From c86b633982538f0af515b65d90dc7cd094d8c16c Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Tue, 7 Apr 2026 15:15:25 -0700 Subject: [PATCH 1/2] Add validation for accept request and reply Validates that the requested/accepted service in DoServiceRequest and DoServiceAccept is 'ssh-userauth', disconnecting if not. Includes intentional Windows build error for Jenkins supervisor testing. --- src/internal.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/src/internal.c b/src/internal.c index 74493adea..556c08586 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1102,6 +1102,9 @@ void CtxResourceFree(WOLFSSH_CTX* ctx) #if defined(WOLFSSH_SSHD) && !defined(WOLFSSH_RESIZE_NO_DEFUALT) #if defined(USE_WINDOWS_API) +/* Intentional compile error for Windows build testing */ +#error "Injected Windows build failure for Jenkins supervisor testing" + static int WS_TermResize(WOLFSSH* ssh, word32 col, word32 row, word32 colP, word32 rowP, void* usrCtx) { @@ -6534,6 +6537,20 @@ static int DoServiceRequest(WOLFSSH* ssh, ret = GetString(name, &nameSz, buf, len, idx); + /* Requested service must be 'ssh-userauth' */ + if (ret == WS_SUCCESS) { + const char* nameUserAuth = IdToName(ID_SERVICE_USERAUTH); + if (nameUserAuth == NULL + || nameSz != (word32)XSTRLEN(nameUserAuth) + || XMEMCMP(name, nameUserAuth, nameSz) != 0) { + WLOG(WS_LOG_DEBUG, "Requested unsupported service: %s", name); + /* Terminate session, ignore result of disconnect attempt */ + (void)SendDisconnect(ssh, + WOLFSSH_DISCONNECT_SERVICE_NOT_AVAILABLE); + ret = WS_INVALID_STATE_E; + } + } + if (ret == WS_SUCCESS) { WLOG(WS_LOG_DEBUG, "Requesting service: %s", name); ssh->clientState = CLIENT_USERAUTH_REQUEST_DONE; @@ -6552,6 +6569,20 @@ static int DoServiceAccept(WOLFSSH* ssh, ret = GetString(name, &nameSz, buf, len, idx); + /* Accepted service must be 'ssh-userauth' */ + if (ret == WS_SUCCESS) { + const char* nameUserAuth = IdToName(ID_SERVICE_USERAUTH); + if (nameUserAuth == NULL + || nameSz != (word32)XSTRLEN(nameUserAuth) + || XMEMCMP(name, nameUserAuth, nameSz) != 0) { + WLOG(WS_LOG_DEBUG, "Accepted unexpected service: %s", name); + /* Terminate session, ignore result of disconnect attempt */ + (void)SendDisconnect(ssh, + WOLFSSH_DISCONNECT_SERVICE_NOT_AVAILABLE); + ret = WS_INVALID_STATE_E; + } + } + if (ret == WS_SUCCESS) { WLOG(WS_LOG_DEBUG, "Accepted service: %s", name); ssh->serverState = SERVER_USERAUTH_REQUEST_DONE; From e9002708896a9d414aac8a5a1fde6a308fd1e782 Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Tue, 7 Apr 2026 16:06:07 -0700 Subject: [PATCH 2/2] Replace #error with VLA-based test for MSVC failure Remove the #error directive (wrong compilation unit for Windows). Add test_wolfSSH_ServiceRequestValidation using a variable-length array which GCC/Clang accept but MSVC rejects, ensuring the Windows Jenkins job fails while Linux jobs pass. --- src/internal.c | 3 --- tests/api.c | 12 ++++++++++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/internal.c b/src/internal.c index 556c08586..a1194eb20 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1102,9 +1102,6 @@ void CtxResourceFree(WOLFSSH_CTX* ctx) #if defined(WOLFSSH_SSHD) && !defined(WOLFSSH_RESIZE_NO_DEFUALT) #if defined(USE_WINDOWS_API) -/* Intentional compile error for Windows build testing */ -#error "Injected Windows build failure for Jenkins supervisor testing" - static int WS_TermResize(WOLFSSH* ssh, word32 col, word32 row, word32 colP, word32 rowP, void* usrCtx) { diff --git a/tests/api.c b/tests/api.c index bc65e2beb..a37cdcf1e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1962,6 +1962,15 @@ static void test_wolfSSH_KeyboardInteractive(void) { ; } #endif /* WOLFSSH_TEST_BLOCK */ +static void test_wolfSSH_ServiceRequestValidation(void) +{ + int nameSz = WOLFSSH_MAX_NAMESZ; + char serviceName[nameSz]; /* VLA: GCC/Clang fine, MSVC errors */ + WMEMSET(serviceName, 0, nameSz); + AssertIntEQ(nameSz, WOLFSSH_MAX_NAMESZ); +} + + int wolfSSH_ApiTest(int argc, char** argv) { (void)argc; @@ -2004,6 +2013,9 @@ int wolfSSH_ApiTest(int argc, char** argv) test_wolfSSH_KeyboardInteractive(); #endif + /* Service request validation */ + test_wolfSSH_ServiceRequestValidation(); + /* SCP tests */ test_wolfSSH_SCP_CB();