SSH Agent doesn't work with OpenSSH 8.9 #30
Description
Hi,
Just recently my distro updated OpenSSH to version 8.9 and it seems this version started sending session-bind@openssh.com extension. This makes the agent library fail when deserializing the extension contents with:
Error while handling message; error = Proto(Deserialization("Buffer not depleted. Remaining bytes: [0, 0, 0, 32, 31, 92, 89, 168, 63, 119, 109, 158, 157, 181, 208, 89, 2, 30, 180, 210, 255, 25, 137, 122, 89, 202, 215, 36, 138, 117, 129, 147, 165, 82, 137, 17, 0, 0, 0, 83, 0, 0, 0, 11, 115, 115, 104, 45, 101, 100, 50, 53, 53, 49, 57, 0, 0, 0, 64, 188, 188, 199, 20, 11, 19, 240, 109, 186, 82, 210, 236, 15, 242, 13, 15, 72, 199, 139, 139, 115, 208, 157, 112, 8, 248, 92, 55, 181, 17, 117, 115, 168, 51, 99, 61, 79, 1, 186, 190, 140, 144, 234, 172, 144, 64, 47, 93, 157, 71, 20, 36, 134, 76, 254, 7, 67, 176, 15, 19, 24, 129, 191, 3, 0]"))
It seems that extension_contents field of the Extension struct is not defined correctly. I've browsed the spec but I don't see a clear definition on how byte[] should be serialized on the wire.
I've added some further debugging to the request and got this:
Error while handling message; error = Proto(Deserialization("Buffer not depleted. All bytes: [27, 0, 0, 0, 24, 115, 101, 115, 115, 105, 111, 110, 45, 98, 105, 110, 100, 64, 111, 112, 101, 110, 115, 115, 104, 46, 99, 111, 109, 0, 0, 0, 51, 0, 0, 0, 11, 115, 115, 104, 45, 101, 100, 50, 53, 53, 49, 57, 0, 0, 0, 32, 177, 185, 198, 92, 165, 45, 127, 95, 202, 195, 226, 63, 6, 115, 10, 104, 18, 137, 172, 240, 153, 154, 174, 74, 83, 7, 1, 204, 14, 177, 153, 40, 0, 0, 0, 32, 175, 96, 42, 133, 218, 171, 58, 220, 97, 78, 155, 114, 20, 67, 90, 133, 24, 185, 156, 71, 128, 163, 234, 195, 202, 15, 160, 177, 130, 229, 114, 164, 0, 0, 0, 83, 0, 0, 0, 11, 115, 115, 104, 45, 101, 100, 50, 53, 53, 49, 57, 0, 0, 0, 64, 4, 235, 93, 135, 144, 110, 220, 24, 17, 150, 40, 11, 143, 37, 207, 58, 215, 159, 23, 233, 95, 218, 115, 22, 205, 101, 55, 159, 146, 42, 121, 190, 229, 82, 75, 174, 143, 199, 121, 141, 52, 155, 73, 215, 119, 220, 104, 241, 116, 83, 96, 129, 184, 12, 93, 93, 33, 243, 171, 236, 201, 123, 17, 1, 0].
Result: Extension(Extension { extension_type: \"session-bind@openssh.com\", extension_contents: [0, 0, 0, 11, 115, 115, 104, 45, 101, 100, 50, 53, 53, 49, 57, 0, 0, 0, 32, 177, 185, 198, 92, 165, 45, 127, 95, 202, 195, 226, 63, 6, 115, 10, 104, 18, 137, 172, 240, 153, 154, 174, 74, 83, 7, 1, 204, 14, 177, 153, 40] }).
Remaining bytes: [0, 0, 0, 32, 175, 96, 42, 133, 218, 171, 58, 220, 97, 78, 155, 114, 20, 67, 90, 133, 24, 185, 156, 71, 128, 163, 234, 195, 202, 15, 160, 177, 130, 229, 114, 164, 0, 0, 0, 83, 0, 0, 0, 11, 115, 115, 104, 45, 101, 100, 50, 53, 53, 49, 57, 0, 0, 0, 64, 4, 235, 93, 135, 144, 110, 220, 24, 17, 150, 40, 11, 143, 37, 207, 58, 215, 159, 23, 233, 95, 218, 115, 22, 205, 101, 55, 159, 146, 42, 121, 190, 229, 82, 75, 174, 143, 199, 121, 141, 52, 155, 73, 215, 119, 220, 104, 241, 116, 83, 96, 129, 184, 12, 93, 93, 33, 243, 171, 236, 201, 123, 17, 1, 0]"))
It seems that the extension name is deserialized properly and that the next thing is treated as the extension_content but in reality it's a hostkey field from the spec:
The message format is:
byte SSH_AGENTC_EXTENSION (0x1b)
string session-bind@openssh.com
string hostkey
string session identifier
string signature
bool is_forwarding
After hostkey there are additional fields that are the "remaining bytes" the error speaks of.
It seems like only the extension name should be parsed from the byte stream and the rest treated as bytes and the deserialization process should stop there.