https://bugzilla.mindrot.org/show_bug.cgi?id=3295
--- Comment #4 from balu <[email protected]> --- Scenario - Normal ssh connection fails when session_id length is not 32. Code - V8.5 introduces new code (in monitor_apply_keystate(), monitor.c) wherein authenticated sshd process verifies if the session_id. If there is a mismatch in the session id then it closes the connection. https://github.com/openssh/openssh-portable/blob/0727dd09eca355e7539cbcb23b148fcee9b21513/monitor.c#L1726 if (memcmp(sshbuf_ptr(ssh->kex->session_id), session_id2, session_id2_len) != 0) fatal_f("session ID mismatch"); strlen(sshbuf_ptr(ssh->kex->session_id)) is not always 32 but session_id2_len is always 32. If the strlen(sshbuf_ptr(ssh->kex->session_id)) is not 32 then memcmp condition fails on windows. Fix - Use strlen(sshbuf_ptr(ssh->kex->session_id)) instead of session_id2_len. if (memcmp(sshbuf_ptr(ssh->kex->session_id), session_id2, strlen(sshbuf_ptr(ssh->kex->session_id))) != 0) fatal_f("session ID mismatch"); FYI, I have attached the client, server-side logs on my windows machine for this issue when the session id is not 32 bytes. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
