Make integrity tests more robust against timeouts

If the first test in a series for a given MAC happens to modify the low
bytes of a packet length, then ssh will time out and this will be
interpreted as a test failure.  Handle this failure mode.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2658
Patch-Name: regress-integrity-robust.patch

Last-Update: 2017-01-01

1 files changed, 5 insertions, 4 deletions

diff --git a/regress/integrity.sh b/regress/integrity.sh
index 39d310deb..fd7d58bcb 100644
--- a/regress/integrity.sh
+++ b/regress/integrity.sh
@@ -5,8 +5,6 @@ tid="integrity"
 cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
 
 # start at byte 2900 (i.e. after kex) and corrupt at different offsets
-# XXX the test hangs if we modify the low bytes of the packet length
-# XXX and ssh tries to read...
 tries=10
 startoffset=2900
 macs=`${SSH} -Q mac`
@@ -27,6 +25,7 @@ for m in $macs; do
         elen=0
         epad=0
         emac=0
+        etmo=0
         ecnt=0
         skip=0
         for off in `jot $tries $startoffset`; do
@@ -61,14 +60,16 @@ for m in $macs; do
                 Corrupted?MAC* | *message?authentication?code?incorrect*)
                                 emac=`expr $emac + 1`; skip=0;;
                 padding*)       epad=`expr $epad + 1`; skip=0;;
+                *Timeout,?server*)
+                                etmo=`expr $etmo + 1`; skip=0;;
                 *)              fail "unexpected error mac $m at $off: $out";;
                 esac
         done
-        verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen"
+        verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen timeout $etmo"
         if [ $emac -eq 0 ]; then
                 fail "$m: no mac errors"
         fi
-        expect=`expr $ecnt - $epad - $elen`
+        expect=`expr $ecnt - $epad - $elen - $etmo`
         if [ $emac -ne $expect ]; then
                 fail "$m: expected $expect mac errors, got $emac"
         fi