aboutsummaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit.junit.ssh/src/org
diff options
context:
space:
mode:
authorThomas Wolf <thomas.wolf@paranor.ch>2019-07-13 10:57:11 +0200
committerThomas Wolf <thomas.wolf@paranor.ch>2019-07-15 13:26:05 +0200
commitb8a514fdcbedc49f885c41216fb482ac49c19c8e (patch)
treeeb770c9e97d716c92f7a563da0e73b68dac345b7 /org.eclipse.jgit.junit.ssh/src/org
parent848d9f0d71e07b1f0a36df78e85c7663156f49b5 (diff)
downloadjgit-b8a514fdcbedc49f885c41216fb482ac49c19c8e.tar.gz
jgit-b8a514fdcbedc49f885c41216fb482ac49c19c8e.zip
sshd: correct the protocol version exchange
RFC 4253 section 4.2 allows an ssh server to send additional lines before its server identification string. Apache MINA sshd enforces for these lines the constraints specified for the server identification line, too: no NUL characters and not longer than 255 characters. That is too strict. RFC 4253 doesn't mandate this, and it also doesn't make sense given the rationale for these lines in RFC 4253: a TCP wrapper may not be aware of SSH restrictions, and may not adhere to these constraints. Be more lenient when parsing the server's protocol version. Allow NULs and longer lines in the preamble, and also handle line endings more leniently. Only enforce the restrictions for the actual server identification line. Bug: 545939 Change-Id: I75955e9d8a8daef7c04fc0f39539c2ee93514e1c Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Diffstat (limited to 'org.eclipse.jgit.junit.ssh/src/org')
-rw-r--r--org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java18
1 files changed, 18 insertions, 0 deletions
diff --git a/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java b/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java
index 25d952f189..7f155d4867 100644
--- a/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java
+++ b/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java
@@ -58,6 +58,7 @@ import java.util.Locale;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.NamedResource;
+import org.apache.sshd.common.PropertyResolverUtils;
import org.apache.sshd.common.SshConstants;
import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
import org.apache.sshd.common.config.keys.KeyUtils;
@@ -69,6 +70,7 @@ import org.apache.sshd.common.util.security.SecurityUtils;
import org.apache.sshd.common.util.threads.CloseableExecutorService;
import org.apache.sshd.common.util.threads.ThreadUtils;
import org.apache.sshd.server.ServerAuthenticationManager;
+import org.apache.sshd.server.ServerFactoryManager;
import org.apache.sshd.server.SshServer;
import org.apache.sshd.server.auth.UserAuth;
import org.apache.sshd.server.auth.gss.GSSAuthenticator;
@@ -342,6 +344,22 @@ public class SshTestGitServer {
.resolvePublicKey(null, PublicKeyEntryResolver.IGNORING);
}
+ /**
+ * Sets the lines the server sends before its server identification in the
+ * initial protocol version exchange.
+ *
+ * @param lines
+ * to send
+ * @since 5.5
+ */
+ public void setPreamble(String... lines) {
+ if (lines != null && lines.length > 0) {
+ PropertyResolverUtils.updateProperty(this.server,
+ ServerFactoryManager.SERVER_EXTRA_IDENTIFICATION_LINES,
+ String.join("|", lines));
+ }
+ }
+
private class GitUploadPackCommand extends AbstractCommandSupport {
protected GitUploadPackCommand(String command,