Bug#819361: openssh-client: ssh/scp rekey fails when using GSSAPI KEX
The reason for this bug is how the list of key exchange methods is
created and then modified later.
1. The original KEX list is taken from options.
2. The extension negotiation "options" which are not real kex enc
types are added to the list.
3. The GSSAPI enc types are prepended (code from the gssapi patch)
Then later after the initial KEX handshake, the comment says
/* remove ext-info from the KEX proposals for rekeying */
but in effect the code does not remove only the ext-info stuff but
resets the list to the original option list. So what needs to be done
is that the GSSAPI enc types have to be prepended _again_ at this
point to restore the list to contain for GSSAPI useful content.
In the attachment is a patch against debians openssh_7.4p1-5 which
fixes the bug. Probably this patch should be merged with the
gssapipatch instead, but that I leave to the maintainer.
As this is a regression which makes it very difficult to transfer files
bigger than the rekey limit, please fix ASAP.
Harald.
--- sshconnect2.c.orig 2017-01-04 19:47:10.000000000 +0100
+++ sshconnect2.c 2017-01-05 04:13:08.977425272 +0100
@@ -222,7 +222,6 @@
orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
"%s,null", orig);
- free(gss);
}
}
#endif
@@ -273,6 +272,16 @@
/* remove ext-info from the KEX proposals for rekeying */
myproposal[PROPOSAL_KEX_ALGS] =
compat_kex_proposal(options.kex_algorithms);
+#ifdef GSSAPI
+ /* repair myproposal after it was crumpled by the */
+ /* ext-info removal above */
+ if (gss) {
+ orig = myproposal[PROPOSAL_KEX_ALGS];
+ xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
+ "%s,%s", gss, orig);
+ free(gss);
+ }
+#endif
if ((r = kex_prop2buf(kex->my, myproposal)) != 0)
fatal("kex_prop2buf: %s", ssh_err(r));
Reply to: