similar to: [Bug 1548] New: Double free in OpenSSH clientloop.c/xmalloc.c via cmdline port forwarding

The attached patch adds an option (off by default to preserve current behavior) to set a timeout on the select() statement that waits for input in clientloop.c. This fixes a timeout issue for me (explained below) and probably also fixes the timeouts mentioned in last month's thread "Idle time out". The patch is also available by http from:

this (uncomplete) patch makes various features compile time options and saves up to 24K in the resulting ssh/sshd binaries. i don't know whether this should be added to the CVS since it makes the code less readable. perhaps WITH_COMPRESSION should be added, since it removes the dependency on libz -m Index: Makefile.inc =================================================================== RCS

Hi all, This is a client side only implementation of reversed dynamic (SOCKS) TCP forwarding, which means it is compatible with any existing servers have 'remote forward' capability. To establish such forward, use "ssh -R [BIND_ADDRESS:]PORT ...". The server will listen on that port and address and accept SOCKS traffics. Hope this will be useful for you. There was an

here's an up-to-date patch, should apply to both openbsd and non-openbsd versions of openssh. i did only test ipv4 addresses. Index: channels.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/channels.c,v retrieving revision 1.191 diff -u -r1.191 channels.c --- channels.c 24 Jun 2003 08:23:46 -0000 1.191 +++ channels.c 25 Jun 2003 12:14:19

Here is my third attempt at the idletimeout patch. I tried to address the points which Marcus Friedl brought up. It is actually bigger than the previous patches, but not as intrusive. It is big because it moves some stuff from serverloop.c to packet.c. - I moved all the logic to packet.c. This means that I also had to move the actual select() call, which used to be in serverloop.c to packet.c.

Yes, this is a patch against an older version of OpenSSH with other stuff anyways, BUT, it's so TRIVIAL(*), that you can see how it would apply to newer versions (which I've not tried). Here's the gist: server_loop2() has a race condition with respect to reception of SIGCHLD and checking/setting child_terminated. This patch does two things: wait_until_can_do_something() adds a 1

Hi, At the n2k10 OpenBSD network hackathon, I finally got some time to clean up and rewrite the ssh(1) client multiplexing code. The attached diffs (one for portable OpenSSH, one for OpenBSD) are the result, and they need some testing. The revised multiplexing code uses a better protocol between the master and slave processes and I even bothered to write it up :) It tracks the control sockets

Hello, In response to the timing analysis attacks presented by Dawn Song et. al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html we at Silicon Defense developed a patch for openssh to avoid such measures. Timing Analysis Evasion changes were developed by C. Jason Coit and Roel Jonkman of Silicon Defense. These changes cause SSH to send packets unless request not to,

comments? allows % ssh host 'tail -f /var/log/messages | grep bla' ^C Index: clientloop.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/clientloop.c,v retrieving revision 1.86 diff -u -r1.86 clientloop.c --- clientloop.c 24 Oct 2001 19:57:40 -0000 1.86 +++ clientloop.c 29 Oct 2001 19:08:37 -0000 @@ -103,6 +103,8 @@ */ static

http://bugzilla.mindrot.org/show_bug.cgi?id=1131 ------- Comment #18 from cove at wildpackets.com 2006-03-17 09:06 ------- It could be a bug in cryptlib, but I had the same problem with libssh and the first comment in this bug report is with a 3rd implementation. debug2: load_server_config: filename /usr/local/etc/sshd_config debug2: load_server_config: done config len = 292 debug2:

Hi, We installed OpenSSH 2.9p2 with OpenSSL 0.9.6b on our Compaq Alpha ES40 running Tru64 Unix 5.0a. We've been having problems where one of our users appears in the output of "w" and is associated with a pseudoterminal even though he has no processes attached to that pty. The problem can be reproduced by connecting to the localhost host via ssh using protocol version 2, and then

comments? alternatives: sigsetjmp(ugly) and pselect(not portable, available) drawback: additional filedescriptors. Index: serverloop.c =================================================================== RCS file: /home/markus/cvs/ssh/serverloop.c,v retrieving revision 1.82 diff -u -r1.82 serverloop.c --- serverloop.c 10 Oct 2001 22:18:47 -0000 1.82 +++ serverloop.c 11 Oct 2001 18:06:33 -0000 @@

In our work with enabling large windows for openssh we found 1) that if a window > 0x10000 is advertised to openssh's sshd 2) the sshd tries to send more than 0x10000 bytes of data 3) the receiver does not consume them 4) the input buffer will grow larger than the size allowed by buffer.c and fatal(). We believe the correct behavior is to limit reading into the channel input buffer to

Hi, I'm a newbie to openssh and was trying to read the source code recently. Could anyone tell me why in sshd the connection_in and connection_out are the same(seems to be integer 3 in my machine). connection_in is used in process_input(readset), and connection_out is used in process_output(writeset); But how does it work if it tries to read and write from the same file descriptor? /Bob

Hi, when trying to optimize socket transfer rates under Cygwin, it turned out that the underlying WinSock implementation is surprisingly sensitive to buffer sizes. The latest Cygwin from CVS is now setting the socket receive/send buffers (SO_RCVBUF/SO_SNDBUF) to 64K, rather than keeping them at their default values of 8K which thwarts data transfers a lot. While testing I still had the problem

Using OpenSSH_8.3p1 I had an open (working) connection to some other box; after a bit of inactivity, some device in the middle seems to have forgotten about the TCP connection (NAT) and broke it. I've got an EscapeChar defined, though; so first I tried to send a BREAK and, when that didn't help (TCP already gone, packets get lost!), I tried (just out of curiosity) a Rekey. Now I can see

As you are now probably aware, the portability team for openssh still has not fixed the hang-on-exit bug in the 2.9.9p2 release. Attached is a patch for 2.9.9p2 that fixes the hang-on-exit bug for Linux systems. It also adds a useful exit delay feature that has also not yet been incorporated into the main sources. For more information, see the SNFS (secure NFS) web page:

does somebody like this? Index: Makefile.inc =================================================================== RCS file: /cvs/src/usr.bin/ssh/Makefile.inc,v retrieving revision 1.21 diff -u -r1.21 Makefile.inc --- Makefile.inc 30 Oct 2001 20:32:31 -0000 1.21 +++ Makefile.inc 16 Nov 2001 12:07:22 -0000 @@ -10,7 +10,7 @@ CDIAGFLAGS+= -Wmissing-prototypes CDIAGFLAGS+= -Wunused -#DEBUG=-g

On 2.3.0p1, we have been experiencing the SSH2 stdout truncation problem that was reported by a few users. I built the 20010115 snapshot. It seems to correct the problem but before I was able to test it, I had to change sigchld_handler2 so it would not reset the signal handler before waitpid is called. On Irix, it seems a SIGCHLD is delivered for ever... I haven't tried the last snapshots so

using openssh-3.8.1p1 from sunfreeware.com on a SunOS XXX 5.8 Generic_117000-03 sun4u sparc SUNW,Sun-Fire-V240. sshd seems to ignore or miss SIGCLD. this is a rare behaviour we observe about once per week in a ssh intensive environment. the process hangs here: truss: 24453: poll(0xFFBEEF28, 2, -1) (sleeping...) gcore, mdb: libc.so.1`_poll+4(b, 0, 0, ffbeef38, 6fc40,