From 4abde771b73f3a54780ff3dedf59f57f94298870 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 29 Dec 2007 02:43:51 +1100 Subject: - dtucker@cvs.openbsd.org 2007/12/27 14:22:08 [servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c sshd.c] Add a small helper function to consistently handle the EAI_SYSTEM error code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417. ok markus@ stevesk@ --- misc.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'misc.h') diff --git a/misc.h b/misc.h index f175b4426..be05e806b 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.36 2006/08/18 10:27:16 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.37 2007/12/27 14:22:08 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -35,6 +35,7 @@ char *tohex(const void *, size_t); void sanitise_stdfd(void); struct passwd *pwcopy(struct passwd *); +const char *ssh_gai_strerror(int); typedef struct arglist arglist; struct arglist { -- cgit v1.2.3 From 3fc464efdc5111334f42213891521fcd42c0e7a1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 13 Jun 2008 06:42:45 +1000 Subject: - dtucker@cvs.openbsd.org 2008/06/12 20:38:28 [sshd.c sshconnect.c packet.h misc.c misc.h packet.c] Make keepalive timeouts apply while waiting for a packet, particularly during key renegotiation (bz #1363). With djm and Matt Day, ok djm@ --- ChangeLog | 6 ++++- misc.c | 22 +++++++++++++++- misc.h | 4 ++- packet.c | 85 +++++++++++++++++++++++++++++++++++++++++++++++++++++------- packet.h | 3 ++- sshconnect.c | 23 ++++------------ sshd.c | 5 +++- 7 files changed, 116 insertions(+), 32 deletions(-) (limited to 'misc.h') diff --git a/ChangeLog b/ChangeLog index a68559b66..e3f68e504 100644 --- a/ChangeLog +++ b/ChangeLog @@ -118,6 +118,10 @@ - jmc@cvs.openbsd.org 2008/06/12 19:10:09 [ssh_config.5 ssh-keygen.1] tweak the ascii art text; ok grunk + - dtucker@cvs.openbsd.org 2008/06/12 20:38:28 + [sshd.c sshconnect.c packet.h misc.c misc.h packet.c] + Make keepalive timeouts apply while waiting for a packet, particularly + during key renegotiation (bz #1363). With djm and Matt Day, ok djm@ - (dtucker) [clientloop.c serverloop.c] channel_register_filter now takes 2 more args. with djm@ @@ -4282,4 +4286,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4987 2008/06/12 19:18:03 dtucker Exp $ +$Id: ChangeLog,v 1.4988 2008/06/12 20:42:45 dtucker Exp $ diff --git a/misc.c b/misc.c index b4fe489af..01986e8c1 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.67 2008/01/01 08:47:04 dtucker Exp $ */ +/* $OpenBSD: misc.c,v 1.68 2008/06/12 20:38:28 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -832,3 +832,23 @@ put_u16(void *vp, u_int16_t v) p[0] = (u_char)(v >> 8) & 0xff; p[1] = (u_char)v & 0xff; } + +void +ms_subtract_diff(struct timeval *start, int *ms) +{ + struct timeval diff, finish; + + gettimeofday(&finish, NULL); + timersub(&finish, start, &diff); + *ms -= (diff.tv_sec * 1000) + (diff.tv_usec / 1000); +} + +void +ms_to_timeval(struct timeval *tv, int ms) +{ + if (ms < 0) + ms = 0; + tv->tv_sec = ms / 1000; + tv->tv_usec = (ms % 1000) * 1000; +} + diff --git a/misc.h b/misc.h index be05e806b..5da170d2f 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.37 2007/12/27 14:22:08 dtucker Exp $ */ +/* $OpenBSD: misc.h,v 1.38 2008/06/12 20:38:28 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -33,6 +33,8 @@ char *tilde_expand_filename(const char *, uid_t); char *percent_expand(const char *, ...) __attribute__((__sentinel__)); char *tohex(const void *, size_t); void sanitise_stdfd(void); +void ms_subtract_diff(struct timeval *, int *); +void ms_to_timeval(struct timeval *, int); struct passwd *pwcopy(struct passwd *); const char *ssh_gai_strerror(int); diff --git a/packet.c b/packet.c index c0e91b2d6..9fd43ec68 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.153 2008/05/19 06:14:02 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.154 2008/06/12 20:38:28 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -138,6 +138,9 @@ static int after_authentication = 0; int keep_alive_timeouts = 0; +/* Set to the maximum time that we will wait to send or receive a packet */ +static int packet_timeout_ms = -1; + /* Session key information for Encryption and MAC */ Newkeys *newkeys[MODE_MAX]; static struct packet_state { @@ -191,6 +194,19 @@ packet_set_connection(int fd_in, int fd_out) } } +void +packet_set_timeout(int timeout, int count) +{ + if (timeout == 0 || count == 0) { + packet_timeout_ms = -1; + return; + } + if ((INT_MAX / 1000) / count < timeout) + packet_timeout_ms = INT_MAX; + else + packet_timeout_ms = timeout * count * 1000; +} + /* Returns 1 if remote host is connected via socket, 0 if not. */ int @@ -891,10 +907,11 @@ packet_send(void) int packet_read_seqnr(u_int32_t *seqnr_p) { - int type, len; + int type, len, ret, ms_remain; fd_set *setp; char buf[8192]; DBG(debug("packet_read()")); + struct timeval timeout, start, *timeoutp = NULL; setp = (fd_set *)xcalloc(howmany(connection_in+1, NFDBITS), sizeof(fd_mask)); @@ -925,11 +942,34 @@ packet_read_seqnr(u_int32_t *seqnr_p) sizeof(fd_mask)); FD_SET(connection_in, setp); + if (packet_timeout_ms > 0) { + ms_remain = packet_timeout_ms; + timeoutp = &timeout; + } /* Wait for some data to arrive. */ - while (select(connection_in + 1, setp, NULL, NULL, NULL) == -1 && - (errno == EAGAIN || errno == EINTR)) - ; - + for (;;) { + if (packet_timeout_ms != -1) { + ms_to_timeval(&timeout, ms_remain); + gettimeofday(&start, NULL); + } + if ((ret = select(connection_in + 1, setp, NULL, + NULL, timeoutp)) >= 0) + break; + if (errno != EAGAIN && errno != EINTR) + break; + if (packet_timeout_ms == -1) + continue; + ms_subtract_diff(&start, &ms_remain); + if (ms_remain <= 0) { + ret = 0; + break; + } + } + if (ret == 0) { + logit("Connection to %.200s timed out while " + "waiting to read", get_remote_ipaddr()); + cleanup_exit(255); + } /* Read data from the socket. */ len = read(connection_in, buf, sizeof(buf)); if (len == 0) { @@ -1452,6 +1492,8 @@ void packet_write_wait(void) { fd_set *setp; + int ret, ms_remain; + struct timeval start, timeout, *timeoutp = NULL; setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS), sizeof(fd_mask)); @@ -1460,9 +1502,34 @@ packet_write_wait(void) memset(setp, 0, howmany(connection_out + 1, NFDBITS) * sizeof(fd_mask)); FD_SET(connection_out, setp); - while (select(connection_out + 1, NULL, setp, NULL, NULL) == -1 && - (errno == EAGAIN || errno == EINTR)) - ; + + if (packet_timeout_ms > 0) { + ms_remain = packet_timeout_ms; + timeoutp = &timeout; + } + for (;;) { + if (packet_timeout_ms != -1) { + ms_to_timeval(&timeout, ms_remain); + gettimeofday(&start, NULL); + } + if ((ret = select(connection_out + 1, NULL, setp, + NULL, timeoutp)) >= 0) + break; + if (errno != EAGAIN && errno != EINTR) + break; + if (packet_timeout_ms == -1) + continue; + ms_subtract_diff(&start, &ms_remain); + if (ms_remain <= 0) { + ret = 0; + break; + } + } + if (ret == 0) { + logit("Connection to %.200s timed out while " + "waiting to write", get_remote_ipaddr()); + cleanup_exit(255); + } packet_write_poll(); } xfree(setp); diff --git a/packet.h b/packet.h index 927e0831c..fd4e1ac7a 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.47 2008/05/08 06:59:01 markus Exp $ */ +/* $OpenBSD: packet.h,v 1.48 2008/06/12 20:38:28 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -21,6 +21,7 @@ #include void packet_set_connection(int, int); +void packet_set_timeout(int, int); void packet_set_nonblocking(void); int packet_get_connection_in(void); int packet_get_connection_out(void); diff --git a/sshconnect.c b/sshconnect.c index 7602da340..c99874285 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.206 2008/06/12 00:13:55 grunk Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.207 2008/06/12 20:38:28 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -77,23 +77,6 @@ extern pid_t proxy_command_pid; static int show_other_keys(const char *, Key *); static void warn_changed_key(Key *); -static void -ms_subtract_diff(struct timeval *start, int *ms) -{ - struct timeval diff, finish; - - gettimeofday(&finish, NULL); - timersub(&finish, start, &diff); - *ms -= (diff.tv_sec * 1000) + (diff.tv_usec / 1000); -} - -static void -ms_to_timeval(struct timeval *tv, int ms) -{ - tv->tv_sec = ms / 1000; - tv->tv_usec = (ms % 1000) * 1000; -} - /* * Connect to the given ssh server using a proxy command. */ @@ -178,6 +161,8 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) /* Set the connection file descriptors. */ packet_set_connection(pout[0], pin[1]); + packet_set_timeout(options.server_alive_interval, + options.server_alive_count_max); /* Indicate OK return */ return 0; @@ -422,6 +407,8 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, /* Set the connection. */ packet_set_connection(sock, sock); + packet_set_timeout(options.server_alive_interval, + options.server_alive_count_max); return 0; } diff --git a/sshd.c b/sshd.c index 3e03a8e18..f9b87ea1c 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.359 2008/06/10 08:17:40 jmc Exp $ */ +/* $OpenBSD: sshd.c,v 1.360 2008/06/12 20:38:28 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1903,6 +1903,9 @@ main(int ac, char **av) destroy_sensitive_data(); } + packet_set_timeout(options.client_alive_interval, + options.client_alive_count_max); + /* Start session. */ do_authenticated(authctxt); -- cgit v1.2.3