On Tue, Nov 09, 1999 at 01:48:53AM -0000, Frank wrote:
> This is submitted to the Freebsd bug tracking system, although there
> are doubtless other vendors who leave this package, despite the
> existence of the ssh-2.X. While Debian appears to be immune, I was
> able to crash my ssh daemon (much to my dismay), and there appears
> the potential to execute arbitrary code, as long as you encrypt it
> first...
>
> Here is the freebsd report.. it describes the method to crash a
> remote Ssh daemon (lets hope you ran sshd from your xinetd, etc).
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=14749
>
And here's a patch. Not tested, as I don't use the rsaref glue on any
machine here.
Dan
/--------------------------------\ /--------------------------------\
| Daniel Jacobowitz |__| SCS Class of 2002 |
| Debian GNU/Linux Developer __ Carnegie Mellon University |
| dan_at_debian.org | | dmj+@andrew.cmu.edu |
\--------------------------------/ \--------------------------------/
--- rsaglue.c.orig Tue Nov 9 11:12:32 1999
+++ rsaglue.c Tue Nov 9 11:17:58 1999
@@ -139,6 +139,10 @@
input_bits = mpz_sizeinbase(input, 2);
input_len = (input_bits + 7) / 8;
+ if(input_bits > MAX_RSA_MODULUS_BITS)
+ fatal("Attempted to encrypt a block too large (%d bits, %d max) (malicious?).",
+ input_bits, MAX_RSA_MODULUS_BITS);
+
gmp_to_rsaref(input_data, input_len, input);
rsaref_public_key(&public_key, key);
@@ -172,6 +176,10 @@
input_bits = mpz_sizeinbase(input, 2);
input_len = (input_bits + 7) / 8;
+ if(input_bits > MAX_RSA_MODULUS_BITS)
+ fatal("Received session key too long (%d bits, %d max) (malicious?).",
+ input_bits, MAX_RSA_MODULUS_BITS);
+
gmp_to_rsaref(input_data, input_len, input);
rsaref_private_key(&private_key, key);
Received on Nov 09 1999
Intro
