Recent Padlock changes break ssh
Pawel Jakub Dawidek
pjd at FreeBSD.org
Thu Jul 31 13:21:38 UTC 2008
On Thu, Jul 31, 2008 at 12:32:46PM +0200, Patrick Lamaizi?re wrote:
> Le Tue, 22 Jul 2008 10:14:49 +0200,
> Pawel Jakub Dawidek <pjd at FreeBSD.org> a écrit :
>
> Hello,
>
> > Could you try this patch? Those are the only changes that could
> > eventually change the behaviour.
> >
> > http://people.freebsd.org/~pjd/patches/padlock.c.patch
> >
>
> I think that one problem is that the session id (ses->ses_id) is not
> updated when a free session is reused. The session id is set to zero by
> bzero() in padlock_freesession(). So we can have several active
> sessions with the same ses->ses_id == 0 if the sessions are reused.
Great catch! What do you think about using old sessid? I think it's ok
to do so and a bit safer, because session ID is only 32bit long so we
may get collision once we start from 0 again.
> padlock_freession()
> padlock_hash_free(ses);
> bzero(ses, sizeof(*ses));
> ses->ses_used = 0;
> TAILQ_INSERT_HEAD(&sc->sc_sessions, ses, ses_next);
>
> and in padlock_newsession()
> /*
> * Free sessions goes first, so if first session is used, we
> need to
> * allocate one.
> */
> ses = TAILQ_FIRST(&sc->sc_sessions);
> if (ses == NULL || ses->ses_used)
> ses = NULL;
> else {
> TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
> ses->ses_used = 1;
> + ses->ses_id = sc->sc_sid++;
> TAILQ_INSERT_TAIL(&sc->sc_sessions, ses, ses_next);
I'd replace 'sc->sc_sid++' with 'sid'.
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20080731/86661077/attachment.pgp
More information about the freebsd-current
mailing list