Skip to content

Protect readLine() against DoS #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
pixeebot wants to merge 1 commit into from
Closed

Protect readLine() against DoS #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion src/main/java/com/hierynomus/sshj/userauth/keyprovider/OpenSSHKeyFileUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
*/
package com.hierynomus.sshj.userauth.keyprovider;

import io.github.pixee.security.BoundedLineReader;
import net.schmizz.sshj.common.Base64DecodingException;
import net.schmizz.sshj.common.Base64Decoder;
import net.schmizz.sshj.common.Buffer;
Expand Down Expand Up @@ -50,7 +51,7 @@ public static ParsedPubKey initPubKey(Reader publicKey) throws IOException {
final BufferedReader br = new BufferedReader(publicKey);
try {
String keydata;
while ((keydata = br.readLine()) != null) {
while ((keydata = BoundedLineReader.readLine(br, 5_000_000)) != null) {
keydata = keydata.trim();
if (!keydata.isEmpty()) {
String[] parts = keydata.trim().split("\\s+");
Expand Down
9 changes: 5 additions & 4 deletions src/main/java/com/hierynomus/sshj/userauth/keyprovider/OpenSSHKeyV1KeyFile.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import com.hierynomus.sshj.transport.cipher.ChachaPolyCiphers;
import com.hierynomus.sshj.transport.cipher.GcmCiphers;
import com.hierynomus.sshj.userauth.keyprovider.bcrypt.BCrypt;
import io.github.pixee.security.BoundedLineReader;
import net.i2p.crypto.eddsa.EdDSAPrivateKey;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
Expand Down Expand Up @@ -305,14 +306,14 @@ private String readEncodedKey(final BufferedReader reader) throws IOException {
final StringBuilder builder = new StringBuilder();

boolean footerFound = false;
String line = reader.readLine();
String line = BoundedLineReader.readLine(reader, 5_000_000);
while (line != null) {
if (line.startsWith(END)) {
footerFound = true;
break;
}
builder.append(line);
line = reader.readLine();
line = BoundedLineReader.readLine(reader, 5_000_000);
}

if (footerFound) {
Expand All @@ -324,9 +325,9 @@ private String readEncodedKey(final BufferedReader reader) throws IOException {
}

private boolean checkHeader(final BufferedReader reader) throws IOException {
String line = reader.readLine();
String line = BoundedLineReader.readLine(reader, 5_000_000);
while (line != null && !line.startsWith(BEGIN)) {
line = reader.readLine();
line = BoundedLineReader.readLine(reader, 5_000_000);
}
if (line == null) {
return false;
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
import com.hierynomus.sshj.common.KeyAlgorithm;
import com.hierynomus.sshj.transport.verification.KnownHostMatchers;
import com.hierynomus.sshj.userauth.certificate.Certificate;
import io.github.pixee.security.BoundedLineReader;
import net.schmizz.sshj.common.*;
import org.slf4j.Logger;

Expand Down Expand Up @@ -86,7 +87,7 @@ public OpenSSHKnownHosts(Reader reader, LoggerFactory loggerFactory) throws IOEx
private void readEntries(BufferedReader br) throws IOException {
final EntryFactory entryFactory = new EntryFactory();
String line;
while ((line = br.readLine()) != null) {
while ((line = BoundedLineReader.readLine(br, 5_000_000)) != null) {
try {
KnownHostEntry entry = entryFactory.parseEntry(line);
if (entry != null) {
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyProviderUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
package net.schmizz.sshj.userauth.keyprovider;

import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
import io.github.pixee.security.BoundedLineReader;
import net.schmizz.sshj.common.IOUtils;

import java.io.*;
Expand Down Expand Up @@ -75,7 +76,7 @@ private static String readHeader(Reader privateKey) throws IOException {
BufferedReader br = new BufferedReader(privateKey);
try {
String header;
while ((header = br.readLine()) != null) {
while ((header = BoundedLineReader.readLine(br, 5_000_000)) != null) {
header = header.trim();
if (!header.isEmpty()) {
break;
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/net/schmizz/sshj/userauth/keyprovider/PuTTYKeyFile.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
package net.schmizz.sshj.userauth.keyprovider;

