Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Only abort Accept loop on EINVAL #2

Merged
merged 2 commits into from
Dec 13, 2014

Conversation

crosbymichael
Copy link

The accept method call on the socket can return many different errors but you should only really abort if an EINVAL is returned.

I also added a defer to ensure that the socket is closed when the accept loop returns.

@shazow
Copy link
Owner

shazow commented Dec 13, 2014

Thanks!

shazow added a commit that referenced this pull request Dec 13, 2014
@shazow shazow merged commit 1170c89 into shazow:master Dec 13, 2014
@crosbymichael crosbymichael deleted the abort-on-EINVAL branch December 13, 2014 07:16
bsiegert added a commit to bsiegert/ssh-chat that referenced this pull request Dec 22, 2023
This fixes the following vulnerabilities, as reported by govulncheck:

Vulnerability shazow#1: GO-2023-2402
    Man-in-the-middle attacker can compromise integrity of secure channel in
    golang.org/x/crypto
  More info: https://pkg.go.dev/vuln/GO-2023-2402
  Module: golang.org/x/crypto
    Found in: golang.org/x/crypto@v0.0.0-20200420104511-884d27f42877
    Fixed in: golang.org/x/crypto@v0.17.0
    Example traces found:
      shazow#1: work/ssh-chat-1.10/sshd/client.go:42:33: sshd.ConnectShell calls ssh.Client.NewSession
      shazow#2: work/ssh-chat-1.10/sshd/client.go:36:23: sshd.ConnectShell calls ssh.Dial
      shazow#3: work/ssh-chat-1.10/sshd/net.go:49:2: sshd.SSHListener.handleConn calls ssh.DiscardRequests
      shazow#4: work/ssh-chat-1.10/sshd/net.go:43:55: sshd.SSHListener.handleConn calls ssh.NewServerConn
      shazow#5: work/ssh-chat-1.10/sshd/terminal.go:222:13: sshd.Terminal.listen calls ssh.Request.Reply
      shazow#6: work/ssh-chat-1.10/sshd/client.go:46:2: sshd.ConnectShell calls ssh.Session.Close
      shazow#7: work/ssh-chat-1.10/sshd/client.go:70:30: sshd.ConnectShell calls ssh.Session.SendRequest
      shazow#8: work/ssh-chat-1.10/sshd/client.go:65:21: sshd.ConnectShell calls ssh.Session.Shell
      shazow#9: work/ssh-chat-1.10/cmd/ssh-chat/cmd.go:243:14: ssh.main calls fmt.Fprintln, which eventually calls ssh.channel.Read
      shazow#10: work/ssh-chat-1.10/sshd/terminal/terminal.go:954:17: terminal.Terminal.SetBracketedPasteMode calls io.WriteString, which calls ssh.channel.Write
      shazow#11: work/ssh-chat-1.10/cmd/ssh-chat/cmd.go:243:14: ssh.main calls fmt.Fprintln, which eventually calls ssh.extChannel.Read

Vulnerability shazow#4: GO-2022-0968
    Panic on malformed packets in golang.org/x/crypto/ssh
  More info: https://pkg.go.dev/vuln/GO-2022-0968
  Module: golang.org/x/crypto
    Found in: golang.org/x/crypto@v0.0.0-20200420104511-884d27f42877
    Fixed in: golang.org/x/crypto@v0.0.0-20211202192323-5770296d904e
    Example traces found:
      shazow#1: work/ssh-chat-1.10/sshd/client.go:36:23: sshd.ConnectShell calls ssh.Dial
      shazow#2: work/ssh-chat-1.10/sshd/net.go:43:55: sshd.SSHListener.handleConn calls ssh.NewServerConn

Vulnerability shazow#5: GO-2021-0356
    Denial of service via crafted Signer in golang.org/x/crypto/ssh
  More info: https://pkg.go.dev/vuln/GO-2021-0356
  Module: golang.org/x/crypto
    Found in: golang.org/x/crypto@v0.0.0-20200420104511-884d27f42877
    Fixed in: golang.org/x/crypto@v0.0.0-20220314234659-1baeb1ce4c0b
    Example traces found:
      shazow#1: work/ssh-chat-1.10/cmd/ssh-chat/cmd.go:122:19: ssh.main calls ssh.ServerConfig.AddHostKey

Vulnerability shazow#6: GO-2021-0227
    Panic on crafted authentication request message in golang.org/x/crypto/ssh
  More info: https://pkg.go.dev/vuln/GO-2021-0227
  Module: golang.org/x/crypto
    Found in: golang.org/x/crypto@v0.0.0-20200420104511-884d27f42877
    Fixed in: golang.org/x/crypto@v0.0.0-20201216223049-8b5274cf687f
    Example traces found:
      shazow#1: work/ssh-chat-1.10/sshd/net.go:43:55: sshd.SSHListener.handleConn calls ssh.NewServerConn
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants