1 files changed, 11 insertions, 20 deletions
diff --git a/serverloop.c b/serverloop.c
index 68f0251a1..830f88562 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.178 2015/02/20 22:17:21 djm Exp $ */
+/* $OpenBSD: serverloop.c,v 1.182 2016/02/08 10:57:07 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -78,7 +78,6 @@
 #include "dispatch.h"
 #include "auth-options.h"
 #include "serverloop.h"
-#include "roaming.h"
 #include "ssherr.h"
 extern ServerOptions options;
@@ -399,11 +398,8 @@ process_input(fd_set *readset)
        /* Read and buffer any input data from the client. */
        if (FD_ISSET(connection_in, readset)) {
-                int cont = 0;
+                len = read(connection_in, buf, sizeof(buf));
-                len = roaming_read(connection_in, buf, sizeof(buf), &cont);
                if (len == 0) {
-                        if (cont)
-                                return;
                        verbose("Connection closed by %.100s",
                            get_remote_ipaddr());
                        connection_closed = 1;
@@ -824,7 +820,7 @@ void
 server_loop2(Authctxt *authctxt)
 {
        fd_set *readset = NULL, *writeset = NULL;
-        int rekeying = 0, max_fd;
+        int max_fd;
        u_int nalloc = 0;
        u_int64_t rekey_timeout_ms = 0;
@@ -851,11 +847,11 @@ server_loop2(Authctxt *authctxt)
        for (;;) {
                process_buffered_input_packets();
-                rekeying = (active_state->kex != NULL && !active_state->kex->done);
+                if (!ssh_packet_is_rekeying(active_state) &&
+                    packet_not_very_much_data_to_write())
-                if (!rekeying && packet_not_very_much_data_to_write())
                        channel_output_poll();
-                if (options.rekey_interval > 0 && compat20 && !rekeying)
+                if (options.rekey_interval > 0 && compat20 &&
+                    !ssh_packet_is_rekeying(active_state))
                        rekey_timeout_ms = packet_get_rekey_timeout() * 1000;
                else
                        rekey_timeout_ms = 0;
@@ -870,14 +866,8 @@ server_loop2(Authctxt *authctxt)
                }
                collect_children();
-                if (!rekeying) {
+                if (!ssh_packet_is_rekeying(active_state))
                        channel_after_select(readset, writeset);
-                        if (packet_need_rekeying()) {
-                                debug("need rekeying");
-                                active_state->kex->done = 0;
-                                kex_send_kexinit(active_state);
-                        }
-                }
                process_input(readset);
                if (connection_closed)
                        break;
@@ -1201,7 +1191,7 @@ server_input_hostkeys_prove(struct sshbuf **respp)
                    ssh->kex->session_id, ssh->kex->session_id_len)) != 0 ||
                    (r = sshkey_puts(key, sigbuf)) != 0 ||
                    (r = ssh->kex->sign(key_prv, key_pub, &sig, &slen,
-                    sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), 0)) != 0 ||
+                    sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), NULL, 0)) != 0 ||
                    (r = sshbuf_put_string(resp, sig, slen)) != 0) {
                        error("%s: couldn't prepare signature: %s",
                            __func__, ssh_err(r));
@@ -1265,7 +1255,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
                free(fwd.listen_host);
                if ((resp = sshbuf_new()) == NULL)
                        fatal("%s: sshbuf_new", __func__);
-                if ((r = sshbuf_put_u32(resp, allocated_listen_port)) != 0)
+                if (allocated_listen_port != 0 &&
+                    (r = sshbuf_put_u32(resp, allocated_listen_port)) != 0)
                        fatal("%s: sshbuf_put_u32: %s", __func__, ssh_err(r));
        } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
                struct Forward fwd;

diff --git a/serverloop.c b/serverloop.c index 68f0251a1..830f88562 100644 --- a/serverloop.c +++ b/serverloop.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: serverloop.c,v 1.178 2015/02/20 22:17:21 djm Exp $ */	1	/* $OpenBSD: serverloop.c,v 1.182 2016/02/08 10:57:07 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -78,7 +78,6 @@
78	#include "dispatch.h"	78	#include "dispatch.h"
79	#include "auth-options.h"	79	#include "auth-options.h"
80	#include "serverloop.h"	80	#include "serverloop.h"
81	#include "roaming.h"
82	#include "ssherr.h"	81	#include "ssherr.h"
83		82
84	extern ServerOptions options;	83	extern ServerOptions options;
@@ -399,11 +398,8 @@ process_input(fd_set *readset)
399		398
400	/* Read and buffer any input data from the client. */	399	/* Read and buffer any input data from the client. */
401	if (FD_ISSET(connection_in, readset)) {	400	if (FD_ISSET(connection_in, readset)) {
402	int cont = 0;	401	len = read(connection_in, buf, sizeof(buf));
403	len = roaming_read(connection_in, buf, sizeof(buf), &cont);
404	if (len == 0) {	402	if (len == 0) {
405	if (cont)
406	return;
407	verbose("Connection closed by %.100s",	403	verbose("Connection closed by %.100s",
408	get_remote_ipaddr());	404	get_remote_ipaddr());
409	connection_closed = 1;	405	connection_closed = 1;
@@ -824,7 +820,7 @@ void
824	server_loop2(Authctxt *authctxt)	820	server_loop2(Authctxt *authctxt)
825	{	821	{
826	fd_set readset = NULL, writeset = NULL;	822	fd_set readset = NULL, writeset = NULL;
827	int rekeying = 0, max_fd;	823	int max_fd;
828	u_int nalloc = 0;	824	u_int nalloc = 0;
829	u_int64_t rekey_timeout_ms = 0;	825	u_int64_t rekey_timeout_ms = 0;
830		826
@@ -851,11 +847,11 @@ server_loop2(Authctxt *authctxt)
851	for (;;) {	847	for (;;) {
852	process_buffered_input_packets();	848	process_buffered_input_packets();
853		849
854	rekeying = (active_state->kex != NULL && !active_state->kex->done);	850	if (!ssh_packet_is_rekeying(active_state) &&
855		851	packet_not_very_much_data_to_write())
856	if (!rekeying && packet_not_very_much_data_to_write())
857	channel_output_poll();	852	channel_output_poll();
858	if (options.rekey_interval > 0 && compat20 && !rekeying)	853	if (options.rekey_interval > 0 && compat20 &&
		854	!ssh_packet_is_rekeying(active_state))
859	rekey_timeout_ms = packet_get_rekey_timeout() * 1000;	855	rekey_timeout_ms = packet_get_rekey_timeout() * 1000;
860	else	856	else
861	rekey_timeout_ms = 0;	857	rekey_timeout_ms = 0;
@@ -870,14 +866,8 @@ server_loop2(Authctxt *authctxt)
870	}	866	}
871		867
872	collect_children();	868	collect_children();
873	if (!rekeying) {	869	if (!ssh_packet_is_rekeying(active_state))
874	channel_after_select(readset, writeset);	870	channel_after_select(readset, writeset);
875	if (packet_need_rekeying()) {
876	debug("need rekeying");
877	active_state->kex->done = 0;
878	kex_send_kexinit(active_state);
879	}
880	}
881	process_input(readset);	871	process_input(readset);
882	if (connection_closed)	872	if (connection_closed)
883	break;	873	break;
@@ -1201,7 +1191,7 @@ server_input_hostkeys_prove(struct sshbuf **respp)
1201	ssh->kex->session_id, ssh->kex->session_id_len)) != 0 \|\|	1191	ssh->kex->session_id, ssh->kex->session_id_len)) != 0 \|\|
1202	(r = sshkey_puts(key, sigbuf)) != 0 \|\|	1192	(r = sshkey_puts(key, sigbuf)) != 0 \|\|
1203	(r = ssh->kex->sign(key_prv, key_pub, &sig, &slen,	1193	(r = ssh->kex->sign(key_prv, key_pub, &sig, &slen,
1204	sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), 0)) != 0 \|\|	1194	sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), NULL, 0)) != 0 \|\|
1205	(r = sshbuf_put_string(resp, sig, slen)) != 0) {	1195	(r = sshbuf_put_string(resp, sig, slen)) != 0) {
1206	error("%s: couldn't prepare signature: %s",	1196	error("%s: couldn't prepare signature: %s",
1207	__func__, ssh_err(r));	1197	__func__, ssh_err(r));
@@ -1265,7 +1255,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
1265	free(fwd.listen_host);	1255	free(fwd.listen_host);
1266	if ((resp = sshbuf_new()) == NULL)	1256	if ((resp = sshbuf_new()) == NULL)
1267	fatal("%s: sshbuf_new", __func__);	1257	fatal("%s: sshbuf_new", __func__);
1268	if ((r = sshbuf_put_u32(resp, allocated_listen_port)) != 0)	1258	if (allocated_listen_port != 0 &&
		1259	(r = sshbuf_put_u32(resp, allocated_listen_port)) != 0)
1269	fatal("%s: sshbuf_put_u32: %s", __func__, ssh_err(r));	1260	fatal("%s: sshbuf_put_u32: %s", __func__, ssh_err(r));
1270	} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {	1261	} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
1271	struct Forward fwd;	1262	struct Forward fwd;