Bug 50751 - OpenSSH flooding logs because of big packets received
OpenSSH flooding logs because of big packets received
Status: CLOSED RAWHIDE
Product: Red Hat Raw Hide
Classification: Retired
Component: openssh (Show other bugs)
1.0
All Linux
medium Severity low
: ---
: ---
Assigned To: Nalin Dahyabhai
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-08-02 16:42 EDT by Olivier Benghozi
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-08-02 16:42:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Olivier Benghozi 2001-08-02 16:42:30 EDT
The "maxpack" value negociated between ssh server and a client is not 
always really observed by certain versions of some clients, and is only 
considered as a wish, not an obligation (like in secureFX 1.9.3, since 
1.9.4 does enforce the limitation). This is not really a problem since it 
doesn't prevent both sides to communicate, even with big packets. There's 
no problem with that with sshd2 from ssh.com.
This is also not a problem with opensshd 2.9p2, EXCEPT that it floods logs 
(/var/log/secure) with some useless things:


Logs:
Jul  6 22:01:43 limace sshd[17669]: channel 0: rcvd big packet 31092, 
maxpack 16384
Jul  6 22:01:43 limace sshd[17669]: channel 0: rcvd big packet 31064, 
maxpack 16384
Jul  6 22:01:43 limace sshd[17669]: channel 0: rcvd big packet 31036, 
maxpack 16384
Jul  6 22:01:43 limace sshd[17669]: channel 0: rcvd big packet 31008, 
maxpack 16384
Jul  6 22:01:43 limace sshd[17669]: channel 0: rcvd big packet 30980, 
maxpack 16384
Jul  6 22:01:43 limace sshd[17669]: channel 0: rcvd big packet 30952, 
maxpack 16384
etc...


Flooding logs can be a way of DoS.
So it seems to me that this is really only DEBUG information.
In those conditions, I think the log() ought to be replaced by a debug() 
like this:


Patch diff:

--- openssh-2.9p2/channels.c.old        Fri Jul 20 23:03:47 2001
+++ openssh-2.9p2/channels.c    Fri Jul 20 23:04:08 2001
@@ -1315,11 +1315,11 @@
 
        if (compat20){
                if (data_len > c->local_maxpacket) {
-                       log("channel %d: rcvd big packet %d, maxpack %d",
+                       debug("channel %d: rcvd big packet %d, maxpack %d",
                            c->self, data_len, c->local_maxpacket);
                }
                if (data_len > c->local_window) {
-                       log("channel %d: rcvd too much data %d, win %d",
+                       debug("channel %d: rcvd too much data %d, win %d",
                            c->self, data_len, c->local_window);
                        xfree(data);
                        return;





-------------
If someone considers 'too much data' is not only a debug information, 'big 
packet received' not creating communication problem nor bufferoverflowing 
anything is really a debug information.
Comment 1 Nalin Dahyabhai 2001-09-06 08:50:56 EDT
This change will be integrated into 2.9p2-7 and later.  Thanks!

Note You need to log in before you can comment on or make changes to this bug.