We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The following input makes the x/crypto/ssh server crash:
[]byte("\n\x00\x00\x00\x16\x00\x140000000000000000\xff\xff\xff\xff")
Discovered by fuzzing (see the excellent github.com/dvyukov/go-fuzz), triggerable by
panic: runtime error: slice bounds out of range goroutine 5 [running]: golang.org/x/crypto/ssh.parseString(0xc20801e391, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc20800a300) /go/path/src/golang.org/x/crypto/ssh/messages.go:490 +0x150 golang.org/x/crypto/ssh.parseNameList(0xc20801e391, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15) /go/path/src/golang.org/x/crypto/ssh/messages.go:502 +0x95 golang.org/x/crypto/ssh.Unmarshal(0xc20801e391, 0x4, 0x4, 0x54e900, 0xc208001320, 0x0, 0x0) /go/path/src/golang.org/x/crypto/ssh/messages.go:360 +0xeff golang.org/x/crypto/ssh.(*handshakeTransport).enterKeyExchange(0xc208056000, 0xc20801e380, 0x15, 0x15, 0x0, 0x0) /go/path/src/golang.org/x/crypto/ssh/handshake.go:295 +0x134 golang.org/x/crypto/ssh.(*handshakeTransport).readOnePacket(0xc208056000, 0x0, 0x0, 0x0, 0x0, 0x0) /go/path/src/golang.org/x/crypto/ssh/handshake.go:166 +0x1f3 golang.org/x/crypto/ssh.(*handshakeTransport).readLoop(0xc208056000) /go/path/src/golang.org/x/crypto/ssh/handshake.go:133 +0x28 created by golang.org/x/crypto/ssh.newServerTransport /go/path/src/golang.org/x/crypto/ssh/handshake.go:108 +0xea goroutine 1 [chan receive]: golang.org/x/crypto/ssh.(*connection).serverHandshake(0xc20804e200, 0xc208058210, 0xc20801f060, 0x0, 0x0) /go/path/src/golang.org/x/crypto/ssh/server.go:193 +0x64f golang.org/x/crypto/ssh.NewServerConn(0x7f8486836d18, 0xc20801f060, 0xc208058000, 0x7f8486836d18, 0xc208030018, 0x0, 0x0, 0x0) /go/path/src/golang.org/x/crypto/ssh/server.go:146 +0x103 main.main() /go/path/src/github.com/taruti/sshfuzz/ex1/ssh.go:28 +0x32d
The text was updated successfully, but these errors were encountered:
cc @agl
Sorry, something went wrong.
https://golang.org/cl/11332
/cc @dvyukov
Should be fixed by golang/crypto@cc04154
x/crypto/ssh: fix bounds check in parseString
cc04154
Fixes golang#11348 Change-Id: If083744343256a2a53eb813411ba0c9a359d6dbd Reviewed-on: https://go-review.googlesource.com/11332 Reviewed-by: Adam Langley <agl@golang.org>
No branches or pull requests
The following input makes the x/crypto/ssh server crash:
Discovered by fuzzing (see the excellent github.com/dvyukov/go-fuzz), triggerable by
The text was updated successfully, but these errors were encountered: