Created attachment 2400 [details] Possible fix for kex.c GSSAPIKeyExchange strcmp problem Reported problem: Attempted connections from new 6.4p1 client to old 6.0p1 server fails when using "GSSAPIKeyExchange yes". Client error message: unsupported kex alg gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g== Server error message: (nothing much useful, even with -ddd) Cause: In kex.c :: choose_kex() prior to 6.3p1 the search for Kex k->name was performed using a mix of strcmp() and strncmp(). The strncmp() name comparisons on just the leading part of the name were necessary for KEX_GSS_GEX_SHA1_ID, KEX_GSS_GRP1_SHA1_ID, and KEX_GSS_GRP14_SHA1_ID. Starting with 6.3.p1 and continuing in 6.4p1 and openssh-SNAP-20140125.tar.gz kex.c moved to a kexalgs table with a kex_alg_by_name() lookup. Since kex_alg_by_name() only uses strcmp, the above kex algorith names fail to make an exact match. For example, KEX_GSS_GEX_SHA1_ID = gss-gex-sha1- vs k->name = gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g== Proposed fix: Add strncmp() special cases for the KEX_GSS_* algorithms. See example patch in attachments. Not elegant, but I think safe. Note: Why not just use strncmp() in kex_alg_by_name(const char *name) for all cases? But what if someday there's an algorithm name which is a substring of another name?
OOPS! My bad! This bug is relative to a non-standard patch for gssapi-keyex, not the main code. SORRY. I should have sent it to http://www.sxw.org.uk/computing/patches/openssh.html NEVERMIND...
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1