summaryrefslogtreecommitdiff
path: root/debian/patches/regress-integrity-robust.patch
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2017-01-01 15:29:51 +0000
committerColin Watson <cjwatson@debian.org>2017-01-01 15:30:35 +0000
commitce9e13003462453fe28ff11ade8abe70468bbb94 (patch)
tree0a914b3d5f5b77145439a6a51a7a2c7ee91537df /debian/patches/regress-integrity-robust.patch
parentfb685a2e51057d965305da7ce2f0234e5c3a1017 (diff)
parentada7edd8b4ec246a0c1c283c5e5956f09d503fbd (diff)
Make integrity tests more robust against timeouts in the case where the first test in a series for a given MAC happens to modify the low bytes of a packet length.
Diffstat (limited to 'debian/patches/regress-integrity-robust.patch')
-rw-r--r--debian/patches/regress-integrity-robust.patch57
1 files changed, 57 insertions, 0 deletions
diff --git a/debian/patches/regress-integrity-robust.patch b/debian/patches/regress-integrity-robust.patch
new file mode 100644
index 000000000..92b5ae5fc
--- /dev/null
+++ b/debian/patches/regress-integrity-robust.patch
@@ -0,0 +1,57 @@
1From ada7edd8b4ec246a0c1c283c5e5956f09d503fbd Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 1 Jan 2017 15:21:10 +0000
4Subject: Make integrity tests more robust against timeouts
5
6If the first test in a series for a given MAC happens to modify the low
7bytes of a packet length, then ssh will time out and this will be
8interpreted as a test failure. Handle this failure mode.
9
10Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2658
11Patch-Name: regress-integrity-robust.patch
12
13Last-Update: 2017-01-01
14---
15 regress/integrity.sh | 9 +++++----
16 1 file changed, 5 insertions(+), 4 deletions(-)
17
18diff --git a/regress/integrity.sh b/regress/integrity.sh
19index 39d310de..fd7d58bc 100644
20--- a/regress/integrity.sh
21+++ b/regress/integrity.sh
22@@ -5,8 +5,6 @@ tid="integrity"
23 cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
24
25 # start at byte 2900 (i.e. after kex) and corrupt at different offsets
26-# XXX the test hangs if we modify the low bytes of the packet length
27-# XXX and ssh tries to read...
28 tries=10
29 startoffset=2900
30 macs=`${SSH} -Q mac`
31@@ -27,6 +25,7 @@ for m in $macs; do
32 elen=0
33 epad=0
34 emac=0
35+ etmo=0
36 ecnt=0
37 skip=0
38 for off in `jot $tries $startoffset`; do
39@@ -61,14 +60,16 @@ for m in $macs; do
40 Corrupted?MAC* | *message?authentication?code?incorrect*)
41 emac=`expr $emac + 1`; skip=0;;
42 padding*) epad=`expr $epad + 1`; skip=0;;
43+ *Timeout,?server*)
44+ etmo=`expr $etmo + 1`; skip=0;;
45 *) fail "unexpected error mac $m at $off: $out";;
46 esac
47 done
48- verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen"
49+ verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen timeout $etmo"
50 if [ $emac -eq 0 ]; then
51 fail "$m: no mac errors"
52 fi
53- expect=`expr $ecnt - $epad - $elen`
54+ expect=`expr $ecnt - $epad - $elen - $etmo`
55 if [ $emac -ne $expect ]; then
56 fail "$m: expected $expect mac errors, got $emac"
57 fi