Ticket #118 (closed defect: duplicate)

Opened 8 years ago

Last modified 7 years ago

incorrect DSS signature length for packet type 31(0x1f)

Reported by: anonymous Owned by: bagder
Priority: normal Milestone:
Component: crypto Version: 1.2
Keywords: Cc: bagder
Blocked By: Blocks:

Description

libssh2 is not processing/reading correctly ssh packet type 31 from the ssh server. The library thinks that DSS signature length is 25 but the SSH server sends value of 40. Since DSS signature length should be 40 libssh2 bails out with msg
[libssh2] 1.023884 Failure Event: -14 - Invalid DSS signature length

We can see that libssh2 thinks that the packet lenght is 25 by debbuging or printing the value.
From the received packet from the server (see the attached tracefile ) we can see that indeed the server sends value of 40.
It might be helpful to mention that openssh processes this packet correctly and when debugging we can see that DSS signature length is correctly recognized as 40.

Attachments

ssherror.txt (17.5 KB) - added by nobody 8 years ago.
libssh2 trace log containing the packets

Download all attachments as: .zip

Change History

Changed 8 years ago by nobody

libssh2 trace log containing the packets

comment:1 Changed 8 years ago by anonymous

from the submitter:
I am using libssh2-1.2 and trying to connect to junose router which uses dss key. tcpdump trace can be provided upon request.

Artifact 2529398 might be the same problem if the server sends DSS length of 40 and libssh2 thinks it is 25.

comment:2 Changed 8 years ago by bagder

src/hostkey.c:hostkey_method_ssh_dss_sig_verify() checks that the sig length is 40 bytes. The additional 15 is the the field lengths: keyname length(4), key name(7) and sig length(4) 4+7+4= 15. 40 - 15 == 25.

So the entire data chunk should rather be 55 bytes to please libssh2.

do you have a decent way to repeat this problem?

comment:3 Changed 8 years ago by anonymous

From the submitter-
The issue was observed when connecting to a juniper E-series router. Unfortinately it is behind a firewall.
The issue can still be investigating by looking at the packet the server sent. It is in the attachment and also bellow. It looks like the format of the packet that the server is sending is different from what libssh2 expects. For example the server sends the DSS signature lenght at the end of the packet - the DSS signature is the last 40 bytes of the packet. Its length is contained as 32 bits uint (4 bytes) immediately preceding the DSS signature lenght ( 00 00 00 28 -> this equals 40 decimal when represented as a uint32_t ). Note that the packet lenght is 615 bytes.
On the other hand It looks like libssh2 is expecting the DSS signature to be towards the begining of the packet hence the described calculation:
keyname length(4), key name(7) and sig length(4) 4+7+4= 15. 40 - 15 == 25.
Indeed the key name(ssh-dss) is near the beginning at the packet but the DSS signature in this case is at the end so the calculation seems to not work out for this packet format.

And bellow comes the packet sent by the server:
=> libssh2_transport_read() plain (615 bytes)
0000: 1f 00 00 01 b1 00 00 00 07 73 73 68 2d 64 73 73 .........ssh-dss
0010: 00 00 00 81 00 af 8d cf ea 6d 73 c1 2d aa b1 5b .........ms.-..[
0020: fd 58 e0 89 88 26 04 aa ea cb a6 b0 81 2a 1a a0 .X...&.......*..
0030: 56 b6 d1 3a c8 8a d9 95 94 cf 22 16 df 59 63 6a V..:......"..Ycj
0040: 19 44 2a a8 91 20 d8 ad 71 30 f4 8a b8 b0 75 59 .D*.. ..q0....uY
0050: 40 28 a9 ae 49 36 74 1a a8 d7 2d bd 3c ed e4 76 @(..I6t...-.<..v
0060: 98 36 50 50 0b c9 4a 2c 70 c5 ed fa 2e 19 1b 72 .6PP..J,p......r
0070: 2f 5e fb 6f 8a 62 36 0f 6f ba 96 1d ca a8 71 d9 /.o.b6.o.....q.
0080: b8 87 f1 74 e5 c7 83 3c 39 66 36 10 18 9a 9d 8c ...t...<9f6.....
0090: d6 4c c6 59 a9 00 00 00 15 00 c3 7e 0d 3d 81 b2 .L.Y.......~.=..
00a0: 06 33 86 1a 85 eb 4e df fc d2 27 34 9b ab 00 00 .3....N...'4....
00b0: 00 80 24 fa 68 5c 33 1a e8 8c f8 55 2e 3f bb bc ..$.h\3....U.?..
00c0: 90 85 0a 56 11 87 b6 b5 e1 d1 0f 7d 28 0e 46 5e ...V.......}(.F