import com.hierynomus.sshj.common.KeyAlgorithm;
import io.github.pixee.security.BoundedLineReader;
import net.i2p.crypto.eddsa.EdDSAPrivateKey;
import net.i2p.crypto.eddsa.EdDSAPublicKey;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
Expand Down Expand Up @@ -211,7 +212,7 @@ protected void parseKeyPair() throws IOException {
try {
String headerName = null;
String line;
while ((line = r.readLine()) != null) {
while ((line = BoundedLineReader.readLine(r, 5_000_000)) != null) {
int idx = line.indexOf(": ");
if (idx > 0) {
headerName = line.substring(0, idx);
Expand Down
3 changes: 2 additions & 1 deletion src/test/java/net/schmizz/sshj/keyprovider/CorruptedPublicKeyTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package net.schmizz.sshj.keyprovider;

import io.github.pixee.security.BoundedLineReader;
import net.schmizz.sshj.SSHClient;
import net.schmizz.sshj.util.CorruptBase64;
import org.junit.jupiter.api.io.TempDir;
Expand Down Expand Up @@ -51,7 +52,7 @@ public void corruptedPublicKey(String privateKeyFileName, String passphrase) thr
String publicKeyText;
try (var reader = new BufferedReader(new FileReader(
keyRoot.resolve(privateKeyFileName + ".pub").toFile()))) {
publicKeyText = reader.readLine();
publicKeyText = BoundedLineReader.readLine(reader, 5_000_000);
}

String[] parts = publicKeyText.split("\\s+");
Expand Down
5 changes: 3 additions & 2 deletions src/test/java/net/schmizz/sshj/keyprovider/OpenSSHKeyFileTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
import com.hierynomus.sshj.common.KeyDecryptionFailedException;
import com.hierynomus.sshj.userauth.certificate.Certificate;
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
import io.github.pixee.security.BoundedLineReader;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
import net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile;
Expand Down Expand Up @@ -461,7 +462,7 @@ public void notTrimmedKeys() throws IOException {
BufferedReader reader = new BufferedReader(new InputStreamReader(new FileInputStream(initialPrivateKey)));
BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(corruptedPrivateKey)));
String line;
while ((line = reader.readLine()) != null) {
while ((line = BoundedLineReader.readLine(reader, 5_000_000)) != null) {
writer.write(line);
writer.write("\n");
}
Expand All @@ -472,7 +473,7 @@ public void notTrimmedKeys() throws IOException {
reader = new BufferedReader(new InputStreamReader(new FileInputStream(initialPublicKey)));
writer = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(corruptedPublicKey)));
writer.write("\n\n \t ");
writer.write(reader.readLine().replace(" ", " \t "));
writer.write(BoundedLineReader.readLine(reader, 5_000_000).replace(" ", " \t "));
writer.write("\n\n");
reader.close();
writer.close();
Expand Down
5 changes: 3 additions & 2 deletions src/test/java/net/schmizz/sshj/keyprovider/PuTTYKeyFileTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
package net.schmizz.sshj.keyprovider;

import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
import io.github.pixee.security.BoundedLineReader;
import net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile;
import net.schmizz.sshj.userauth.keyprovider.PuTTYKeyFile;
import net.schmizz.sshj.util.CorruptBase64;
Expand Down Expand Up @@ -588,14 +589,14 @@ private String corruptBase64InPuttyKey(
try (var reader = new BufferedReader(new StringReader(source))) {
StringBuilder result = new StringBuilder();
while (true) {
String line = reader.readLine();
String line = BoundedLineReader.readLine(reader, 5_000_000);
if (line == null) {
break;
} else if (line.startsWith(sectionPrefix)) {
int base64LineCount = Integer.parseInt(line.substring(sectionPrefix.length()));
StringBuilder base64 = new StringBuilder();
for (int i = 0; i < base64LineCount; ++i) {
base64.append(Objects.requireNonNull(reader.readLine()));
base64.append(Objects.requireNonNull(BoundedLineReader.readLine(reader, 5_000_000)));
}
String corruptedBase64 = CorruptBase64.corruptBase64(base64.toString());

Expand Down