Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Be strict about masklength #278

Closed
wants to merge 1 commit into from

Conversation

khaleesicodes
Copy link

strtoul is too lax about characters which are used for numbers.
Manually check that masklength starts with digit.
PoC
Add following match block to your sshd_config
Match address "127.0.0.1/ +0032"
ForceCommand ls
If you access your server with ssh 127.0.0.1 then ls is executed.
This behaviour is unexpected as masklength should not be valid.

Shoutout to @c3h2_ctf

strtoul is too lax about characters which are used for numbers.
Manually check that masklength starts with digit.
PoC
Add following match block to your sshd_config
 Match address "127.0.0.1/  +0032"
        ForceCommand ls
If you access your server with `ssh 127.0.0.1` then ls is executed.
This behaviour is unexpected as masklength should not be valid.
@djmdjm
Copy link
Contributor

djmdjm commented Apr 29, 2022

committed upstream and synced back as fda1eaaec - thanks!

@djmdjm djmdjm closed this Apr 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants