Recent Padlock changes break ssh
Patrick Lamaizière
patfbsd at davenulle.org
Thu Jul 31 15:45:39 UTC 2008
Le Thu, 31 Jul 2008 15:21:36 +0200,
Pawel Jakub Dawidek <pjd at FreeBSD.org> a écrit :
Hello,
> > I think that one problem is that the session id (ses->ses_id) is not
> > updated when a free session is reused. The session id is set to
> > zero by bzero() in padlock_freesession(). So we can have several
> > active sessions with the same ses->ses_id == 0 if the sessions are
> > reused.
>
> Great catch! What do you think about using old sessid? I think it's ok
> to do so and a bit safer, because session ID is only 32bit long so we
> may get collision once we start from 0 again.
I agree, so just:
padlock_freession()
padlock_hash_free(ses);
bzero(ses, sizeof(*ses));
ses->ses_used = 0;
+ ses->ses_id = sid;
TAILQ_INSERT_HEAD(&sc->sc_sessions, ses, ses_next);
I've made some tests with ipsec and openssl on the glxsb driver (it
is quite the same code) and it looks good.
Regards.
More information about the freebsd-current
mailing list