search for: wait_until_can_do_someth

...for user perl service ssh-connection method password debug1: attempt 2 failures 2 Accepted password for perl from 204.160.252.25 port 3892 ssh2 debug1: Entering interactive session for SSH2. debug1: fd 3 setting O_NONBLOCK debug1: fd 7 setting O_NONBLOCK debug1: server_init_dispatch_20 debug1: mks wait_until_can_do_something before select debug1: mks wait_until_can_do_something after select debug1: server_input_channel_open: ctype session rchan 0 win 131072 max 32768 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: ch...

...with other stuff anyways, BUT, it's so TRIVIAL(*), that you can see how it would apply to newer versions (which I've not tried). Here's the gist: server_loop2() has a race condition with respect to reception of SIGCHLD and checking/setting child_terminated. This patch does two things: wait_until_can_do_something() adds a 1 second timeout to select() IF AND ONLY IF (!channel_still_open) AND, server_loop2() breaks out of its loop when there are no sessions left. Blocking SIGCHLD before select()ing would not fix the problem, nor would that be very portable. So, summary of changes: - session.h Added...

...debug2: channel 0: read 0 from efd 12 debug2: channel 0: closing read-efd 12 debug2: channel 0: ibuf empty debug2: channel 0: send eof debug2: channel 0: input drain -> closed ------------------- I have tried my hand at gdb, and this is the output and backtrace before the session hangs. (gdb) wait_until_can_do_something (readsetp=0x7ffff8e4, writesetp=0x7ffff8e0, maxfdp=0x7ffff8dc, nallocp=0x7ffff8d8, max_time_milliseconds=0) at serverloop.c:313 313 if (child_terminated && packet_not_very_much_data_to_write()) (gdb) 317 if (max_time_milliseconds == 0) (gdb) 318...

...ion, but it dosent help :-( in a german gdb howto i found a tip that the backtrace output can help to analyse the problem.... is it a solaris problem ? Greetings Frank sshd: #0 0xff19d618 in _poll () from /usr/lib/libc.so.1 #1 0xff14d53c in select () from /usr/lib/libc.so.1 #2 0x000339a0 in wait_until_can_do_something (readsetp=0xffbee5dc, writesetp=0xffbee5d8, maxfdp=0xffbee5d4, nallocp=0xffbee5d0, max_time_milliseconds=0) at serverloop.c:325 #3 0x00034d6c in server_loop2 (authctxt=0x123ac8) at serverloop.c:776 #4 0x0003ae0c in do_authenticated (authctxt=0x123ac8) at session.c:2265 #5 0x0002ea78 in ma...

...define and try it > again. We should > be using mysignal by default now, but it may have > disagreeable results. > > - Ben > Commented out the #define signal (a,b) mysignal(a,b) in bsd-misc.h, recompiled ( make clean && make ) still the same problem exists: (gdb) wait_until_can_do_something (readsetp=0x7ffff8e4, writesetp=0x7ffff8e0, maxfdp=0x7ffff8dc, nallocp=0x7ffff8d8, max_time_milliseconds=0) at serverloop.c:313 313 if (child_terminated && packet_not_very_much_data_to_write()) (gdb) 317 if (max_time_milliseconds == 0) (gdb) 318...

...) { [ ... ] for (;;) { process_buffered_input_packets(); rekeying = (xxx_kex != NULL && !xxx_kex->done); if (!rekeying && packet_not_very_much_data_to_write()) channel_output_poll(); wait_until_can_do_something(&readset, &writeset, &max_fd, &nalloc, 0); [ ...] and it hangs in the select() call in wait_until_can_do_something(). question: why is the wait time set to 0 (= wait forever) ? server_loop() (the interactive function) does not set it to 0. if the child exi...

http://bugzilla.mindrot.org/show_bug.cgi?id=52 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |1274 nThis| | ------- You are receiving this mail because: ------- You are the assignee for

...ied to fix this issue. Here is the patch: diff -rNu openssh-4.3p2/clientloop.c openssh-4.3p2-alive-fixed/clientloop.c --- openssh-4.3p2/clientloop.c 2005-12-31 07:22:32.000000000 +0200 +++ openssh-4.3p2-alive-fixed/clientloop.c 2006-04-22 19:32:17.000000000 +0300 @@ -456,7 +456,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, u_int *nallocp, int rekeying) { - struct timeval tv, *tvp; + static struct timeval tv, *tvp; int ret; /* Add any selections by the channel mechanism. */ @@ -508,12 +508,16 @@ if (options.server_a...

...tuck in select, both selecting on only the tcp socket of the connection, and with no timeout. No children of sshd remain (even as zombies), and it has no other interesting open fds. If you send a SIGCHLD to the hung sshd, it wakes up and exits. As far as I can see, there's a race condition in wait_until_can_do_something(), both in RedHat 2.5.2p2-5 and in the latest CVS sources. It tests child_terminated, and sets a non-zero timeout if so, before calling select(). However, there is a very small window (between checking child_terminated and calling select() in which a SIGCHLD can arrive and set child_terminated....

