dropbear hangs instead of returning failure on a long command

Laurent Bercot ska-dietlibc at skarnet.org
Tue Sep 9 20:34:56 WST 2014


  Hello Matt (and list),

  When given a command that exceeds MAX_CMD_LEN, the dropbear server
just hangs and does nothing (it stays on select() in the main loop
until the client closes the connection, which may never happen).
It happens whether or not a pty is requested. I've only tested it
with dbclient, not with other clients.

  I think it should return a failure message to the client and close
the connection instead.

  I've been able to track this down to svr-chansession.c, in the
chansessionrequest() function. sessioncommand() correctly returns
DROPBEAR_FAILURE when the command exceeds MAX_CMD_LEN, but ret is
only tested when wantreply is true. So the right fix might be to
actually set the boolean in the payload on the dbclient side -
but I'm not knowledgeable about the ssh protocol so you be the
judge.

  If it helps: dropbear-763979a9c1f1 (hg tip taken yesterday),
Linux 3.10.42, x86_64, musl-1.1.4 libc.

  Thanks a lot for dropbear, it's extremely useful !

-- 
  Laurent



More information about the Dropbear mailing list