Bugzilla – Attachment 1446 Details for
Bug 1363
sshd gets stuck: select() in packet_read_seqnr waits indefinitely
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
activate server-side timeout after auth completes
packet-timeout.diff (text/plain), 7.70 KB, created by
Damien Miller
on 2008-01-20 12:17:53 AEDT
(
hide
)
Description:
activate server-side timeout after auth completes
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2008-01-20 12:17:53 AEDT
Size:
7.70 KB
patch
obsolete
>? scard/Ssh.bin >? scp/scp >? scp/scp.cat1 >? sftp/sftp >? sftp/sftp.cat1 >? sftp-server/sftp-server >? sftp-server/sftp-server.cat8 >? ssh/ssh >? ssh/ssh.cat1 >? ssh/ssh_config.cat5 >? ssh-add/ssh-add >? ssh-add/ssh-add.cat1 >? ssh-agent/ssh-agent >? ssh-agent/ssh-agent.cat1 >? ssh-keygen/ssh-keygen >? ssh-keygen/ssh-keygen.cat1 >? ssh-keyscan/ssh-keyscan >? ssh-keyscan/ssh-keyscan.cat1 >? ssh-keysign/ssh-keysign >? ssh-keysign/ssh-keysign.cat8 >? sshd/sshd >? sshd/sshd.cat8 >? sshd/sshd_config.cat5 >Index: misc.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/misc.c,v >retrieving revision 1.67 >diff -u -p -r1.67 misc.c >--- misc.c 1 Jan 2008 08:47:04 -0000 1.67 >+++ misc.c 20 Jan 2008 01:14:36 -0000 >@@ -812,3 +812,23 @@ put_u16(void *vp, u_int16_t v) > p[0] = (u_char)(v >> 8) & 0xff; > p[1] = (u_char)v & 0xff; > } >+ >+void >+ms_subtract_diff(struct timeval *start, int *ms) >+{ >+ struct timeval diff, finish; >+ >+ gettimeofday(&finish, NULL); >+ timersub(&finish, start, &diff); >+ *ms -= (diff.tv_sec * 1000) + (diff.tv_usec / 1000); >+} >+ >+void >+ms_to_timeval(struct timeval *tv, int ms) >+{ >+ if (ms < 0) >+ ms = 0; >+ tv->tv_sec = ms / 1000; >+ tv->tv_usec = (ms % 1000) * 1000; >+} >+ >Index: misc.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/misc.h,v >retrieving revision 1.37 >diff -u -p -r1.37 misc.h >--- misc.h 27 Dec 2007 14:22:08 -0000 1.37 >+++ misc.h 20 Jan 2008 01:14:36 -0000 >@@ -33,6 +33,8 @@ char *tilde_expand_filename(const char * > char *percent_expand(const char *, ...) __attribute__((__sentinel__)); > char *tohex(const void *, size_t); > void sanitise_stdfd(void); >+void ms_subtract_diff(struct timeval *, int *); >+void ms_to_timeval(struct timeval *, int); > > struct passwd *pwcopy(struct passwd *); > const char *ssh_gai_strerror(int); >Index: packet.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/packet.c,v >retrieving revision 1.149 >diff -u -p -r1.149 packet.c >--- packet.c 28 Dec 2007 15:32:24 -0000 1.149 >+++ packet.c 20 Jan 2008 01:14:36 -0000 >@@ -132,6 +132,9 @@ static int server_side = 0; > /* Set to true if we are authenticated. */ > static int after_authentication = 0; > >+/* Set to the maximum time that we will wait to send or receive a packet */ >+static int packet_timeout_ms = -1; >+ > /* Session key information for Encryption and MAC */ > Newkeys *newkeys[MODE_MAX]; > static struct packet_state { >@@ -185,6 +188,19 @@ packet_set_connection(int fd_in, int fd_ > } > } > >+void >+packet_set_timeout(int timeout, int count) >+{ >+ if (timeout == 0 || count == 0) { >+ packet_timeout_ms = -1; >+ return; >+ } >+ if ((INT_MAX / 1000) / count < timeout) >+ packet_timeout_ms = INT_MAX; >+ else >+ packet_timeout_ms = timeout * count * 1000; >+} >+ > /* Returns 1 if remote host is connected via socket, 0 if not. */ > > int >@@ -880,10 +896,11 @@ packet_send(void) > int > packet_read_seqnr(u_int32_t *seqnr_p) > { >- int type, len; >+ int type, len, ret, ms_remain; > fd_set *setp; > char buf[8192]; > DBG(debug("packet_read()")); >+ struct timeval timeout, start, *timeoutp = NULL; > > setp = (fd_set *)xcalloc(howmany(connection_in+1, NFDBITS), > sizeof(fd_mask)); >@@ -914,11 +931,34 @@ packet_read_seqnr(u_int32_t *seqnr_p) > sizeof(fd_mask)); > FD_SET(connection_in, setp); > >+ if (packet_timeout_ms > 0) { >+ ms_remain = packet_timeout_ms; >+ timeoutp = &timeout; >+ } > /* Wait for some data to arrive. */ >- while (select(connection_in + 1, setp, NULL, NULL, NULL) == -1 && >- (errno == EAGAIN || errno == EINTR)) >- ; >- >+ for (;;) { >+ if (packet_timeout_ms != -1) { >+ ms_to_timeval(&timeout, ms_remain); >+ gettimeofday(&start, NULL); >+ } >+ if ((ret = select(connection_in + 1, setp, NULL, >+ NULL, timeoutp)) >= 0) >+ break; >+ if (errno != EAGAIN && errno != EINTR) >+ break; >+ if (packet_timeout_ms == -1) >+ continue; >+ ms_subtract_diff(&start, &ms_remain); >+ if (ms_remain <= 0) { >+ ret = 0; >+ break; >+ } >+ } >+ if (ret == 0) { >+ logit("Connection to %.200s timed out while " >+ "waiting to read", get_remote_ipaddr()); >+ cleanup_exit(255); >+ } > /* Read data from the socket. */ > len = read(connection_in, buf, sizeof(buf)); > if (len == 0) { >@@ -1431,6 +1471,8 @@ void > packet_write_wait(void) > { > fd_set *setp; >+ int ret, ms_remain; >+ struct timeval start, timeout, *timeoutp = NULL; > > setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS), > sizeof(fd_mask)); >@@ -1439,9 +1481,34 @@ packet_write_wait(void) > memset(setp, 0, howmany(connection_out + 1, NFDBITS) * > sizeof(fd_mask)); > FD_SET(connection_out, setp); >- while (select(connection_out + 1, NULL, setp, NULL, NULL) == -1 && >- (errno == EAGAIN || errno == EINTR)) >- ; >+ >+ if (packet_timeout_ms > 0) { >+ ms_remain = packet_timeout_ms; >+ timeoutp = &timeout; >+ } >+ for (;;) { >+ if (packet_timeout_ms != -1) { >+ ms_to_timeval(&timeout, ms_remain); >+ gettimeofday(&start, NULL); >+ } >+ if ((ret = select(connection_out + 1, NULL, setp, >+ NULL, timeoutp)) >= 0) >+ break; >+ if (errno != EAGAIN && errno != EINTR) >+ break; >+ if (packet_timeout_ms == -1) >+ continue; >+ ms_subtract_diff(&start, &ms_remain); >+ if (ms_remain <= 0) { >+ ret = 0; >+ break; >+ } >+ } >+ if (ret == 0) { >+ logit("Connection to %.200s timed out while " >+ "waiting to write", get_remote_ipaddr()); >+ cleanup_exit(255); >+ } > packet_write_poll(); > } > xfree(setp); >Index: packet.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/packet.h,v >retrieving revision 1.45 >diff -u -p -r1.45 packet.h >--- packet.h 25 Mar 2006 22:22:43 -0000 1.45 >+++ packet.h 20 Jan 2008 01:14:36 -0000 >@@ -21,6 +21,7 @@ > #include <openssl/bn.h> > > void packet_set_connection(int, int); >+void packet_set_timeout(int, int); > void packet_set_nonblocking(void); > int packet_get_connection_in(void); > int packet_get_connection_out(void); >Index: sshconnect.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshconnect.c,v >retrieving revision 1.203 >diff -u -p -r1.203 sshconnect.c >--- sshconnect.c 27 Dec 2007 14:22:08 -0000 1.203 >+++ sshconnect.c 20 Jan 2008 01:14:36 -0000 >@@ -64,23 +64,6 @@ extern pid_t proxy_command_pid; > static int show_other_keys(const char *, Key *); > static void warn_changed_key(Key *); > >-static void >-ms_subtract_diff(struct timeval *start, int *ms) >-{ >- struct timeval diff, finish; >- >- gettimeofday(&finish, NULL); >- timersub(&finish, start, &diff); >- *ms -= (diff.tv_sec * 1000) + (diff.tv_usec / 1000); >-} >- >-static void >-ms_to_timeval(struct timeval *tv, int ms) >-{ >- tv->tv_sec = ms / 1000; >- tv->tv_usec = (ms % 1000) * 1000; >-} >- > /* > * Connect to the given ssh server using a proxy command. > */ >@@ -165,6 +148,8 @@ ssh_proxy_connect(const char *host, u_sh > > /* Set the connection file descriptors. */ > packet_set_connection(pout[0], pin[1]); >+ packet_set_timeout(options.server_alive_interval, >+ options.server_alive_count_max); > > /* Indicate OK return */ > return 0; >@@ -409,6 +394,8 @@ ssh_connect(const char *host, struct soc > > /* Set the connection. */ > packet_set_connection(sock, sock); >+ packet_set_timeout(options.server_alive_interval, >+ options.server_alive_count_max); > > return 0; > } >Index: sshd.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshd.c,v >retrieving revision 1.353 >diff -u -p -r1.353 sshd.c >--- sshd.c 31 Dec 2007 15:27:04 -0000 1.353 >+++ sshd.c 20 Jan 2008 01:14:37 -0000 >@@ -1725,6 +1725,9 @@ main(int ac, char **av) > destroy_sensitive_data(); > } > >+ packet_set_timeout(options.client_alive_interval, >+ options.client_alive_count_max); >+ > /* Start session. */ > do_authenticated(authctxt); >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1446">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
dtucker
:
ok+
Actions:
View
Attachments on
bug 1363
:
1348
|
1350
|
1351
| 1446