Fix sha1 hash input in GSS Group1 client-side kex completion#2576
Open
bysiber wants to merge 1 commit into
Open
Fix sha1 hash input in GSS Group1 client-side kex completion#2576bysiber wants to merge 1 commit into
bysiber wants to merge 1 commit into
Conversation
_parse_kexgss_complete in KexGSSGroup1 passes str(hm) to sha1(), but hm is a Message (BytesIO subclass). On Python 3, str() on a BytesIO returns its repr string, not the buffer content. Then sha1() raises TypeError because it requires bytes, not str. The server-side handler in the same class already uses the correct form: sha1(hm.asbytes()).digest(). Apply the same fix here.
bysiber
force-pushed
the
fix/kex-gss-sha1-bytes
branch
from
e4aa777 to
040c190
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fix
KexGSSGroup1._parse_kexgss_complete()to hash the exchange message bytes instead of its repr string.Problem
The client-side handler for
SSH_MSG_KEXGSS_COMPLETEinKexGSSGroup1computes the exchange hash as:hmis aMessageobject (aBytesIOsubclass). On Python 3,str()on aBytesIOreturns its repr string — something like"<_io.BytesIO object at 0x7f...>"— not the actual buffer content. Thensha1()raisesTypeErrorbecausehashlib.sha1()requiresbytes, notstr.The server-side handler in the same class at line 269 already uses the correct form:
As do both handlers in
KexGSSGex(lines 532 and 634).Impact
GSS-API Group1 key exchange (
gss-group1-sha1-*) always fails in client mode on Python 3 with an unhandledTypeErrorduring the kex completion step.Fix
Replace
sha1(str(hm))withsha1(hm.asbytes()), consistent with every other hash computation in the same file.