server: fix sending SSH_MSG_EXT_INFO upon rekey

Fix libssh server sending SSH_MSG_EXT_INFO messages upon rekey: clients do not expect that message during rekey, and OpenSSH in particular will log error messages along the lines of: "kex protocol error: type 7 seq 15" when the message is received during a rekey. To fix, check against the session connected flag, which only transitions to non-zero following the first successful authentication. bf2c7128ab adds logic to resolve this issue, but it turns out that checking the session_state to avoid sending the message is insufficient, because that state is re-set to SSH_SESSION_STATE_KEXINIT_RECEIVED during rekey. The before-and-after effects of this change can be observed using the pkd --rekey flag as so: ./pkd_hello -t torture_pkd_openssh_rsa_rsa_sha2_256 \ -i1 --rekey=16 -v -v -v 2>&1 | grep -e 'KEY' -e 'EXT' ^ where before the change, multiple SSH_MSG_EXT_INFO send messages are logged; after, there is only a single SSH_MSG_EXT_INFO logged once upon the first initial key exchange. Cross-reference: https://bugs.libssh.org/T121. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-24 11:09:26 -07:00 · 2019-04-24 11:09:26 -07:00 · 19cb6f1b6c
--- a/src/server.c
+++ b/src/server.c
@ -361,7 +361,22 @@ static void ssh_server_connection_callback(ssh_session session){
                 */
                if (session->extensions & SSH_EXT_NEGOTIATION &&
                    session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
-                    ssh_server_send_extensions(session);
+
+                    /*
+                     * Only send an SSH_MSG_EXT_INFO message the first time the client
+                     * undergoes NEWKEYS.  It is unexpected for this message to be sent
+                     * upon rekey, and may cause clients to log error messages.
+                     *
+                     * The session_state can not be used for this purpose because it is
+                     * re-set to SSH_SESSION_STATE_KEXINIT_RECEIVED during rekey.  So,
+                     * use the connected flag which transitions from non-zero below.
+                     *
+                     * See also:
+                     * - https://bugzilla.mindrot.org/show_bug.cgi?id=2929
+                     */
+                    if (session->connected == 0) {
+                        ssh_server_send_extensions(session);
+                    }
                }

                set_status(session,1.0f);