...actual select() call, which used to be in serverloop.c to packet.c. Now serverloop.c only uses packet.c and not the other way around, so dependencies are cleaner. - I implemented packet_select() in packet.c. This makes possible to catch idletimeouts not only when when server is sitting in wait_until_can_do_something() but also when server is waiting for completion of full packet in packet_read() or waiting for completion of writing full packet in packet_write_wait(). With previous patches sshd could (in theory at least) hang on packet_read() or packet_write_wait() even if idletimeout or clientalive...

...PLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. @@ -315,16 +342,25 @@ * Waits until the client can do something (some data becomes available on * one of the file descriptors). */ - -static void +/* + * SD Mod: We changed the return value of client_wait_until_can_do_something + * from void to int. It now returns 1 if the steno_timer has expired and 0 if not. + */ +int client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, int *nallocp, int rekeying) { + /* SD Mod: added variable steno_timer */ + static struct tim...

...Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: wiwi at progon.net If RekeyLimit is enabled, ClientAlive messages will not be sent, ever! Problem seems to be: serverloop.c: wait_until_can_do_something(...) max_time_milliseconds is set to the remaining time to a rekey. client_alive_scheduled never gets set, as max_time_milliseconds!=0: if (compat20 && max_time_milliseconds == 0 && options.client_alive_interval) { client_alive_scheduled = 1; max_time_milliseconds =...

...(); + previous_stdout_buffer_bytes = 0; /* Set approximate I/O buffer size. */ @@ -572,6 +617,7 @@ max_fd = MAX(max_fd, fdin); max_fd = MAX(max_fd, fdout); max_fd = MAX(max_fd, fderr); + max_fd = MAX(max_fd, notify_pipe[0]); /* Sleep in select() until we can do something. */ wait_until_can_do_something(&readset, &writeset, &max_fd, @@ -696,7 +742,11 @@ connection_in = packet_get_connection_in(); connection_out = packet_get_connection_out(); + notify_setup(); + max_fd = MAX(connection_in, connection_out); + max_fd = MAX(max_fd, notify_pipe[0]); + xxx_authctxt = authctxt;...

Hello, In response to the timing analysis attacks presented by Dawn Song et. al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html we at Silicon Defense developed a patch for openssh to avoid such measures. Timing Analysis Evasion changes were developed by C. Jason Coit and Roel Jonkman of Silicon Defense. These changes cause SSH to send packets unless request not to,

...ee on the server system (by logging in from a different terminal and tracking down the hung-out-to-dry process): # pstack 3296 3296: /usr/local/sbin/sshd -f /etc/sshd_config ef5b7488 poll (efffd160, 2, 64) ef5cd064 select (efffd170, ef6266cc, 11e8d0, ef6266d0, 11e8d4, 11) + 280 00034560 wait_until_can_do_something (effff24c, effff248, effff244, 64, 4, 1) + 2b8 00034d74 server_loop (fb000, 0, 104000, fb000, 104000, effff240) + 20c 00036c7c do_exec_pty (10bbcc, 11, 36634, fb400, 8a, 0) + 260 00036704 do_authenticated1 (0, 36400, fac00, 106800, ef623700, 36014) + 60c 00036074 do_authenticated (110fa8, ef...

...<pmenage at ensim.com>, openssh-unix-dev at mindrot.org Subject: Re: SIGCHLD race condition? > >Can you test against 2.9p2 or the current snapshots.. There has been some >SIGCHLD changes since 2.5.2pX series. > The signal handling strategy has changed, but the race condition in wait_until_can_do_something(), between checking child_terminated and calling select(), is still there. I can reproduce exactly the same lockup with RedHat/RawHide 2.9p2. Would putting a maximum timeout for select() break anything? If not, then it would at least prevent the system from deadlocking permanently, even if i...

...n sshd.c/line 997 (Openssh 3.1p1 release) after generating a new RSA Key: Mar 26 17:53:05 csfauth2 sshd[1474]: Generating new 768 bit RSA key. Mar 26 17:53:06 csfauth2 sshd[1474]: RSA key generation complete. Mar 26 17:53:06 csfauth2 sshd[1474]: error: select: Bad file number in the serverloop.c - wait_until_can_do_something() most of the time some messages just after session start, some during the session, and most of the time after closing the sessin Mar 26 15:44:17 csfauth2 sshd[824]: Accepted publickey for root from 10.70.79.92 port 3427 ssh2 Mar 26 15:45:59 csfauth2 sshd[824]: debug3: serverloop.c 329 select...

I need the version with this bugfix: http://bugzilla.mindrot.org/show_bug.cgi?id=182 . ("ssh should still force SIGCHLD to be SIG_DFL when calling ssh-rand-helper") It is apparently in the next release. Anyone have an estimate of when it will be released? thx, -das

...source system. The child SSHD that is forked to service the client does not exit when you exit via "exit" but it does when you exit via "logout" or simply closing the terminal. The problem seems to be in the server loop. When you reproduce the problem the forked SSHD sits in wait_until_can_do_something() and does not exit. Any help would be appreciated, Thank you. James Davis Lockheed Martin.

https://bugzilla.mindrot.org/show_bug.cgi?id=2565 Bug ID: 2565 Summary: High baud rate gets sent, solaris closes pty Product: Portable OpenSSH Version: 7.1p2 Hardware: Sparc OS: Solaris Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at