00d0: bc 19 9f 99 36 82 a8 59 27 a8 1b a6 bd 75 fa 9e ....6..Y'....u..
00e0: da 47 ad 8d fc 17 6f f7 ac 58 3e 2d 7d fa 49 63 .G....o..X>-}.Ic
00f0: 55 37 c6 09 ad bd f8 b2 50 e4 e9 c8 1b a0 8e 08 U7......P.......
0100: 7e d7 04 2b 87 d0 e5 26 8e 84 2b d5 95 3a ad df ~..+...&..+..:..
0110: db d6 b8 f8 22 1b ba 5d 9b cc 30 87 c0 47 cf 53 ...."..]..0..G.S
0120: 8f 42 58 4c 8d 8f 23 d9 2c f1 65 72 fe e3 ee 8a .BXL..#.,.er....
0130: 53 b0 00 00 00 80 31 c2 98 57 f3 e2 0b 12 49 e7 S.....1..W....I.
0140: c5 e2 d3 48 66 53 52 d9 f3 f7 77 67 cb b7 b3 95 ...HfSR...wg....
0150: 7b e6 29 b0 af b0 42 9e 6a b3 b9 e7 4e f5 2c 40 {.)...B.j...N.,@
0160: 75 54 d8 8e 2b 38 91 f5 fc 74 2e 09 bd 0a 92 44 uT..+8...t.....D
0170: 22 cd af 4f 8e 8c f4 72 f3 8e 2d 6a 59 0e 86 fd "..O...r..-jY...
0180: 70 ec 52 1d 1f 2c d6 6d 3b 78 6b 48 76 e2 ec 1a p.R..,.m;xkHv...
0190: 66 72 13 61 83 64 2f 82 be be 3e 40 84 e4 10 7c fr.a.d/...>@...|
01a0: 35 b0 07 e8 71 a0 0c 98 d4 72 26 d2 40 e1 2f 60 5...q....r&.@./`
01b0: e5 8a 69 4a d7 f5 00 00 00 81 00 e1 de 67 56 2c ..iJ.........gV,
01c0: ce d8 08 c3 9d 27 a1 1e 7c 64 be ee ca 17 68 a2 .....'..|d....h.
01d0: 64 61 3d ed 75 41 09 a9 64 2a 50 f1 de 71 62 48 da=.uA..d*P..qbH
01e0: e0 6e 95 b5 67 97 84 07 69 1d 78 3a 42 4e 28 b0 .n..g...i.x:BN(.
01f0: 25 5c 3e 2c 45 53 43 fb 0b 20 4b 41 5a 8f 39 76 %\>,ESC.. KAZ.9v
0200: 69 c0 a0 16 6a de 2c bb 71 93 28 97 83 bf d9 e3 i...j.,.q.(.....
0210: 7d bf 24 43 79 8d a1 fd 90 e2 91 87 5d 52 0e 9e }.$Cy.......]R..
0220: 48 39 12 02 d0 3f 2a e7 a8 c1 53 96 a3 72 f3 3d H9...?*...S..r.=
0230: 5c a6 34 79 25 a9 ff 92 60 05 5c 00 00 00 28 70 \.4y%...`.\...(p <-- 00 00 00 28 is DSS sig len
0240: 9a af 73 58 d2 d0 b8 de 23 e6 ce 4e 66 34 8d bd ..sX....#..Nf4..
0250: 03 e2 82 36 de ce dd c2 22 ff a6 07 95 a9 06 5d ...6...."......]
0260: c0 91 ec ed 79 a9 c2 ....y..

Thanks for your assistance guys!

comment:4 Changed 7 years ago by bagder

I figure one way to approach this (as I assume this behavior is considered good and works with other ssh clients such as openssh's), as we then clearly need to adapt to this data, is to check how openssh and/or putty deal with it.

comment:5 Changed 7 years ago by anonymous

from the submitter:
I believe temporary internet access can be provided if needed to test the fix.
Thanks!

comment:6 Changed 7 years ago by stuge

  • Component changed from API to crypto
  • Resolution set to duplicate
  • Status changed from assigned to closed
  • Version set to 1.2

Duplicate of #51 and #83 (artifact 2529398 mentioned in #comment:1) so please see if you can reproduce with at least version 1.2.3 and reopen #51 in that case.

Note: See TracTickets for help on using tickets.