Subject: [ libssh2-Bugs-2822917 ] libssh2_channel_write with blocks >=16k cause corrupted MAC

[ libssh2-Bugs-2822917 ] libssh2_channel_write with blocks >=16k cause corrupted MAC

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Tue, 01 Sep 2009 21:01:46 +0000

Bugs item #2822917, was opened at 2009-07-17 09:06
Message generated for change (Settings changed) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=703942&aid=2822917&group_id=125852

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: SCP
Group: None
>Status: Pending
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
>Assigned to: Daniel Stenberg (bagder)
Summary: libssh2_channel_write with blocks >=16k cause corrupted MAC

Initial Comment:
When I use libssh2_channel_write(), e. g. the example scp_write.c, with a block size of more than 10k some data is transmitted, but then suddenly after around
64k libssh2_channel_write() report the return code -1 and the error message says "Unable to send data". I traced it back to the call of send() which report EPIPE. On the remote side I see in the sshd-log:

sshd[2026]: Disconnecting: Corrupted MAC on input.

Thus is looks like the remote ssh-server cannot process the data send via libssh2 and close the connection.

This problem only occur when I use a block size of >10k (libssh2 v1.1), but the limit may depend. If I add some debug output it looks like other block sizes may work or not work, too. This problem looks like a race-condition.

Note: with libssh2 v0.18 this problem did not occur! I detected the problem when I switchedn from libssh2 v0.18 to v1.1 and an application with uses libssh2. After installation of the new libssh2 library the application could not send any data anymore. With libssh v0.18 the application still work well.

----------------------------------------------------------------------

>Comment By: Daniel Stenberg (bagder)
Date: 2009-09-01 23:01

Message:
Can you please retry with the current git code? We've taken precautions
against this flaw now.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=703942&aid=2822917&group_id=125852
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2009-09-01