/* OpenSSH usings 256KB packet size max but that consumes a

 * lot of memory with the buffers we are using. However, we need
 * a large packet size if the banner that's being sent is large.
 * So we need a 256KB packet pre authentication and a smaller one
 * in this case SSH_IOBUFSZ + 1KB, afterwards. So we change
 * PACKET_MAX_SIZE from a #define to a global. Then, in the function
 * ssh_packet_set_authentcated we reduce the size to something
 * more memory efficient. -cjr 04/07/23
 */

Author: rapier1

auth2.c

@@ -105,6 +105,9 @@ static char *authmethods_get(Authctxt *authctxt);
 #define MATCH_PARTIAL	3	/* method matches, submethod can't be checked */
 static int list_starts_with(const char *, const char *, const char *);
 
+/* read the user banner from the path in sshd_config
+ * this isn't to read it on the client side but to read
+ * it into what we are going to send on the server side */
 char *
 auth2_read_banner(void)
 {

packet.c

@@ -103,12 +103,16 @@
 #define DBG(x)
 #endif
 
-/* SSH_IOBUFSZ + 1k of head room */
 /* OpenSSH usings 256KB packet size max but that consumes a
- * lot of memory wiht the buffers we are using. This keeps it
- * in check. Doesn't seem to have an impact on performance or
- * functionality cjr 04/06/2023 */
-#define PACKET_MAX_SIZE (SSH_IOBUFSZ + 1024)
+ * lot of memory with the buffers we are using. However, we need
+ * a large packet size if the banner that's being sent is large.
+ * So we need a 256KB packet pre authentication and a smaller one
+ * in this case SSH_IOBUFSZ + 1KB, afterwards. So we change
+ * PACKET_MAX_SIZE from a #define to a global. Then, in the function
+ * ssh_packet_set_authentcated we reduce the size to something
+ * more memory efficient. -cjr 04/07/23
+ */
+u_int packet_max_size = 256 * 1024;
 
 struct packet_state {
 	u_int32_t seqnr;
@@ -397,7 +401,7 @@ ssh_packet_stop_discard(struct ssh *ssh)
 
 	if (state->packet_discard_mac) {
 		char buf[1024];
-		size_t dlen = PACKET_MAX_SIZE;
+		size_t dlen = packet_max_size;
 
 		if (dlen > state->packet_discard_mac_already)
 			dlen -= state->packet_discard_mac_already;
@@ -1504,7 +1508,7 @@ ssh_packet_read_poll2_mux(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 			return 0; /* packet is incomplete */
 		state->packlen = PEEK_U32(cp);
 		if (state->packlen < 4 + 1 ||
-		    state->packlen > PACKET_MAX_SIZE)
+		    state->packlen > packet_max_size)
 			return SSH_ERR_MESSAGE_INCOMPLETE;
 	}
 	need = state->packlen + 4;
@@ -1563,7 +1567,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 		    sshbuf_ptr(state->input), sshbuf_len(state->input)) != 0)
 			return 0;
 		if (state->packlen < 1 + 4 ||
-		    state->packlen > PACKET_MAX_SIZE) {
+		    state->packlen > packet_max_size) {
 #ifdef PACKET_DEBUG
 			sshbuf_dump(state->input, stderr);
 #endif
@@ -1590,7 +1594,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 			goto out;
 		state->packlen = PEEK_U32(sshbuf_ptr(state->incoming_packet));
 		if (state->packlen < 1 + 4 ||
-		    state->packlen > PACKET_MAX_SIZE) {
+		    state->packlen > packet_max_size) {
 #ifdef PACKET_DEBUG
 			fprintf(stderr, "input: \n");
 			sshbuf_dump(state->input, stderr);
@@ -1599,7 +1603,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 #endif
 			logit("Bad packet length %u.", state->packlen);
 			return ssh_packet_start_discard(ssh, enc, mac, 0,
-			    PACKET_MAX_SIZE);
+			    packet_max_size);
 		}
 		if ((r = sshbuf_consume(state->input, block_size)) != 0)
 			goto out;
@@ -1622,7 +1626,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 		logit("padding error: need %d block %d mod %d",
 		    need, block_size, need % block_size);
 		return ssh_packet_start_discard(ssh, enc, mac, 0,
-		    PACKET_MAX_SIZE - block_size);
+		    packet_max_size - block_size);
 	}
 	/*
 	 * check if the entire packet has been received and
@@ -1666,11 +1670,11 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 			if (r != SSH_ERR_MAC_INVALID)
 				goto out;
 			logit("Corrupted MAC on input.");
-			if (need + block_size > PACKET_MAX_SIZE)
+			if (need + block_size > packet_max_size)
 				return SSH_ERR_INTERNAL_ERROR;
 			return ssh_packet_start_discard(ssh, enc, mac,
 			    sshbuf_len(state->incoming_packet),
-			    PACKET_MAX_SIZE - need - block_size);
+			    packet_max_size - need - block_size);
 		}
 		/* Remove MAC from input buffer */
 		DBG(debug("MAC #%d ok", state->p_read.seqnr));
@@ -1842,7 +1846,7 @@ ssh_packet_process_read(struct ssh *ssh, int fd)
 	int r;
 	size_t rlen;
 
-	if ((r = sshbuf_read(fd, state->input, PACKET_MAX_SIZE, &rlen)) != 0)
+	if ((r = sshbuf_read(fd, state->input, packet_max_size, &rlen)) != 0)
 		return r;
 
 	if (state->packet_discard) {
@@ -2241,6 +2245,7 @@ void
 ssh_packet_set_authenticated(struct ssh *ssh)
 {
 	ssh->state->after_authentication = 1;
+	packet_max_size = SSH_IOBUFSZ + 1024;
 }
 
 void *

regress/banner.sh

@@ -13,7 +13,7 @@ verbose "test $tid: missing banner file"
 	cmp $OBJ/empty.in $OBJ/banner.out ) || \
 	fail "missing banner file"
 
-for s in 0 10 100 1000 10000 ; do
+for s in 0 10 100 1000 10000 100000; do
 	if [ "$s" = "0" ]; then
 		# create empty banner
 		touch $OBJ/banner.in