From 9731aba4aa68d6975e35b7813444aa6e35006a75 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Mar 16 2012 18:59:04 +0000 Subject: fix libssh2 failing key re-exchange when write channel is saturated (#804155) --- diff --git a/libssh2-1.2.7-bz804155.patch b/libssh2-1.2.7-bz804155.patch new file mode 100644 index 0000000..92939c4 --- /dev/null +++ b/libssh2-1.2.7-bz804155.patch @@ -0,0 +1,55 @@ +transport_send: Finish in-progress key exchange before sending data + +Backport of upstream commit cc4f9d5679278ce41cd5480fab3f5e71dba163ed + +_libssh2_channel_write() first reads outstanding packets before writing new +data. If it reads a key exchange request, it will immediately start key +re-exchange, which will require sending a response. If the output socket is +full, this will result in a return from _libssh2_transport_read() of +LIBSSH2_ERROR_EAGAIN. In order not to block a write because there is no data to +read, this error is explicitly ignored and the code continues marshalling a +packet for sending. When it is sent, the remote end immediately drops the +connection because it was expecting a continuation of the key exchange, but got +a data packet. + +This change adds the same check for key exchange to _libssh2_transport_write() +that is in _libssh2_transport_read(). This ensures that key exchange is +completed before any data packet is sent. + +diff -up libssh2-1.2.7/src/transport.c.bz804155 libssh2-1.2.7/src/transport.c +--- libssh2-1.2.7/src/transport.c.bz804155 ++++ libssh2-1.2.7/src/transport.c +@@ -312,7 +312,7 @@ int _libssh2_transport_read(LIBSSH2_SESS + * is done! + */ + _libssh2_debug(session, LIBSSH2_TRACE_TRANS, "Redirecting into the" +- " key re-exchange"); ++ " key re-exchange from _libssh2_transport_read"); + rc = _libssh2_kex_exchange(session, 1, &session->startup_key_state); + if (rc) + return rc; +@@ -718,6 +718,24 @@ _libssh2_transport_write(LIBSSH2_SESSION + unsigned char *orgdata = data; + size_t orgdata_len = data_len; + ++ /* ++ * If the last read operation was interrupted in the middle of a key ++ * exchange, we must complete that key exchange before continuing to write ++ * further data. ++ * ++ * See the similar block in _libssh2_transport_read for more details. ++ */ ++ if (session->state & LIBSSH2_STATE_EXCHANGING_KEYS && ++ !(session->state & LIBSSH2_STATE_KEX_ACTIVE)) { ++ /* Don't write any new packets if we're still in the middle of a key ++ * exchange. */ ++ _libssh2_debug(session, LIBSSH2_TRACE_TRANS, "Redirecting into the" ++ " key re-exchange from _libssh2_transport_write"); ++ rc = _libssh2_kex_exchange(session, 1, &session->startup_key_state); ++ if (rc) ++ return rc; ++ } ++ + debugdump(session, "libssh2_transport_write plain", data, data_len); + + /* FIRST, check if we have a pending write to complete */ diff --git a/libssh2.spec b/libssh2.spec index 90d172e..42ef520 100644 --- a/libssh2.spec +++ b/libssh2.spec @@ -1,6 +1,6 @@ Name: libssh2 Version: 1.2.7 -Release: 3%{?dist} +Release: 4%{?dist} Summary: A library implementing the SSH2 protocol Group: System Environment/Libraries @@ -8,6 +8,7 @@ License: BSD URL: http://www.libssh2.org Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz Patch0: libssh2-1.2.7-bz802382.patch +Patch1: libssh2-1.2.7-bz804155.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel @@ -49,6 +50,9 @@ developing applications that use %{name}. # avoid a crash of curl when downloading large files using SFTP (#802382) %patch0 -p1 +# fix libssh2 failing key re-exchange when write channel is saturated (#804155) +%patch1 -p1 + # make sure things are UTF-8... for i in ChangeLog NEWS ; do iconv --from=ISO-8859-1 --to=UTF-8 $i > new @@ -116,10 +120,13 @@ rm -rf %{buildroot} %{_libdir}/pkgconfig/* %changelog +* Fri Mar 16 2012 Paul Howarth 1.2.7-4 +- fix libssh2 failing key re-exchange when write channel is saturated (#804155) + * Mon Mar 12 2012 Kamil Dudka 1.2.7-3 - avoid a crash of curl when downloading large files using SFTP (#802382) -* Sat Jun 25 2011 Dennis Gilmore - 1.2.7-2 +* Sat Jun 25 2011 Dennis Gilmore 1.2.7-2 - sshd/loopback test fails in the sparc buildsystem * Tue Oct 12 2010 Kamil Dudka 1.2.7-1