In https://tools.ietf.org/html/rfc4254#section-5.4 The following layout is described for Channel-Specific Requests:

      byte      SSH_MSG_CHANNEL_REQUEST
      uint32    recipient channel
      string    request type in US-ASCII characters only
      boolean   want reply
      ....      type-specific data follows

We take the want reply byte within server_read_authenticated when matching msg::CHANNEL_REQUEST, but then we take it again after matching the signal req_type. This is causing an error as the positioning of the buffer is then off by one.

Thanks for the report, and for the patch! @wjohnson, it seems your patch has no author, do you want to amend that, or shall I apply it as is?

Hi @pmeunier, sorry about the author section missing. This is my first time using Pijul so I missed that part :) This should now be fixed and ready to go.

Hi, would it be possible to land this change?

Yes of course. Note that you can pull it from here (pijul pull jgrund@nest.pijul.com/pijul/thrussh --from-channel :28).