<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=us-ascii" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.19120"></HEAD>
<BODY>
<DIV><FONT size=2 face=Arial><SPAN
class=077505420-06092011>Hi</SPAN></FONT></DIV>
<DIV><FONT size=2 face=Arial><SPAN
class=077505420-06092011></SPAN></FONT> </DIV>
<DIV><FONT size=2 face=Arial><SPAN class=077505420-06092011>What happens if a
received SSH packet is greater than the max length for received packets? From
something I have seen in the code (common-channel) I am concerned that this
causes dropbear to simply terminate. My concern is that this leaves dropbear
implementations open to DOS attacks. I am not an expert in C and the code I have
checked is v0.52 so I may be wrong or not up-to-date...</SPAN></FONT></DIV>
<DIV><FONT size=2 face=Arial><SPAN
class=077505420-06092011></SPAN></FONT> </DIV>
<DIV><FONT size=2 face=Arial><SPAN class=077505420-06092011>Note that we have a
customer who is extremely security conscious and would view this as an issue,
and since security considerations are on the rise in the market they would
probably not be alone (at least not for very long).</SPAN></FONT></DIV>
<DIV><FONT size=2 face=Arial><SPAN
class=077505420-06092011></SPAN></FONT> </DIV>
<DIV><SPAN class=077505420-06092011><FONT size=2
face=Arial>JD</FONT></SPAN></DIV>
<DIV align=left><FONT size=2>--</FONT></DIV>
<DIV align=left><FONT size=2>J Dave Smith<BR></FONT><SPAN
style="FONT-FAMILY: Arial"><FONT size=2
face="Arial, Helvetica, sans-serif">Consultant Engineer<BR>Devices - IP
Phone<BR>Siemens Enterprise Communications Limited </FONT></SPAN></DIV>
<P align=left ?><FONT size=2 face="Arial, Helvetica, sans-serif"><SPAN
style="FONT-FAMILY: Arial">Tel: <STRONG><FONT color=#ff0000>+ 44 (0) 1908
817380</FONT></STRONG><BR>Email: <A
style="COLOR: black; TEXT-DECORATION: underline; text-underline: single"
href="blocked::mailto:j.dave.smith@siemens-enterprise.com">j.dave.smith@siemens-enterprise.com</A></SPAN><BR><SPAN
lang=en-us><A href="http://www.siemens.co.uk/enterprise"><FONT
color=#000000>www.siemens.co.uk/enterprise</FONT></A></SPAN></FONT></P>
<P dir=ltr align=left><FONT color=black size=2 face=Arial><SPAN lang=EN-US 2?;
COLOR: black; FONT-FAMILY: Arial?><FONT color=#000000><A
style="FONT-WEIGHT: 700; TEXT-DECORATION: none"
href="http://www.siemens.co.uk/open"><FONT color=#000000>Communication for the
open minded</FONT></A></FONT></SPAN></FONT></P>
<P dir=ltr align=left><SPAN lang=en-us><FONT size=1 face=Arial, Helvetica,
sans-serif>Siemens Enterprise Communications Limited.<BR>Registered office:
Brickhill Street, Willen Lake, Milton Keynes, MK15 0DJ. Registered No: 5903714,
England.<BR>Siemens Enterprise Communications Limited is a Trademark Licensee of
Siemens AG.</FONT></SPAN></P>
<P dir=ltr align=left><FONT face="Arial, Helvetica, sans-serif"><SPAN
lang=en-us><FONT size=1>This communication contains information which is
confidential and may also be privileged. It is for the exclusive use of the
addressee. If you are not the addressee please note that any distribution,
reproduction, copying, publication or use of this communication or the
information is prohibited. If you have received this communication in error,
please contact us immediately and also delete the communication from your
computer. We accept no liability for any loss or damage suffered by any person
arising from use of this email.</FONT></SPAN></FONT></P>
<P dir=ltr align=left><SPAN lang=en-us></SPAN><SPAN lang=en-us><FONT
color=#008000 size=5 face=Webdings>P</FONT></SPAN><SPAN lang=en-us></SPAN><SPAN
lang=en-us><FONT color=#008000 size=5></FONT></SPAN><SPAN
lang=en-us></SPAN><SPAN lang=en-us> <FONT color=#008000 size=1 face=Arial>Please
consider the environment - do you really need to print this
email?</FONT></SPAN><SPAN lang=en-us></SPAN><SPAN lang=en-us></SPAN></P>
<DIV> </DIV></BODY></HTML>