot.org/show_bug.cgi?id=1533
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	The banner causing problem Patch to fix the problem

Description Michał Górny archtester

2008-10-25 10:34:15 UTC

It looks like as of version 5.1, openssh client (uncorrectly?) escapes SSH banner sent by server, which causes all backslashes in it to be doubled. Server seems to work fine, older openssh clients (tested 4.7, 5.0) and putty display the same banner, served by new openssh server, correctly.

Comment 1 Michał Górny archtester

2008-10-25 10:37:27 UTC

Created attachment 169798 [details]
The banner causing problem

Comment 2 Robin Johnson archtester

2008-10-25 20:58:04 UTC

please report to upstream.

Comment 3 Michał Górny archtester

2008-10-26 08:42:41 UTC

Created attachment 169911 [details, diff]
Patch to fix the problem

I'm not sure whether this is the best we can do, but it fixes the problem.

Comment 4 SpanKY gentoo-dev

2008-10-26 09:29:22 UTC

seems harmless enough ... but is this a simple revert of older versions ?  if so, why was the change made in 5.1_p1 ?

Comment 5 Michał Górny archtester

2008-10-26 10:43:45 UTC

(In reply to comment #4)
> seems harmless enough ... but is this a simple revert of older versions ?  if
> so, why was the change made in 5.1_p1 ?

Nay, older versions didn't use strnvis(). I think it is meant to filter out (escape to \nnn) potentially dangerous control sequences. But the side result of that is that all backslashes are escaped too. I think we could disable that backslash-escaping, 'cause we aren't going to unescape that control sequences anyway.

Comment 6 SpanKY gentoo-dev

2008-10-26 11:10:47 UTC

sounds good ... ive moved this upstream ... if i dont hear back soon, we'll just roll with your patch

Comment 7 Tim Redman 2008-10-27 19:04:33 UTC

I don't know if this is related, but I'm seeing an error kicked back with openssh-5.1_p1-r1.  It's been reported upstream as bug #1496, and involves connecting to a host with an empty banner.

https://bugzilla.mindrot.org/show_bug.cgi?id=1496

The error that I'm seeing is:

xmalloc: zero size

and seems to match the behavior described in the upstream bug.  Other distros have seen this as well, and all refer back to the mindrot bugzilla entry.  It would seem that the 5.x codebase has more than one problem with banner handling.
Also, the patch that they give seems to be the same code block as the patch attached in this bug.

Comment 8 SpanKY gentoo-dev

2008-11-03 08:47:42 UTC

it's in the same place, but it's a completely different bug ... i committed the changes that were made in upstream cvs rather than the stuff in that bug:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshconnect2.c.diff?r1=1.166;r2=1.168

ive also merged Michał's patch

this is openssh-5.1_p1-r2

Comment 9 Michał Górny archtester

2009-07-03 21:13:28 UTC

The bug is back with ~openssh-5.2_p1 (only backslash one).

Comment 10 Michał Górny archtester

2010-04-11 19:10:57 UTC

Upstream fixed it within 5.4p1, and Gentoo 5.4_p1-r2 displays the banners correctly.