Make integrity tests more robust against timeouts in the case where the first test in a series for a given MAC happens to modify the low bytes of a packet length.

author: Colin Watson <cjwatson@debian.org> 2017-01-01 15:29:51 +0000
committer: Colin Watson <cjwatson@debian.org> 2017-01-01 15:30:35 +0000
commit: ce9e13003462453fe28ff11ade8abe70468bbb94 (patch)
tree: 0a914b3d5f5b77145439a6a51a7a2c7ee91537df /debian/patches/regress-integrity-robust.patch
parent: fb685a2e51057d965305da7ce2f0234e5c3a1017 (diff)
parent: ada7edd8b4ec246a0c1c283c5e5956f09d503fbd (diff)
1 files changed, 57 insertions, 0 deletions
diff --git a/debian/patches/regress-integrity-robust.patch b/debian/patches/regress-integrity-robust.patch
new file mode 100644
index 000000000..92b5ae5fc
--- /dev/null
+++ b/debian/patches/regress-integrity-robust.patch
@@ -0,0 +1,57 @@
+From ada7edd8b4ec246a0c1c283c5e5956f09d503fbd Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Sun, 1 Jan 2017 15:21:10 +0000
+Subject: Make integrity tests more robust against timeouts
+If the first test in a series for a given MAC happens to modify the low
+bytes of a packet length, then ssh will time out and this will be
+interpreted as a test failure.  Handle this failure mode.
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2658
+Patch-Name: regress-integrity-robust.patch
+Last-Update: 2017-01-01
+---
+ regress/integrity.sh | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+diff --git a/regress/integrity.sh b/regress/integrity.sh
+index 39d310de..fd7d58bc 100644
+--- a/regress/integrity.sh
+++ b/regress/integrity.sh
+@@ -5,8 +5,6 @@ tid="integrity"
+ cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
+ 
+ # start at byte 2900 (i.e. after kex) and corrupt at different offsets
+-# XXX the test hangs if we modify the low bytes of the packet length
+-# XXX and ssh tries to read...
+ tries=10
+ startoffset=2900
+ macs=`${SSH} -Q mac`
+@@ -27,6 +25,7 @@ for m in $macs; do
+        elen=0
+        epad=0
+        emac=0
+       etmo=0
+        ecnt=0
+        skip=0
+        for off in `jot $tries $startoffset`; do
+@@ -61,14 +60,16 @@ for m in $macs; do
+                Corrupted?MAC* | *message?authentication?code?incorrect*)
+                                emac=`expr $emac + 1`; skip=0;;
+                padding*)       epad=`expr $epad + 1`; skip=0;;
+               *Timeout,?server*)
+                               etmo=`expr $etmo + 1`; skip=0;;
+                *)              fail "unexpected error mac $m at $off: $out";;
+                esac
+        done
+-       verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen"
+       verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen timeout $etmo"
+        if [ $emac -eq 0 ]; then
+                fail "$m: no mac errors"
+        fi
+-       expect=`expr $ecnt - $epad - $elen`
+       expect=`expr $ecnt - $epad - $elen - $etmo`
+        if [ $emac -ne $expect ]; then
+                fail "$m: expected $expect mac errors, got $emac"
+        fi
author	Colin Watson <cjwatson@debian.org>	2017-01-01 15:29:51 +0000
committer	Colin Watson <cjwatson@debian.org>	2017-01-01 15:30:35 +0000
commit	ce9e13003462453fe28ff11ade8abe70468bbb94 (patch)
tree	0a914b3d5f5b77145439a6a51a7a2c7ee91537df /debian/patches/regress-integrity-robust.patch
parent	fb685a2e51057d965305da7ce2f0234e5c3a1017 (diff)
parent	ada7edd8b4ec246a0c1c283c5e5956f09d503fbd (diff)

diff --git a/debian/patches/regress-integrity-robust.patch b/debian/patches/regress-integrity-robust.patch new file mode 100644 index 000000000..92b5ae5fc --- /dev/null +++ b/debian/patches/regress-integrity-robust.patch
@@ -0,0 +1,57 @@
	1	From ada7edd8b4ec246a0c1c283c5e5956f09d503fbd Mon Sep 17 00:00:00 2001
	2	From: Colin Watson <cjwatson@debian.org>
	3	Date: Sun, 1 Jan 2017 15:21:10 +0000
	4	Subject: Make integrity tests more robust against timeouts
	5
	6	If the first test in a series for a given MAC happens to modify the low
	7	bytes of a packet length, then ssh will time out and this will be
	8	interpreted as a test failure. Handle this failure mode.
	9
	10	Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2658
	11	Patch-Name: regress-integrity-robust.patch
	12
	13	Last-Update: 2017-01-01
	14	---
	15	regress/integrity.sh \| 9 +++++----
	16	1 file changed, 5 insertions(+), 4 deletions(-)
	17
	18	diff --git a/regress/integrity.sh b/regress/integrity.sh
	19	index 39d310de..fd7d58bc 100644
	20	--- a/regress/integrity.sh
	21	+++ b/regress/integrity.sh
	22	@@ -5,8 +5,6 @@ tid="integrity"
	23	cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
	24
	25	# start at byte 2900 (i.e. after kex) and corrupt at different offsets
	26	-# XXX the test hangs if we modify the low bytes of the packet length
	27	-# XXX and ssh tries to read...
	28	tries=10
	29	startoffset=2900
	30	macs=`${SSH} -Q mac`
	31	@@ -27,6 +25,7 @@ for m in $macs; do
	32	elen=0
	33	epad=0
	34	emac=0
	35	+ etmo=0
	36	ecnt=0
	37	skip=0
	38	for off in `jot $tries $startoffset`; do
	39	@@ -61,14 +60,16 @@ for m in $macs; do
	40	Corrupted?MAC* \| message?authentication?code?incorrect)
	41	emac=`expr $emac + 1`; skip=0;;
	42	padding*) epad=`expr $epad + 1`; skip=0;;
	43	+ Timeout,?server)
	44	+ etmo=`expr $etmo + 1`; skip=0;;
	45	*) fail "unexpected error mac $m at $off: $out";;
	46	esac
	47	done
	48	- verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen"
	49	+ verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen timeout $etmo"
	50	if [ $emac -eq 0 ]; then
	51	fail "$m: no mac errors"
	52	fi
	53	- expect=`expr $ecnt - $epad - $elen`
	54	+ expect=`expr $ecnt - $epad - $elen - $etmo`
	55	if [ $emac -ne $expect ]; then
	56	fail "$m: expected $expect mac errors, got $emac"
	57	fi