Bug#220726: obscure error messages if newlines in ~/.ssh/authorized_keys
Package: ssh
Version: 1:3.6.1p2-9
Severity: normal
When one goofs with his authorized_keys file (adding linefeeds into
the public key, for example), the ssh server reacts with "Nov 14
10:04:42 kes sshd[11927]: fatal: buffer_get: trying to get more bytes
129 than in buffer 39" in the syslog. This error message is likely to
cause a heart attack with whoever reads logcheck output because it
suggests a buffer overflow attack happening.
Please consider adding code to detect this particular error and
to emit a less scary error message like "OSI layer 8 problem:
Formatting error in ~$USER/.ssh/authorized_keys".
Greetings
Marc
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux kes 2.4.22-kes #1 Tue Oct 7 07:49:10 UTC 2003 i686
Locale: LANG=C, LC_CTYPE=C
Versions of packages ssh depends on:
ii adduser 3.51 Add and remove users and groups
ii debconf 1.3.20 Debian configuration management sy
ii libc6 2.3.2.ds1-10 GNU C Library: Shared libraries an
ii libpam-modules 0.76-14 Pluggable Authentication Modules f
ii libpam0g 0.76-14 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7c-5 SSL shared libraries
ii libwrap0 7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii zlib1g 1:1.1.4-16 compression library - runtime
-- debconf information excluded
Reply to: