Ubuntu
openssh package

Comments longer than 1024 chars break sshd_config

Bug #1023360 reported by Nils Toedtmann
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
portable OpenSSH
Fix Released
Medium
openssh (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

When sshd_config contains a comment of more than 1023 chars, it treats char 1024+ as valid configuration. That usually breaks the config, or (in case there accidentally is valid sshd_config syntax) is unwanted.

To verify the bug, apply appended patch to sshd_config (that prepends a long comment) and try to start ssh. You will see this:

  $ sudo /usr/sbin/sshd
  /etc/ssh/sshd_config: line 2: Bad configuration option: ThisIsAnInvalidOption
  /etc/ssh/sshd_config: terminating, 1 bad configuration options

Note that it complains about line 2 though the offending comment is in line 1.

It is worth mentioning that active configuration lines longer than 1023 chars work fine. (I discovered this bug when i commented out a long "Match Address" list)

This bug strikes at on
 * openssh-server 1:5.3p1-3ubuntu7 (Ubuntu 10.04 LTS)
 * openssh-server 1:5.8p1-7ubuntu1 (Ubuntu 11.10)
 * openssh-server 1:5.9p1-5ubuntu1 (Ubuntu 12.04 LTS)

Revision history for this message
Nils Toedtmann (m-launchpad-net-mail-nils-toedtmann-net) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Prepends a comment longer than 1024 chars to sshd_config" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Revision history for this message
Nils Toedtmann (m-launchpad-net-mail-nils-toedtmann-net) wrote :

(Removed "patch" tag. It actually is a patch file, but only to illustrate the bug, not to be applied to the source, it doesn't need review)

tags: removed: patch
Revision history for this message
In , Bugzilla-mindrot-org-mail (bugzilla-mindrot-org-mail) wrote :

Created attachment 2173
Prepends a comment longer than 1024 chars to sshd_config

(I searched and i did not find this behaviour documented e.g. as known bug. Forgive me if i have missed it)

When sshd_config contains a comment of more than 1023 chars, it treats char 1024+ as valid configuration. That usually breaks the config, or (in case there accidentally is valid sshd_config syntax) is unwanted.

To verify the bug, apply appended patch to sshd_config (that prepends a long comment) and try to start ssh. You will see this:

  $ sudo /usr/local/sbin/sshd
  /usr/local/etc/sshd_config: line 2: Bad configuration option: ThisIsTheEndOfALongComment
  /usr/local/etc/sshd_config: terminating, 1 bad configuration options

Note that it complains about line 2 though the offending comment is in line 1.

It is worth mentioning that active configuration lines longer than 1023 chars work fine. (I discovered this bug when i commented out a long "Match Address" list)

This bug strikes at on
 * openssh-6.0p1 from openssh.com (built on Ubuntu 11.10 i686)
 * openssh-server-5.3p1-70.el6_2.2.x86_64 (CentOS 6.2)
 * openssh-server 1:5.3p1-3ubuntu7 (Ubuntu 10.04 LTS)
 * openssh-server 1:5.8p1-7ubuntu1 (Ubuntu 11.10)
 * openssh-server 1:5.9p1-5ubuntu1 (Ubuntu 12.04 LTS)

(See also https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1023360)

Revision history for this message
Nils Toedtmann (m-launchpad-net-mail-nils-toedtmann-net) wrote :

The bug is present upstream as well, i filed it there too: https://bugzilla.mindrot.org/show_bug.cgi?id=2025

Revision history for this message
In , Darren Tucker (dtucker) wrote :

Created attachment 2174
extend config line length limit and detect if it's exceeded

Revision history for this message
In , Darren Tucker (dtucker) wrote :

This has been fixed and the fix will be in the next release.

Thanks.

Revision history for this message
In , Bugzilla-mindrot-org-mail (bugzilla-mindrot-org-mail) wrote :

Wow, that was quick. Thanks!

Revision history for this message
Nils Toedtmann (m-launchpad-net-mail-nils-toedtmann-net) wrote :

Upstream provided a patch ( https://bugzilla.mindrot.org/attachment.cgi?id=2174 ). It will go into OpenSSH 6.1.

James Page (james-page)
Changed in openssh (Ubuntu):
status: New → Triaged
importance: Undecided → Low
Bug Watch Updater (bug-watch-updater)
Changed in openssh:
importance: Unknown → Medium
status: Unknown → Fix Released
Revision history for this message
Colin Watson (cjwatson) wrote :

Ubuntu's had OpenSSH >= 6.1 for a long time, so closing this. Sorry for missing the upstream status change.

Changed in openssh (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.