Bug 50751 - OpenSSH flooding logs because of big packets received
Summary: OpenSSH flooding logs because of big packets received
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: openssh   
(Show other bugs)
Version: 1.0
Hardware: All Linux
medium
low
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-08-02 20:42 UTC by Olivier Benghozi
Modified: 2008-05-01 15:38 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-08-02 20:42:39 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Olivier Benghozi 2001-08-02 20:42:30 UTC
The "maxpack" value negociated between ssh server and a client is not 
always really observed by certain versions of some clients, and is only 
considered as a wish, not an obligation (like in secureFX 1.9.3, since 
1.9.4 does enforce the limitation). This is not really a problem since it 
doesn't prevent both sides to communicate, even with big packets. There's 
no problem with that with sshd2 from ssh.com.
This is also not a problem with opensshd 2.9p2, EXCEPT that it floods logs 
(/var/log/secure) with some useless things:


Logs:
Jul  6 22:01:43 limace sshd[17669]: channel 0: rcvd big packet 31092, 
maxpack 16384
Jul  6 22:01:43 limace sshd[17669]: channel 0: rcvd big packet 31064, 
maxpack 16384
Jul  6 22:01:43 limace sshd[17669]: channel 0: rcvd big packet 31036, 
maxpack 16384
Jul  6 22:01:43 limace sshd[17669]: channel 0: rcvd big packet 31008, 
maxpack 16384
Jul  6 22:01:43 limace sshd[17669]: channel 0: rcvd big packet 30980, 
maxpack 16384
Jul  6 22:01:43 limace sshd[17669]: channel 0: rcvd big packet 30952, 
maxpack 16384
etc...


Flooding logs can be a way of DoS.
So it seems to me that this is really only DEBUG information.
In those conditions, I think the log() ought to be replaced by a debug() 
like this:


Patch diff:

--- openssh-2.9p2/channels.c.old        Fri Jul 20 23:03:47 2001
+++ openssh-2.9p2/channels.c    Fri Jul 20 23:04:08 2001
@@ -1315,11 +1315,11 @@
 
        if (compat20){
                if (data_len > c->local_maxpacket) {
-                       log("channel %d: rcvd big packet %d, maxpack %d",
+                       debug("channel %d: rcvd big packet %d, maxpack %d",
                            c->self, data_len, c->local_maxpacket);
                }
                if (data_len > c->local_window) {
-                       log("channel %d: rcvd too much data %d, win %d",
+                       debug("channel %d: rcvd too much data %d, win %d",
                            c->self, data_len, c->local_window);
                        xfree(data);
                        return;





-------------
If someone considers 'too much data' is not only a debug information, 'big 
packet received' not creating communication problem nor bufferoverflowing 
anything is really a debug information.

Comment 1 Nalin Dahyabhai 2001-09-06 12:50:56 UTC
This change will be integrated into 2.9p2-7 and later.  Thanks!


Note You need to log in before you can comment on or make changes to this bug.