From d758990d392fbbca623afd22186164cb4ccf1743 Mon Sep 17 00:00:00 2001 From: Lucas Mulling Date: Thu, 24 Apr 2025 15:48:32 -0300 Subject: [PATCH] misc: Fix OpenSSH banner parsing Signed-off-by: Lucas Mulling Reviewed-by: Jakub Jelen Reviewed-by: Norbert Pocs --- src/misc.c | 6 ++++-- tests/client/torture_session.c | 15 +++++++++++++++ tests/unittests/torture_misc.c | 5 +++++ 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/src/misc.c b/src/misc.c index 95512f0d..b1ebc0c4 100644 --- a/src/misc.c +++ b/src/misc.c @@ -1426,6 +1426,7 @@ int ssh_analyze_banner(ssh_session session, int server) char *tmp = NULL; unsigned long int major = 0UL; unsigned long int minor = 0UL; + int off = 0; /* * The banner is typical: @@ -1445,8 +1446,9 @@ int ssh_analyze_banner(ssh_session session, int server) } errno = 0; - minor = strtoul(openssh + 10, &tmp, 10); - if ((tmp == (openssh + 10)) || + off = major >= 10 ? 11 : 10; + minor = strtoul(openssh + off, &tmp, 10); + if ((tmp == (openssh + off)) || ((errno == ERANGE) && (major == ULONG_MAX)) || ((errno != 0) && (major == 0)) || (minor > 100)) { diff --git a/tests/client/torture_session.c b/tests/client/torture_session.c index d188ff09..f95002f4 100644 --- a/tests/client/torture_session.c +++ b/tests/client/torture_session.c @@ -574,6 +574,18 @@ static void torture_pubkey_hash(void **state) } } +static void torture_openssh_banner_version(void **state) +{ + struct torture_state *s = *state; + ssh_session session = s->ssh.session; + + int openssh_version = ssh_get_openssh_version(session); + int cmake_openssh_version = SSH_VERSION_INT(OPENSSH_VERSION_MAJOR, OPENSSH_VERSION_MINOR, 0); + + assert_int_equal(openssh_version, cmake_openssh_version); +} + + int torture_run_tests(void) { int rc; struct CMUnitTest tests[] = { @@ -619,6 +631,9 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_pubkey_hash, session_setup, session_teardown), + cmocka_unit_test_setup_teardown(torture_openssh_banner_version, + session_setup, + session_teardown), }; ssh_init(); diff --git a/tests/unittests/torture_misc.c b/tests/unittests/torture_misc.c index bd6bf96e..b2320a94 100644 --- a/tests/unittests/torture_misc.c +++ b/tests/unittests/torture_misc.c @@ -448,6 +448,7 @@ static void torture_ssh_analyze_banner(void **state) { assert_server_banner_accepted("SSH-2.0-OpenSSH"); assert_int_equal(0, session->openssh); + /* OpenSSH banners: big enough to extract major and minor versions */ assert_client_banner_accepted("SSH-2.0-OpenSSH_5.9p1"); assert_int_equal(SSH_VERSION_INT(5, 9, 0), session->openssh); @@ -487,6 +488,10 @@ static void torture_ssh_analyze_banner(void **state) { assert_server_banner_accepted("SSH-2.0-OpenSSH-keyscan"); assert_int_equal(0, session->openssh); + /* OpenSSH banners: Double digit in major version */ + assert_server_banner_accepted("SSH-2.0-OpenSSH_10.0p1"); + assert_int_equal(SSH_VERSION_INT(10, 0, 0), session->openssh); + ssh_free(session); }