openssh bugs - Aug 2008 - [Bug 1501] New: p_read, p_send not intialized

https://bugzilla.mindrot.org/show_bug.cgi?id=1501

           Summary: p_read, p_send not intialized
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.0p1
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: THanson at CardinalPeak.com


Source file packet.c declares 2 structures, p_read & p_send, which are
used to manage packet traffic.  These structures are not explicitly
initialized in either the declaration or in the code.

In an environment (i.e. VxWorks) where spawning a second copy (thread)
does not zero-fill memory, this causes the second (and subsequent)
copies to use the values left behind by previous copies.  The result is
that the sequence number (seqnr field) is out of synch with the server
and MAC checksum verification fails.

Recommend setting seqnr, packets, and blocks fields to zero at
process/thread start.  Testing with concurrent threads also
recommended.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1501


Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au




--- Comment #1 from Darren Tucker <dtucker at zip.com.au>  2008-08-13
13:06:34 ---
Uh, it's a static global.  ISO C specifies that it must already be
zeroed.

eg http://www.dkuug.dk/JTC1/SC22/WG14/www/docs/n843.pdf section
6.7.8.10:

"If an object that has static storage duration is not initialized
explicitly, then: 
- if it has pointer type, it is initialized to a null pointer; 
- if it has arithmetic type, it is initialized to (positive or
unsigned) zero; 
- if it is an aggregate, every member is initialized (recursively)
according to these rules;"

OpenSSH is not and has never claimed to be thread safe.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1501


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WORKSFORME
                 CC|                            |djm at mindrot.org




-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1501


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED




--- Comment #2 from Damien Miller <djm at mindrot.org>  2009-02-23
13:36:01 ---
Close bugs fixed/reviewed for openssh-5.2 release

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.