This is an automated email from the ASF dual-hosted git repository. twolf pushed a commit to branch dev_3.0 in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit e7f66e75600d67d00d01ceeb989f6adadb7bcfd7 Author: Thomas Wolf <[email protected]> AuthorDate: Mon Mar 23 19:05:37 2026 +0100 GH-891: Fix format of injected SSH_MSG_IGNORE The message was constructed wrongly as SSH_MSG_IGNORE + (random data) instead of as SSH_MSG_IGNORE + (length of random data) + (random data). This is a bug only in the 3.0 branch; in the 2.x branch the packet is constructed correctly. Our regression tests failed to catch this because neither Apache MINA SSHD nor openSSH look at the body of an SSH_MSG_IGNORE packet. Some other servers do. Tighten the InjectIgnoreFilterTest to also verify the full packet format. --- CHANGES.md | 1 + .../org/apache/sshd/common/session/filters/InjectIgnoreFilter.java | 4 +++- .../apache/sshd/common/session/filters/InjectIgnoreFilterTest.java | 7 ++++++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 673920bea..17b8fd673 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -33,6 +33,7 @@ newer Java versions the already built-in cryptographic algorithms for ChaCha20, ## Bug Fixes * [GH-852](https://github.com/apache/mina-sshd/issues/852) Fix wrong import +* [GH-891](https://github.com/apache/mina-sshd/issues/891) (Regression in 3.0.0-M1) Fix format of injected SSH_MSG_IGNORE ## Major Code Re-factoring diff --git a/sshd-core/src/main/java/org/apache/sshd/common/session/filters/InjectIgnoreFilter.java b/sshd-core/src/main/java/org/apache/sshd/common/session/filters/InjectIgnoreFilter.java index dec81bf2b..91ef3a7f8 100644 --- a/sshd-core/src/main/java/org/apache/sshd/common/session/filters/InjectIgnoreFilter.java +++ b/sshd-core/src/main/java/org/apache/sshd/common/session/filters/InjectIgnoreFilter.java @@ -141,10 +141,12 @@ public class InjectIgnoreFilter extends IoFilter { private Buffer createIgnoreBuffer(int length) { int size = length + random.random(length + 1); - Buffer buffer = new ByteArrayBuffer(SshConstants.SSH_PACKET_HEADER_LEN + 1 + size + CryptFilter.MAX_PADDING + 64); + Buffer buffer = new ByteArrayBuffer( + SshConstants.SSH_PACKET_HEADER_LEN + 1 + Integer.BYTES + size + CryptFilter.MAX_PADDING + 64); buffer.rpos(SshConstants.SSH_PACKET_HEADER_LEN); buffer.wpos(SshConstants.SSH_PACKET_HEADER_LEN); buffer.putByte(SshConstants.SSH_MSG_IGNORE); + buffer.putUInt(size); int start = buffer.wpos(); buffer.wpos(buffer.wpos() + size); random.fill(buffer.array(), start, size); diff --git a/sshd-core/src/test/java/org/apache/sshd/common/session/filters/InjectIgnoreFilterTest.java b/sshd-core/src/test/java/org/apache/sshd/common/session/filters/InjectIgnoreFilterTest.java index d26a29dd9..2a64b06e4 100644 --- a/sshd-core/src/test/java/org/apache/sshd/common/session/filters/InjectIgnoreFilterTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/common/session/filters/InjectIgnoreFilterTest.java @@ -76,15 +76,20 @@ class InjectIgnoreFilterTest extends FilterTestSupport { } assertEquals((frequency + 1) * rounds, outputs.outputs.size()); List<IoWriteFutureWithData> out = outputs.outputs; + int foundIgnore = 0; for (int i = 0; i < outputs.outputs.size();) { for (int j = 0; j < frequency - 1; j++) { Buffer data = out.get(i++).data; assertEquals(-1, data.rawByte(data.rpos())); } Buffer data = out.get(i++).data; - assertEquals(SshConstants.SSH_MSG_IGNORE, data.rawByte(data.rpos())); + assertEquals(SshConstants.SSH_MSG_IGNORE, data.getByte()); + foundIgnore++; + long dataLength = data.getUInt(); + assertEquals(data.available(), dataLength); data = out.get(i++).data; assertEquals(-1, data.rawByte(data.rpos())); } + assertEquals(rounds, foundIgnore); } }
