shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-06-11 12:56:21 +09:00
Code Issues Packages Projects Releases Wiki Activity

config: reject too small RekeyLimit values

Browse Source 
OpenSSH rejects non zero RekeyLimit data values below 16 bytes. Match that behavior in libssh.

Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/815>
This commit is contained in:
Nuhiat-Arefin
2026-04-15 22:52:45 +06:00
committed by Jakub Jelen
parent d157f13b27
commit 77ef6379a5
2 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/config.c
View File

@@ -1672,6 +1672,7 @@ static int ssh_config_parse_line_internal(ssh_session session,
}
}
CHECK_COND_OR_FAIL(ll < 0, "Invalid data limit");
CHECK_COND_OR_FAIL(ll > 0 && ll < 16, "RekeyLimit too small");
if (*parsing) {
uint64_t v = (uint64_t)ll;
ssh_options_set(session, SSH_OPTIONS_REKEY_DATA, &v);

36
tests/unittests/torture_config.c
View File

@@ -2225,6 +2225,9 @@ static void torture_config_rekey(void **state,
const char *file, const char *string)
{
ssh_session session = *state;
const char *config = NULL;
const uint64_t previous_rekey_data = 64;
const int previous_rekey_time_ms = 42 * 60 * 1000;
/* Default values */
ssh_options_set(session, SSH_OPTIONS_HOST, "default");
@@ -2289,6 +2292,39 @@ static void torture_config_rekey(void **state,
assert_int_equal(session->opts.rekey_data, 0);
assert_int_equal(session->opts.rekey_time, 9600 * 1000);
config = "Host data-too-small\n"
"\tRekeyLimit 1 1h\n";
if (file != NULL) {
torture_write_file(file, config);
} else {
string = config;
}
torture_reset_config(session);
/* Invalid RekeyLimit values should leave the previous settings untouched.
*/
session->opts.rekey_data = previous_rekey_data;
session->opts.rekey_time = previous_rekey_time_ms;
ssh_options_set(session, SSH_OPTIONS_HOST, "data-too-small");
_parse_config(session, file, string, SSH_OK);
assert_int_equal(session->opts.rekey_data, previous_rekey_data);
assert_int_equal(session->opts.rekey_time, previous_rekey_time_ms);
config = "Host data-under-minimum\n"
"\tRekeyLimit 15 none\n";
if (file != NULL) {
torture_write_file(file, config);
} else {
string = config;
}
torture_reset_config(session);
session->opts.rekey_data = 128;
session->opts.rekey_time = 21 * 60 * 1000;
ssh_options_set(session, SSH_OPTIONS_HOST, "data-under-minimum");
_parse_config(session, file, string, SSH_OK);
assert_int_equal(session->opts.rekey_data, 128);
assert_int_equal(session->opts.rekey_time, 21 * 60 * 1000);
}
/**