[Bug 1023360] Re: Comments longer than 1024 chars break sshd_config

Fri Jul 13 15:54:27 UTC 2012

Launchpad has imported 4 comments from the remote bug at
https://bugzilla.mindrot.org/show_bug.cgi?id=2025.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2012-07-11T14:34:42+00:00 Bugzilla-mindrot-org-mail wrote:

Created attachment 2173
Prepends a comment longer than 1024 chars to sshd_config

(I searched and i did not find this behaviour documented e.g. as known
bug. Forgive me if i have missed it)

When sshd_config contains a comment of more than 1023 chars, it treats char 1024+ as valid configuration. That usually breaks the config, or (in case there accidentally is valid sshd_config syntax) is unwanted.

To verify the bug, apply appended patch to sshd_config (that prepends a
long comment) and try to start ssh. You will see this:

  $ sudo /usr/local/sbin/sshd
  /usr/local/etc/sshd_config: line 2: Bad configuration option: ThisIsTheEndOfALongComment
  /usr/local/etc/sshd_config: terminating, 1 bad configuration options

Note that it complains about line 2 though the offending comment is in
line 1.

It is worth mentioning that active configuration lines longer than 1023
chars work fine. (I discovered this bug when i commented out a long
"Match Address" list)

This bug strikes at on
 * openssh-6.0p1 from openssh.com (built on Ubuntu 11.10 i686)
 * openssh-server-5.3p1-70.el6_2.2.x86_64 (CentOS 6.2)
 * openssh-server 1:5.3p1-3ubuntu7 (Ubuntu 10.04 LTS)
 * openssh-server 1:5.8p1-7ubuntu1 (Ubuntu 11.10)
 * openssh-server 1:5.9p1-5ubuntu1 (Ubuntu 12.04 LTS)

(See also
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1023360)

Reply at: https://bugs.launchpad.net/openssh/+bug/1023360/comments/4

------------------------------------------------------------------------
On 2012-07-12T10:17:52+00:00 Dtucker wrote:

Created attachment 2174
extend config line length limit and detect if it's exceeded

Reply at: https://bugs.launchpad.net/openssh/+bug/1023360/comments/6

------------------------------------------------------------------------
On 2012-07-13T01:36:24+00:00 Dtucker wrote:

This has been fixed and the fix will be in the next release.

Thanks.

Reply at: https://bugs.launchpad.net/openssh/+bug/1023360/comments/7

------------------------------------------------------------------------
On 2012-07-13T09:53:58+00:00 Bugzilla-mindrot-org-mail wrote:

Wow, that was quick. Thanks!

Reply at: https://bugs.launchpad.net/openssh/+bug/1023360/comments/8

** Changed in: openssh
       Status: Unknown => Fix Released

** Changed in: openssh
   Importance: Unknown => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1023360

Title:
  Comments longer than 1024 chars break sshd_config

Status in Portable OpenSSH:
  Fix Released
Status in “openssh” package in Ubuntu:
  Triaged

Bug description:
  When sshd_config contains a comment of more than 1023 chars, it treats
  char 1024+ as valid configuration. That usually breaks the config, or
  (in case there accidentally is valid sshd_config syntax) is unwanted.

  To verify the bug, apply appended patch to sshd_config (that prepends
  a long comment) and try to start ssh. You will see this:

    $ sudo /usr/sbin/sshd 
    /etc/ssh/sshd_config: line 2: Bad configuration option: ThisIsAnInvalidOption
    /etc/ssh/sshd_config: terminating, 1 bad configuration options

  Note that it complains about line 2 though the offending comment is in
  line 1.

  It is worth mentioning that active configuration lines longer than
  1023 chars work fine. (I discovered this bug when i commented out a
  long "Match Address" list)

  This bug strikes at on 
   * openssh-server 1:5.3p1-3ubuntu7 (Ubuntu 10.04 LTS)
   * openssh-server 1:5.8p1-7ubuntu1 (Ubuntu 11.10)
   * openssh-server 1:5.9p1-5ubuntu1 (Ubuntu 12.04 LTS)

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1023360/+subscriptions