Skip to content

fix: protocol logic hardening in wolfSSH#1097

Open
MarkAtwood wants to merge 1 commit into
wolfSSL:masterfrom
MarkAtwood:fix/wolfssh-protocol_logic
Open

fix: protocol logic hardening in wolfSSH#1097
MarkAtwood wants to merge 1 commit into
wolfSSL:masterfrom
MarkAtwood:fix/wolfssh-protocol_logic

Conversation

@MarkAtwood

@MarkAtwood MarkAtwood commented Jul 10, 2026

Copy link
Copy Markdown

Consolidated protocol-logic hardening for wolfSSH (reported by Fenrir static analysis):

  • #4579DoUserAuthRequest now gates on the advertised auth-type set before running the application userAuthCb, so a method the server never advertised is rejected with USERAUTH_FAILURE instead of being silently handled.
  • #6271DoChannelRequest only honors shell/exec/subsystem while sessionType is still UNKNOWN, enforcing "at most one succeeds".
  • #6515 — a USERAUTH_REQUEST received after authentication completes is now silently discarded per RFC 4252 §5.1, instead of tearing down the connection.
  • #6520DoChannelExtendedData/PutBuffer preserve unread buffered data instead of overwriting it.

Build-verified (--enable-all) against wolfSSL; all four applied together compile and link clean.

Note: the two crypto-minimum changes originally bundled here (DH-GEX 1024→2048 and the RSA ≥2048 auth-key floor) are policy/interop decisions and have been split into #1101 so they can be reviewed on their own.

Copilot AI review requested due to automatic review settings July 10, 2026 00:29

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens several pieces of wolfSSH server-side protocol logic based on static-analysis findings, aiming to enforce stricter state/method gating and prevent subtle data-loss or policy-bypass behaviors.

Changes:

  • Raises the default DH group-exchange minimum size to 2048 bits.
  • Tightens server-side protocol handling: enforces advertised auth-method policy, rejects repeated channel program-start requests, and ignores post-auth USERAUTH_REQUEST per RFC 4252.
  • Adds RSA raw-pubkey minimum size enforcement and fixes buffer appends to preserve unread data.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File Description
wolfssh/internal.h Raises default GEX DH minimum to 2048 bits.
src/internal.c Protocol/state hardening in auth gating, channel request handling, post-auth message handling, RSA key-size checks, and buffer append behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/internal.c
WLOG(WS_LOG_DEBUG,
"DUAR: userauth type not advertised: %s",
IdToName(authNameId));
authNameId = ID_UNKNOWN;
Comment thread src/internal.c
#ifdef WOLFSSH_KEYBOARD_INTERACTIVE
typeAllowed |= WOLFSSH_USERAUTH_KEYBOARD;
#endif
#if !defined(WOLFSSH_NO_RSA) || !defined(WOLFSSH_NO_ECDSA)
Comment thread src/internal.c
Comment on lines +10844 to +10849
channel->sessionType = WOLFSSH_SESSION_SHELL;
if (ssh->ctx->channelReqShellCb) {
rej = ssh->ctx->channelReqShellCb(channel,
ssh->channelReqCtx);
}
ssh->clientState = CLIENT_DONE;
Comment thread src/internal.c
Comment on lines +10859 to +10863
ret = GetStringAlloc(ssh->ctx->heap, &channel->command, NULL,
buf, len, &begin);
channel->sessionType = WOLFSSH_SESSION_EXEC;
if (ssh->ctx->channelReqExecCb) {
rej = ssh->ctx->channelReqExecCb(channel,
Comment thread src/internal.c
Comment on lines +10878 to +10882
ret = GetStringAlloc(ssh->ctx->heap, &channel->command, NULL,
buf, len, &begin);
channel->sessionType = WOLFSSH_SESSION_SUBSYSTEM;
if (ssh->ctx->channelReqSubsysCb) {
rej = ssh->ctx->channelReqSubsysCb(channel,
- DoUserAuthRequest: gate on the advertised auth-type set before running
  the application userAuthCb, rejecting methods the server never
  advertised (Fenrir 4579).
- DoChannelRequest: only honor shell/exec/subsystem when sessionType is
  still UNKNOWN, enforcing "at most one succeeds" (Fenrir 6271).
- Silently discard USERAUTH_REQUEST received after authentication
  completes, per RFC 4252 section 5.1, instead of disconnecting
  (Fenrir 6515).
- DoChannelExtendedData/PutBuffer: preserve unread buffered data instead
  of overwriting it (Fenrir 6520).
@MarkAtwood MarkAtwood force-pushed the fix/wolfssh-protocol_logic branch from 0b8748e to 89aeeeb Compare July 10, 2026 00:55
@MarkAtwood MarkAtwood requested a review from ejohnstown July 10, 2026 00:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants