From ada7edd8b4ec246a0c1c283c5e5956f09d503fbd Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 1 Jan 2017 15:21:10 +0000 Subject: Make integrity tests more robust against timeouts If the first test in a series for a given MAC happens to modify the low bytes of a packet length, then ssh will time out and this will be interpreted as a test failure. Handle this failure mode. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2658 Patch-Name: regress-integrity-robust.patch Last-Update: 2017-01-01 --- regress/integrity.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/regress/integrity.sh b/regress/integrity.sh index 39d310de..fd7d58bc 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh @@ -5,8 +5,6 @@ tid="integrity" cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak # start at byte 2900 (i.e. after kex) and corrupt at different offsets -# XXX the test hangs if we modify the low bytes of the packet length -# XXX and ssh tries to read... tries=10 startoffset=2900 macs=`${SSH} -Q mac` @@ -27,6 +25,7 @@ for m in $macs; do elen=0 epad=0 emac=0 + etmo=0 ecnt=0 skip=0 for off in `jot $tries $startoffset`; do @@ -61,14 +60,16 @@ for m in $macs; do Corrupted?MAC* | *message?authentication?code?incorrect*) emac=`expr $emac + 1`; skip=0;; padding*) epad=`expr $epad + 1`; skip=0;; + *Timeout,?server*) + etmo=`expr $etmo + 1`; skip=0;; *) fail "unexpected error mac $m at $off: $out";; esac done - verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen" + verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen timeout $etmo" if [ $emac -eq 0 ]; then fail "$m: no mac errors" fi - expect=`expr $ecnt - $epad - $elen` + expect=`expr $ecnt - $epad - $elen - $etmo` if [ $emac -ne $expect ]; then fail "$m: expected $expect mac errors, got $emac" fi