Bug 1579

Summary: long usernames get truncated and fail to log in
Product: Portable OpenSSH Reporter: Pierre Ossman <ossman>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: major CC: astrand, djm
Priority: P2    
Version: 5.2p1   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 1708    
Attachments:
Description Flags
/home/djm/sshd-loginrec-namelen-crank.diff dtucker: ok+

Description Pierre Ossman 2009-03-28 01:55:29 AEDT 
A username cannot currently be longer than 128 characters as that is the size of the "username" field in struct logininfo. Under some circumstances this is not enough though.

In our specific case, we log in using the common name from a certificate, which often surpasses 128 characters. Logging in using common names from an LDAP tree is another case where username can easily get very long.

In a perfect world, the server could cope with any length, but at the very least the length should be extended. 256 bytes covers the cases we've seen, but 512 bytes might be prudent. Memory usage should not be an issue in these ranges.
Comment 1 Damien Miller 2010-06-18 14:31:58 AEST 
Created attachment 1873 [details]
/home/djm/sshd-loginrec-namelen-crank.diff

crank name length to 512
Comment 2 Damien Miller 2010-06-22 15:02:53 AEST 
patch applied - this will be in OpenSSH-5.6
Comment 3 Damien Miller 2011-01-24 12:33:36 AEDT 
Move resolved bugs to CLOSED after 5.7 release