Mailing List Archive: OpenSSH: Bugs

[Bug 1633] Race condition in ssh-agent AUTH_CONNECTION

Index | Next | Previous | View Threaded

bugzilla-daemon at bugzilla

Aug 18, 2009, 1:37 PM

Post #1 of 8 (1310 views)
Permalink

[Bug 1633] Race condition in ssh-agent AUTH_CONNECTION

https://bugzilla.mindrot.org/show_bug.cgi?id=1633

--- Comment #1 from Damien Miller <djm [at] mindrot> 2009-08-19 06:37:05 EST ---
Created an attachment (id=1670)
fall back to select() on read/write interruptions

Could you try to reproduce the problem with this patch applied?

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

bugzilla-daemon at bugzilla

Aug 18, 2009, 1:46 PM

Post #2 of 8 (1239 views)
Permalink

[Bug 1633] Race condition in ssh-agent AUTH_CONNECTION [In reply to]

https://bugzilla.mindrot.org/show_bug.cgi?id=1633

--- Comment #2 from Damien Miller <djm [at] mindrot> 2009-08-19 06:46:27 EST ---
... and here is a theory on how it occurs:

on a heavily loaded ssh-agent, we can create a new socket in the
ssh-agent.c:after_select() loop, via the AUTH_SOCKET case calling
new_socket(). This might increase sockets_alloc past the value it had
when execution enters after_select().

The for() loop in after_select() can therefore progress into sockets
that did not exist when select() and, critically, prepare_select() was
called. prepare_select() sizes and clears the fd_sets that select()
subsequently populates and after_select() tests.

So a new AUTH_CONNECTION socket whose creation increments sockets_alloc
can cause after_select to test past the end of the allocated fd_sets
and might (depending on what it finds) treat them as ready for reading.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

bugzilla-daemon at bugzilla

Aug 18, 2009, 1:50 PM

Post #3 of 8 (1239 views)
Permalink

[Bug 1633] Race condition in ssh-agent AUTH_CONNECTION [In reply to]

https://bugzilla.mindrot.org/show_bug.cgi?id=1633

Damien Miller <djm [at] mindrot> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #1670|0 |1
is obsolete| |

--- Comment #3 from Damien Miller <djm [at] mindrot> 2009-08-19 06:50:43 EST ---
Created an attachment (id=1671)
fix the root cause of the problem too

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

bugzilla-daemon at bugzilla

Aug 18, 2009, 1:51 PM

Post #4 of 8 (1256 views)
Permalink

[Bug 1633] Race condition in ssh-agent AUTH_CONNECTION [In reply to]

https://bugzilla.mindrot.org/show_bug.cgi?id=1633

Damien Miller <djm [at] mindrot> changed:

What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1626

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

bugzilla-daemon at bugzilla

Aug 18, 2009, 2:14 PM

Post #5 of 8 (1232 views)
Permalink

[Bug 1633] Race condition in ssh-agent AUTH_CONNECTION [In reply to]

https://bugzilla.mindrot.org/show_bug.cgi?id=1633

--- Comment #4 from noodle10000 [at] googlemail 2009-08-19 07:14:46 EST ---
Patch applied to the ssh-agent.c in openssh-5.2p1 (RCS revision 1.159).
I have now successfully run our scripts against 6000 hosts for the
first time, so it appears to have solved the issue.

I will be soak-testing over the next 48 hours and will update after
that.

(and thanks for the very quick response!)

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

bugzilla-daemon at bugzilla

Aug 26, 2009, 10:30 AM

Post #6 of 8 (1117 views)
Permalink

[Bug 1633] Race condition in ssh-agent AUTH_CONNECTION [In reply to]

https://bugzilla.mindrot.org/show_bug.cgi?id=1633

--- Comment #5 from Damien Miller <djm [at] mindrot> 2009-08-27 03:30:12 EST ---
Have you been able to reproduce the problem with patch #1671 applied?

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

bugzilla-daemon at bugzilla

Aug 27, 2009, 2:38 AM

Post #7 of 8 (1095 views)
Permalink

[Bug 1633] Race condition in ssh-agent AUTH_CONNECTION [In reply to]

https://bugzilla.mindrot.org/show_bug.cgi?id=1633

--- Comment #6 from noodle10000 [at] googlemail 2009-08-27 19:38:03 EST ---
(In reply to comment #5)
> Have you been able to reproduce the problem with patch #1671 applied?

We've not had any further problems with ssh-agent since applying #1671
- looks like it's fixed. Thanks!

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

bugzilla-daemon at bugzilla

Sep 1, 2009, 7:43 AM

Post #8 of 8 (987 views)
Permalink

[Bug 1633] Race condition in ssh-agent AUTH_CONNECTION [In reply to]

https://bugzilla.mindrot.org/show_bug.cgi?id=1633

Damien Miller <djm [at] mindrot> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED

--- Comment #7 from Damien Miller <djm [at] mindrot> 2009-09-02 00:43:47 EST ---
patch applied. This will be in openssh-5.4.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads