Bugzilla – Attachment 2780 Details for
Bug 2521
subtract buffer size from computed rekey limit to avoid exceeding it
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Allow rekeylimits >4G.
rekeylimit-64bit.patch (text/plain), 6.51 KB, created by
Darren Tucker
on 2016-01-08 13:37:14 AEDT
(
hide
)
Description:
Allow rekeylimits >4G.
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2016-01-08 13:37:14 AEDT
Size:
6.51 KB
patch
obsolete
>Index: packet.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/packet.c,v >retrieving revision 1.221 >diff -u -p -r1.221 packet.c >--- packet.c 11 Dec 2015 04:21:12 -0000 1.221 >+++ packet.c 8 Jan 2016 02:34:06 -0000 >@@ -176,7 +176,7 @@ struct session_state { > > /* Volume-based rekeying */ > u_int64_t max_blocks_in, max_blocks_out; >- u_int32_t rekey_limit; >+ u_int64_t rekey_limit; > > /* Time-based rekeying */ > u_int32_t rekey_interval; /* how often in seconds */ >@@ -943,7 +943,10 @@ ssh_set_newkeys(struct ssh *ssh, int mod > max_blocks = &state->max_blocks_in; > } > if (state->newkeys[mode] != NULL) { >- debug("set_newkeys: rekeying"); >+ debug("set_newkeys: rekeying, input %llu bytes %llu blocks, " >+ "output %llu bytes %llu blocks", >+ state->p_read.bytes, state->p_read.blocks, >+ state->p_send.bytes, state->p_send.blocks); > if ((r = cipher_cleanup(cc)) != 0) > return r; > enc = &state->newkeys[mode]->enc; >@@ -1011,6 +1014,7 @@ ssh_set_newkeys(struct ssh *ssh, int mod > if (state->rekey_limit) > *max_blocks = MIN(*max_blocks, > state->rekey_limit / enc->block_size); >+ debug("rekey after %llu blocks", *max_blocks); > return 0; > } > >@@ -2252,9 +2256,9 @@ ssh_packet_need_rekeying(struct ssh *ssh > } > > void >-ssh_packet_set_rekey_limits(struct ssh *ssh, u_int32_t bytes, time_t seconds) >+ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds) > { >- debug3("rekey after %lld bytes, %d seconds", (long long)bytes, >+ debug3("rekey after %llu bytes, %d seconds", (unsigned long long)bytes, > (int)seconds); > ssh->state->rekey_limit = bytes; > ssh->state->rekey_interval = seconds; >@@ -2464,7 +2468,7 @@ ssh_packet_get_state(struct ssh *ssh, st > if ((r = kex_to_blob(m, ssh->kex)) != 0 || > (r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 || > (r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 || >- (r = sshbuf_put_u32(m, state->rekey_limit)) != 0 || >+ (r = sshbuf_put_u64(m, state->rekey_limit)) != 0 || > (r = sshbuf_put_u32(m, state->rekey_interval)) != 0 || > (r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 || > (r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 || >@@ -2649,7 +2653,7 @@ ssh_packet_set_state(struct ssh *ssh, st > if ((r = kex_from_blob(m, &ssh->kex)) != 0 || > (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 || > (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 || >- (r = sshbuf_get_u32(m, &state->rekey_limit)) != 0 || >+ (r = sshbuf_get_u64(m, &state->rekey_limit)) != 0 || > (r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 || > (r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 || > (r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 || >Index: packet.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/packet.h,v >retrieving revision 1.67 >diff -u -p -r1.67 packet.h >--- packet.h 11 Dec 2015 03:24:25 -0000 1.67 >+++ packet.h 8 Jan 2016 02:34:06 -0000 >@@ -132,7 +132,7 @@ const char *ssh_remote_ipaddr(struct ssh > int ssh_remote_port(struct ssh *); > > int ssh_packet_need_rekeying(struct ssh *); >-void ssh_packet_set_rekey_limits(struct ssh *, u_int32_t, time_t); >+void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, time_t); > time_t ssh_packet_get_rekey_timeout(struct ssh *); > > /* XXX FIXME */ >Index: readconf.