[X2Go-Dev] Bug#1460: Windows client crashes if Jumphost runs NetBSD 6 (probably race)

Edgar Fuß ef at math.uni-bonn.de
Sun Apr 19 20:23:14 CEST 2020 

Package: x2go-client for windows
Version: 4.1.2.2

The Windows X2Go client crashes (in ntdll.dll) if the Jumphost is running NetBSD 6 (it works for NetBSD 8). It crashes so early in the SSH negotiation that no further details (authentication type etc.) are relevant.

Now, NetBSD 6 (and OpenSSH 5.9, which it uses) are pretty obsolete, but interestingly, the client does not crash if run under logger.exe, so this looks like a race.

Installing OpenSSH 8.0 (from pkgsrc) on the NetBSD 6 Jumphost doesn't help. I verified that insatlling OpenSSH 8.0 on a NetBSD 8 host (which natively uses OpenSSH 7.6) works. So it's not just the OpenSSH version that matters.

But, if the Jumphost runs OpenSSH 8.0 on NetBSD 6 (where the client crashes unless run under logger.exe), tcpdump-ing the SSH connection on the Jumphost makes the client work. If I additionally tcpdump on the client side (more precisely, on the macOS system hosting the VirtualBox VM running MS Win), the client crashes again.

It looks like the condition that triggers the crash may be the client receiving the Server Key Exchange Init _after_ it sent the Client Key Exchange Init.

The packet sequence involved is (I/O as seen on the Jumphost, i.e. I client->server and O server->client):
1 I SYN (ECN, CWR)
2 O SYN/ACK
3 I ACK
4 I Client: Protocol
5 O Server: Protocol
6 I ACK

running tcpdump on NetBSD only (works):
7 O Server: Key Exchange Init
8 I ACK
9 I Client: Key Exchange Init
10 I Client: Diffie-Hellman Key Ecxhange Init
11 O ACK
12 O Diffie-Hellman Key Exchange Reply
13 I ACK
14 I Client: New Keys
15 I Client: Encrypted Packet
...

running tcpdump on NetBSD and macOS (client crashes), as seen on the NetBSD side:
7 O Server: Key Exchange Init
8 I Client: Key Exchange Init
9 I ACK
10 I Client: Diffie-Hellman Key Exhange Init
11 O ACK
12 O Diffie-Hellman Key Exchange Reply
13 I ACK
14 I Client: New Keys
15 O ACK
16 I FIN/ACK

same as seen on the macOS side:
7 I Client: Key Exchange Init
8 O Server: Key Exchange Init
[rest looks as on the NetBSD side]

Any hints how to debug this? I know virtually nothing about MS Win.

More information about the x2go-dev mailing list