diff options
author | dtucker@openbsd.org <dtucker@openbsd.org> | 2016-01-29 02:42:46 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-01-30 11:19:13 +1100 |
commit | c0060a65296f01d4634f274eee184c0e93ba0f23 (patch) | |
tree | ec96274d1b0ea383318f6e8608ba1d4f63e45858 /packet.c | |
parent | 44cf930e670488c85c9efeb373fa5f4b455692ac (diff) |
upstream commit
Account for packets buffered but not yet processed when
computing whether or not it is time to perform rekeying. bz#2521, based
loosely on a patch from olo at fb.com, ok djm@
Upstream-ID: 67e268b547f990ed220f3cb70a5624d9bda12b8c
Diffstat (limited to 'packet.c')
-rw-r--r-- | packet.c | 11 |
1 files changed, 8 insertions, 3 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.c,v 1.222 2016/01/14 16:17:40 markus Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.223 2016/01/29 02:42:46 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -2251,16 +2251,21 @@ int | |||
2251 | ssh_packet_need_rekeying(struct ssh *ssh) | 2251 | ssh_packet_need_rekeying(struct ssh *ssh) |
2252 | { | 2252 | { |
2253 | struct session_state *state = ssh->state; | 2253 | struct session_state *state = ssh->state; |
2254 | u_int32_t buf_in, buf_out; | ||
2254 | 2255 | ||
2255 | if (ssh->compat & SSH_BUG_NOREKEY) | 2256 | if (ssh->compat & SSH_BUG_NOREKEY) |
2256 | return 0; | 2257 | return 0; |
2258 | buf_in = roundup(sshbuf_len(state->input), | ||
2259 | state->newkeys[MODE_IN]->enc.block_size); | ||
2260 | buf_out = roundup(sshbuf_len(state->output), | ||
2261 | state->newkeys[MODE_OUT]->enc.block_size); | ||
2257 | return | 2262 | return |
2258 | (state->p_send.packets > MAX_PACKETS) || | 2263 | (state->p_send.packets > MAX_PACKETS) || |
2259 | (state->p_read.packets > MAX_PACKETS) || | 2264 | (state->p_read.packets > MAX_PACKETS) || |
2260 | (state->max_blocks_out && | 2265 | (state->max_blocks_out && |
2261 | (state->p_send.blocks > state->max_blocks_out)) || | 2266 | (state->p_send.blocks + buf_out > state->max_blocks_out)) || |
2262 | (state->max_blocks_in && | 2267 | (state->max_blocks_in && |
2263 | (state->p_read.blocks > state->max_blocks_in)) || | 2268 | (state->p_read.blocks + buf_in > state->max_blocks_in)) || |
2264 | (state->rekey_interval != 0 && state->rekey_time + | 2269 | (state->rekey_interval != 0 && state->rekey_time + |
2265 | state->rekey_interval <= monotime()); | 2270 | state->rekey_interval <= monotime()); |
2266 | } | 2271 | } |