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/readconf.c,v >retrieving revision 1.246 >diff -u -p -r1.246 readconf.c >--- readconf.c 15 Nov 2015 22:26:49 -0000 1.246 >+++ readconf.c 8 Jan 2016 02:34:06 -0000 >@@ -964,16 +964,12 @@ parse_time: > if (scan_scaled(arg, &val64) == -1) > fatal("%.200s line %d: Bad number '%s': %s", > filename, linenum, arg, strerror(errno)); >- /* check for too-large or too-small limits */ >- if (val64 > UINT_MAX) >- fatal("%.200s line %d: RekeyLimit too large", >- filename, linenum); > if (val64 != 0 && val64 < 16) > fatal("%.200s line %d: RekeyLimit too small", > filename, linenum); > } > if (*activep && options->rekey_limit == -1) >- options->rekey_limit = (u_int32_t)val64; >+ options->rekey_limit = val64; > if (s != NULL) { /* optional rekey interval present */ > if (strcmp(s, "none") == 0) { > (void)strdelim(&s); /* discard */ >@@ -2429,8 +2425,8 @@ dump_client_config(Options *o, const cha > printf("%s\n", iptos2str(o->ip_qos_bulk)); > > /* oRekeyLimit */ >- printf("rekeylimit %lld %d\n", >- (long long)o->rekey_limit, o->rekey_interval); >+ printf("rekeylimit %llu %d\n", >+ (unsigned long long)o->rekey_limit, o->rekey_interval); > > /* oStreamLocalBindMask */ > printf("streamlocalbindmask 0%o\n", >Index: servconf.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/servconf.c,v >retrieving revision 1.283 >diff -u -p -r1.283 servconf.c >--- servconf.c 13 Nov 2015 04:38:06 -0000 1.283 >+++ servconf.c 8 Jan 2016 02:34:06 -0000 >@@ -1278,16 +1278,12 @@ process_server_config_line(ServerOptions > if (scan_scaled(arg, &val64) == -1) > fatal("%.200s line %d: Bad number '%s': %s", > filename, linenum, arg, strerror(errno)); >- /* check for too-large or too-small limits */ >- if (val64 > UINT_MAX) >- fatal("%.200s line %d: RekeyLimit too large", >- filename, linenum); > if (val64 != 0 && val64 < 16) > fatal("%.200s line %d: RekeyLimit too small", > filename, linenum); > } > if (*activep && options->rekey_limit == -1) >- options->rekey_limit = (u_int32_t)val64; >+ options->rekey_limit = val64; > if (cp != NULL) { /* optional rekey interval present */ > if (strcmp(cp, "none") == 0) { > (void)strdelim(&cp); /* discard */ >@@ -2304,7 +2300,7 @@ dump_config(ServerOptions *o) > printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); > printf("%s\n", iptos2str(o->ip_qos_bulk)); > >- printf("rekeylimit %lld %d\n", (long long)o->rekey_limit, >+ printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit, > o->rekey_interval); > > channel_print_adm_permitted_opens(); >Index: sshd.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshd.c,v >retrieving revision 1.462 >diff -u -p -r1.462 sshd.c >--- sshd.c 10 Dec 2015 17:08:40 -0000 1.462 >+++ sshd.c 8 Jan 2016 02:34:06 -0000 >@@ -2387,7 +2387,7 @@ do_ssh2_kex(void) > } > > if (options.rekey_limit || options.rekey_interval) >- packet_set_rekey_limits((u_int32_t)options.rekey_limit, >+ packet_set_rekey_limits(options.rekey_limit, > (time_t)options.rekey_interval); > > myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2780">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
djm
:
ok+
Actions:
View
|
Diff
Attachments on
bug 2521
:
2778
|
2779
| 2780 |
2783