x/crypto/ssh: nil pointer dereference in transport.go #39397
Description
What version of Go are you using (go version)?
$ go version go version go1.14.2 windows/amd64
Does this issue reproduce with the latest release?
Yes.
What operating system and processor architecture are you using (go env)?
go env Output
$ go env set GO111MODULE=on set GOARCH=amd64 set GOBIN= set GOCACHE=C:\Users\janos\AppData\Local\go-build set GOENV=C:\Users\janos\AppData\Roaming\go\env set GOEXE=.exe set GOFLAGS= set GOHOSTARCH=amd64 set GOHOSTOS=windows set GOINSECURE= set GONOPROXY= set GONOSUMDB= set GOOS=windows set GOPATH=C:\Users\janos\go set GOPRIVATE= set GOPROXY=https://proxy.golang.org,direct set GOROOT=C:\Program Files\Go set GOSUMDB=sum.golang.org set GOTMPDIR= set GOTOOLDIR=C:\Program Files\Go\pkg\tool\windows_amd64 set GCCGO=gccgo set AR=ar set CC=gcc set CXX=g++ set CGO_ENABLED=1 set GOMOD=C:\Users\janos\go\src\containerssh\go.mod set CGO_CFLAGS=-g -O2 set CGO_CPPFLAGS= set CGO_CXXFLAGS=-g -O2 set CGO_FFLAGS=-g -O2 set CGO_LDFLAGS=-g -O2 set PKG_CONFIG=pkg-config set GOGCCFLAGS=-m64 -mthreads -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=C:\Users\janos\AppData\Local\Temp\go-build066225482=/tmp/go-build -gno-record-gcc-switches
What did you do?
Implement an SSH server with a limited set of MACs supported as follows. (Batteries included.) Then connect from a command line SSH client in Windows or Ubuntu 18.04 (not PuTTY). Tested on the following SSH versions:
- OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
- OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
package main
import (
"fmt"
"golang.org/x/crypto/ssh"
"log"
"net"
"strings"
)
func main() {
config := &ssh.ServerConfig{}
config.MACs = strings.Split("hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com", ",")
config.NoClientAuth = true
hostKey := "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAxXITaWGnEce/7c6G40Gr2krd8eIXbYK2xeeW7WxL73whktYh\nl5adRKFqxBmbaJr8AtkRe4EfOi4JNw0wha7jd6aGpXqOoETLKSRfKMf2Rl/OpJBB\nvArqiODVjsjjQ+p3n0X1uq3NhHoGyw9sCKW0Ex/FtVV3vGoUM3hXgqq6cRhnhJkb\n4tKNZGozESsYykO0PKoHtgz9+Fu7tXcm11BCxLAF0lNIN7zascHjOLUE0K8hD0TN\n9DFBPkxozcpAcVK30BkmbSzymDn7iH2kM1M/Bie8POFPivCnb47bdhK9d95geyRE\nM4h4Mip8ajanSr0QtIIE1WvuhPyNBPYPrE/tWwIDAQABAoIBAQCCh53ppxNKH+H0\nlvp5tuqjz6bWx/9w+F9Yingu0c+JrWiMqF9g1cN2obfxmHQzPXKpd1OlcIFydwjE\nikWvuyTJ7x9IurMbpR8iPddjIH7hm2kDRhMO+7B9eRX15TzJo3Idq6R+G3SoxftD\ntxhWxyU7F2AfNzeHKiHcvQwtaC0FolCPBRrVnk6d91DDT8UvkW5di3s9op/AMASl\n1DLWDyh+A+w5bTAVC2XsLfwVeIyFuzLW3TNCZZcFjcorKU2d7f1mwZRnKDieAQjw\nOkClH3LqFsv8sol45JOs11V5AiUzEiBiZvuQkbi72YuG0hz4qMGJeap4+EWdVEXz\n356Ufa+RAoGBAPHXvdzan3yx81jOSjS3UwfTEM1NPuJWPVfDWDMHLxM3OP5Csb2L\nWHwVH86YO1t/TGJdmrCO2u5cN/K+Gs1Z2RbGR3e73cd9+Xf9wZjAiPVNTJATTGnO\na6JHZhH3iAeFe8vLzILBy5AwU1uK/3h+iTAVWYu3bLvVd/IO3XYgY0k/AoGBANEA\n/4nL3W9gW4PBGMjBj92pXbYPViQ4P4V8A1HFgX6CacrrB7e7UgwCxXXT+8VV1Kk+\nvX6erpRVNj+sC1ZDBkWOOiEguEkL5VxcHqfX5jBIMN8p0JwR+Ige3Wn47MgviD77\nbUZ5qOdP/7aGbwVrofGB5CIsRJMMA2j8FwyNfpjlAoGAE6Zw8dn9rXcUC7ovQ1tF\n7tPSgKvvGRrivxfLOdIynAAXrGkk4f7JgMOCoxmxcPzF6xQp9oCU/1sU3K9fpCHR\nxszzj6H/Ii91Lq+6pDu4pR3Tw70dr1crXbMpcvpG3j2VUnjLtDAk5yFWFJEVsuet\nI/AIJ5cOybBNn6hfjDKTfqcCgYEAsnslvejoeppQzFzz60zQrLxbmIPUTi3yoO1c\ncFI32W9JJM480vwWfsdHFO4oTUaUyssXS6/66hUytIEZVVr7Wh6xKWUlust73LmW\nPEM1AfpEMe8lhIIcOTISZtL6caGVuiNAGDUAtjgs6RQ4buqRawo/ZadkECbsKpVM\noZ2bhLkCgYAWVJSomInW9rwx1tmMk88WqPX0eINYX+NODMDn2k2XSW79uPlAIj3q\nJAtuvlvkebm85yBPyeHFbJFSvS6o2HvkyXegN1YMbc/PfhYJfcP/ceI4d8dEfwMY\nRp423gj4VlvuZsnOLhIXKeiZUBzw1y4STtyavNMbxe6ZvLK3FxlgMw==\n-----END RSA PRIVATE KEY-----\n"
private, err := ssh.ParsePrivateKey([]byte(hostKey))
if err != nil {
log.Fatal("Failed to parse private key")
}
config.AddHostKey(private)
listener, err := net.Listen("tcp", "127.0.0.1:22")
if err != nil {
log.Fatalf("Failed to listen (%s)", err)
}
for {
tcpConn, err := listener.Accept()
if err != nil {
log.Printf("Failed to accept incoming connection (%s)", err)
continue
}
sshConn, chans, reqs, err := ssh.NewServerConn(tcpConn, config)
if err != nil {
log.Printf("Failed to handshake (%s)", err)
continue
}
log.Printf("New SSH connection from %s (%s)", sshConn.RemoteAddr(), sshConn.ClientVersion())
go ssh.DiscardRequests(reqs)
go handleChannels(chans)
}
}
func handleChannels(chans <-chan ssh.NewChannel) {
for newChannel := range chans {
go handleChannel(newChannel)
}
}
func handleChannel(newChannel ssh.NewChannel) {
newChannel.Reject(ssh.UnknownChannelType, fmt.Sprintf("unknown channel type"))
}What did you expect to see?
The connection with an unknown MAC being rejected.
What did you see instead?
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x0 pc=0x57b5fe]
goroutine 20 [running]:
golang.org/x/crypto/ssh.newPacketCipher(0x716165, 0x1, 0x1, 0x716166, 0x1, 0x1, 0x716167, 0x1, 0x1, 0xc00009e5e0, ...)
C:/Users/janos/go/pkg/mod/golang.org/x/crypto@v0.0.0-20200602180216-279210d13fed/ssh/transport.go:245 +0x14e
golang.org/x/crypto/ssh.(*transport).prepareKeyChange(0xc0000d6360, 0xc0000f6280, 0xc0000f6300, 0xc0000f6280, 0xc0000ea540)
C:/Users/janos/go/pkg/mod/golang.org/x/crypto@v0.0.0-20200602180216-279210d13fed/ssh/transport.go:80 +0x131
golang.org/x/crypto/ssh.(*handshakeTransport).enterKeyExchange(0xc0000fa000, 0xc000104580, 0x51a, 0x51a, 0x1, 0x0)
C:/Users/janos/go/pkg/mod/golang.org/x/crypto@v0.0.0-20200602180216-279210d13fed/ssh/handshake.go:599 +0x3df
golang.org/x/crypto/ssh.(*handshakeTransport).kexLoop(0xc0000fa000)
C:/Users/janos/go/pkg/mod/golang.org/x/crypto@v0.0.0-20200602180216-279210d13fed/ssh/handshake.go:301 +0x1d5
created by golang.org/x/crypto/ssh.newServerTransport
C:/Users/janos/go/pkg/mod/golang.org/x/crypto@v0.0.0-20200602180216-279210d13fed/ssh/handshake.go:143 +0x10c
The list of MACs comes from the Mozilla list
Root cause
transport.go does not check if the MAC requested is present in the list of MACs supported and therefore crashes when the lookup yields a nil. (In this case umac-128-etm@openssh.com)