SSH2 "Invalid size" errors after updating to 0.3.7 / master #408

Closed
bantu opened this Issue Jul 15, 2014 · 5 comments

2 participants

@bantu
phpseclib member

After upgrading from 0.3.6 to 0.3.7 + 5a5d0fc "invalid size" errors appear.

See
owncloud/core#9632 (comment)
https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Net/SSH2.php#L2700

@bantu bantu added the support label Jul 15, 2014
@terrafrost
phpseclib member

The "invalid size" check has been in phpseclib since 0.3.5:

e7336e6

I guess whomever is getting that error can try this:

#
#-----[ OPEN ]------------------------------------------
#
Net/SSH2.php
#
#-----[ FIND ]------------------------------------------
#
        if ($remaining_length < -$this->decrypt_block_size || $remaining_length > 0x9000 || $remaining_length % $this->decrypt_block_size != 0) {
#
#-----[ AFTER, ADD ]------------------------------------
#
echo "remaining_length = $remaining_length<br>\r\n";
echo "decrypt_block_size = {$this->decrypt_block_size}<br>\r\n";

If affected parties could also enable real time logging (define('NET_SSH2_LOGGING', 3); at the top of the file) that'd be helpful as well. That'd make it so I can see where in Net/SSH2.php the error is occuring.

@bantu
phpseclib member

@terrafrost Could this be caused by 7a2c7a4 ? I have this commit somehow in mind, but can't remember exactly why. I will try to reproduce this myself tomorrow or so.

@terrafrost
phpseclib member

I don't see how 7a2c7a4 would cause any issues. The issue that fixed was one wherein phpseclib would tell the server it was sending x bytes but then would only send y bytes. ie. it was an issue with data being sent. And the server could presumably decrypt it just fine - it was just waiting for data that was never sent. Contrast that with this wherein data is being received.

@bantu
phpseclib member

Should probably keep the "invalid size" problem in this ticket, but see #415 for reproduction. I kind of found this by accident.

@terrafrost
phpseclib member

See #417

@bantu bantu closed this in #417 Jul 21, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment