thr3ads.net - openssh bugs - [Bug 1503] New: Possible Intermittent False-negative on Port Forwarding. [Aug 2008]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at bugzilla.mindrot.org

2008-Aug-11 17:22 UTC

[Bug 1503] New: Possible Intermittent False-negative on Port Forwarding.

https://bugzilla.mindrot.org/show_bug.cgi?id=1503

           Summary: Possible Intermittent False-negative on Port
                    Forwarding.
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.0p1
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: minor
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: THanson at CardinalPeak.com


While debugging other issues I have seen occasional reports of "Remote
port forwarding failed..."  At least some of them appear to be
incorrect because forwarding was actually working.

Investigation revealed a probable cause:  SSH2_MSG_GLOBAL_REQUEST
packets are being used for 2 purposes.  They are used to request/cancel
port forwarding AND they are used as "keep alive" messages.  Problem
is, the server ( server_input_global_request() ) sets type to FAILURE
for any packet other than "tcpip-forward" or
"cancel-tcpip-forward".
Thus, "keep alive" requests are always set to FAILURE.  When received
by the Client, it can not differentiate a "keep alive" response from a
forwarding request response.  If timing is such that a keep alive was
sent just prior to a forwarding request, the keep-alive response may be
read by the forwarding code as a failure.

2 notes:
1) I have not been able to reproduce this and document the packet
traffic.
2) It appears that the server is expecting one of
[SSH2_MSG_CHANNEL_FAILURE, SSH2_MSG_REQUEST_SUCCESS,
SSH2_MSG_REQUEST_FAILURE ] as a keep alive message BUT the client
_appears_ to be sending SSH2_MSG_GLOBAL_REQUEST in order to trigger a
[SSH2_MSG_REQUEST_FAILURE |SSH2_MSG_REQUEST_SUCCESS] response which the
client wants as a keep-alive.  Combining this pattern with
packet_read_poll_seqnr() resetting "keep_alive_timeouts" for every
packet, regardless of type, suggests that the keep-alive hand-shaking
scheme may be broken.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2008-Aug-13 13:36 UTC

head link

[Bug 1503] Possible Intermittent False-negative on Port Forwarding.

https://bugzilla.mindrot.org/show_bug.cgi?id=1503


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org




--- Comment #1 from Damien Miller <djm at mindrot.org>  2008-08-13
23:36:11 ---
Could you please try to replicate this with openssh-5.1? It properly
matches channel success/failures to callback functions.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2010-Apr-26 10:13 UTC

head link

[Bug 1503] Possible Intermittent False-negative on Port Forwarding.

https://bugzilla.mindrot.org/show_bug.cgi?id=1503

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WORKSFORME

--- Comment #2 from Damien Miller <djm at mindrot.org>  ---
no reply for 18 months and the bug is almost certainly fixed in a more
recent release.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2011-Jan-24 01:33 UTC

head link

[Bug 1503] Possible Intermittent False-negative on Port Forwarding.

https://bugzilla.mindrot.org/show_bug.cgi?id=1503

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> 2011-01-24 12:33:48
EST ---
Move resolved bugs to CLOSED after 5.7 release

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

openssh bugs - Aug 2008 - [Bug 1503] New: Possible Intermittent False-negative on Port Forwarding.

[Bug 1503] New: Possible Intermittent False-negative on Port Forwarding.

[Bug 1503] Possible Intermittent False-negative on Port Forwarding.

[Bug 1503] Possible Intermittent False-negative on Port Forwarding.

[Bug 1503] Possible Intermittent False-negative on Port Forwarding.