Comments (11)
I've assigned this to @bigbrett . He will be looking into this for you.
Warm regards, Anthony
from wolfssh.
With git bisect I was able to identify the first commit that caused this precise symptom.
6a3e4856b488f3d8598ce3a587436997fd2f6d9b is the first bad commit
commit 6a3e4856b488f3d8598ce3a587436997fd2f6d9b
Author: John Safranek <[email protected]>
Date: Thu Jun 15 13:25:33 2023 -0700
I/O Buffer Refactor
1. Started changing LENGTH_SZ to UINT32_SZ. The RFCs define the length
of strings and mpints as uint32 values.
2. Some whitespace changes.
3. The getting data into the input buffer is done based on the goal size.
The pattern is to get the first block, decrypt it if necessary, then read
the size out, then get that much data plus the size of the length and the
MAC.
Analyzing this commit, turns out there's a copy'n'paste error. The following patch fixes it:
diff --git a/src/internal.c b/src/internal.c
index 1cde473..de86ea2 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7461,7 +7461,7 @@ int DoReceive(WOLFSSH* ssh)
+ peerBlockSz,
ssh->inputBuffer.buffer + ssh->inputBuffer.idx
+ peerBlockSz,
- ssh->curSz - peerBlockSz);
+ ssh->curSz + UINT32_SZ - peerBlockSz);
}
else {
/* Entire packet fit in one block, don't need
After applying that patch over the aforementioned commit, it all works again, but applying that patch over v1.4.14-stable makes another problem show up: sftp stalls waiting for some replies that never arrives.
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
If I then rerun sftp with the -oPreferredAuthentications=password
option, it works.
from wolfssh.
After further investigation, reverting the following two commits, and then applying the aforementioned patch, makes things work: 9d1996a, 169d2c6.
from wolfssh.
Hi @falemagn ,
Thank you so much for the report and the proposed fixes!! I think completely reverting 9d1996a, 169d2c6 might not be desirable. I will get this ticket assigned to a wolfSSL engineering team member so we can get to a more pin pointed solution.
Please stay tuned.
Warm regards, Anthony
from wolfssh.
Hi @falemagn ,
Thank you so much for the report and the proposed fixes!! I think completely reverting 9d1996a, 169d2c6 might not be desirable.
I am sure it wouldn't, I just thought I'd point out that there lies the source of the issue, so to help you guys find a proper fix. :)
Thanks for the prompt response!
from wolfssh.
When investigating another report I added this pull request (#559). I suspect it will resolve this issue too.
from wolfssh.
When investigating another report I added this pull request (#559). I suspect it will resolve this issue too.
Only the first one, though, not the other caused by something happened because of 9d1996a and 169d2c6, as reported previously.
from wolfssh.
For the second part of the issue I think this part of the pull request might be related https://github.com/wolfSSL/wolfssh/pull/559/files#diff-1c4e2f5adfa1ad30618e78ff459b2c0758ecf34278459ad0a8d58db4fec622eaR5845.
Before adding that I was seeing a hang in the example server after rejecting a peer's public key.
from wolfssh.
You are right, that PR solves this specific issue. I was misled by the fact we're experiencing an issue in our code base which I was able to identify as stemming from this very issue we are discussing.
However, even with that PR, in our code base we still experience the hang. Has anything changed about what's expected from the user auth callback, due to 9d1996a and 169d2c6?
from wolfssh.
Ok, I believe I have found it: there's a missing ret = WS_SUCCESS
if the return code from the user auth callback is not SUCCESS and is not one of the errors being explicitly handled, which makes the function not return failure to the client.
I have added a review to PR #559.
from wolfssh.
Given the merge of #559 in master, the issue can now be closed.
from wolfssh.
Related Issues (20)
- SIGSEGV on wolfssh 1.4.11 HOT 2
- Build fails
- error: Libtool library used but 'LIBTOOL' is undefined HOT 3
- Update Espressif SSH examples to use new "no setup" CMakeFiles.txt HOT 1
- wolfssh on STM32U5 HOT 4
- Does the SFTP server support IPV6? HOT 2
- Implement remote port forwarding with lwip HOT 1
- Enhancing portability and error handling in wolfSSH HOT 1
- diffie-hellman-group-exchange-sha256 broken since v1.4.12-stable HOT 2
- non blocking mode does not work : infinte lines of "client would read block" in offical test client program HOT 8
- make fail with sftp HOT 2
- wolfSSH Espressif ESP32 Managed Component Support HOT 1
- wolfSSL GitHooks pre-commit: incompatible on Visual Studio Windows WSL
- Double Free or Corruption on 1.4.13 and master branch HOT 5
- Rekeying doesn't work in certain cases HOT 1
- If the client is suspended, the server enters a busy loop with WS_WINDOW_FULL HOT 6
- DoReiceive() does not update the input buffer after DoPacket(), when it has to. HOT 1
- Espressif fixes: MISC_WARNING not expanded, vars not initialized, not used
- Missing wolfssl/options.h in esp-idf managed component version "1.4.15-stable-preview5"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wolfssh.