- dtucker@cvs.openbsd.org 2008/06/12 20:38:28

[sshd.c sshconnect.c packet.h misc.c misc.h packet.c]
     Make keepalive timeouts apply while waiting for a packet, particularly
     during key renegotiation (bz #1363).  With djm and Matt Day, ok djm@

ChangeLog

@@ -118,6 +118,10 @@
    - jmc@cvs.openbsd.org 2008/06/12 19:10:09
      [ssh_config.5 ssh-keygen.1]
      tweak the ascii art text; ok grunk
+   - dtucker@cvs.openbsd.org 2008/06/12 20:38:28
+     [sshd.c sshconnect.c packet.h misc.c misc.h packet.c]
+     Make keepalive timeouts apply while waiting for a packet, particularly
+     during key renegotiation (bz #1363).  With djm and Matt Day, ok djm@
   - (dtucker) [clientloop.c serverloop.c]  channel_register_filter now
     takes 2 more args.  with djm@
 
@@ -4282,4 +4286,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4987 2008/06/12 19:18:03 dtucker Exp $
+$Id: ChangeLog,v 1.4988 2008/06/12 20:42:45 dtucker Exp $

misc.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.67 2008/01/01 08:47:04 dtucker Exp $ */
+/* $OpenBSD: misc.c,v 1.68 2008/06/12 20:38:28 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -832,3 +832,23 @@ put_u16(void *vp, u_int16_t v)
 	p[0] = (u_char)(v >> 8) & 0xff;
 	p[1] = (u_char)v & 0xff;
 }
+
+void
+ms_subtract_diff(struct timeval *start, int *ms)
+{
+	struct timeval diff, finish;
+
+	gettimeofday(&finish, NULL);
+	timersub(&finish, start, &diff);	
+	*ms -= (diff.tv_sec * 1000) + (diff.tv_usec / 1000);
+}
+
+void
+ms_to_timeval(struct timeval *tv, int ms)
+{
+	if (ms < 0)
+		ms = 0;
+	tv->tv_sec = ms / 1000;
+	tv->tv_usec = (ms % 1000) * 1000;
+}
+

misc.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.37 2007/12/27 14:22:08 dtucker Exp $ */
+/* $OpenBSD: misc.h,v 1.38 2008/06/12 20:38:28 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -33,6 +33,8 @@ char	*tilde_expand_filename(const char *, uid_t);
 char	*percent_expand(const char *, ...) __attribute__((__sentinel__));
 char	*tohex(const void *, size_t);
 void	 sanitise_stdfd(void);
+void	 ms_subtract_diff(struct timeval *, int *);
+void	 ms_to_timeval(struct timeval *, int);
 
 struct passwd *pwcopy(struct passwd *);
 const char *ssh_gai_strerror(int);

packet.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.153 2008/05/19 06:14:02 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.154 2008/06/12 20:38:28 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -138,6 +138,9 @@ static int after_authentication = 0;
 
 int keep_alive_timeouts = 0;
 
+/* Set to the maximum time that we will wait to send or receive a packet */
+static int packet_timeout_ms = -1;
+
 /* Session key information for Encryption and MAC */
 Newkeys *newkeys[MODE_MAX];
 static struct packet_state {
@@ -191,6 +194,19 @@ packet_set_connection(int fd_in, int fd_out)
 	}
 }
 
+void
+packet_set_timeout(int timeout, int count)
+{
+	if (timeout == 0 || count == 0) {
+		packet_timeout_ms = -1;
+		return;
+	}
+	if ((INT_MAX / 1000) / count < timeout)
+		packet_timeout_ms = INT_MAX;
+	else
+		packet_timeout_ms = timeout * count * 1000;
+}
+
 /* Returns 1 if remote host is connected via socket, 0 if not. */
 
 int
@@ -891,10 +907,11 @@ packet_send(void)
 int
 packet_read_seqnr(u_int32_t *seqnr_p)
 {
-	int type, len;
+	int type, len, ret, ms_remain;
 	fd_set *setp;
 	char buf[8192];
 	DBG(debug("packet_read()"));
+	struct timeval timeout, start, *timeoutp = NULL;
 
 	setp = (fd_set *)xcalloc(howmany(connection_in+1, NFDBITS),
 	    sizeof(fd_mask));
@@ -925,11 +942,34 @@ packet_read_seqnr(u_int32_t *seqnr_p)
 		    sizeof(fd_mask));
 		FD_SET(connection_in, setp);
 
+		if (packet_timeout_ms > 0) {
+			ms_remain = packet_timeout_ms;
+			timeoutp = &timeout;
+		}
 		/* Wait for some data to arrive. */
-		while (select(connection_in + 1, setp, NULL, NULL, NULL) == -1 &&
+		for (;;) {
-		    (errno == EAGAIN || errno == EINTR))
+			if (packet_timeout_ms != -1) {
-			;
+				ms_to_timeval(&timeout, ms_remain);
-
+				gettimeofday(&start, NULL);
+			}
+			if ((ret = select(connection_in + 1, setp, NULL,
+			    NULL, timeoutp)) >= 0)
+				break;
+		   	if (errno != EAGAIN && errno != EINTR)
+				break;
+			if (packet_timeout_ms == -1)
+				continue;
+			ms_subtract_diff(&start, &ms_remain);
+			if (ms_remain <= 0) {
+				ret = 0;
+				break;
+			}
+		}
+		if (ret == 0) {
+			logit("Connection to %.200s timed out while "
+			    "waiting to read", get_remote_ipaddr());
+			cleanup_exit(255);
+		}
 		/* Read data from the socket. */
 		len = read(connection_in, buf, sizeof(buf));
 		if (len == 0) {
@@ -1452,6 +1492,8 @@ void
 packet_write_wait(void)
 {
 	fd_set *setp;
+	int ret, ms_remain;
+	struct timeval start, timeout, *timeoutp = NULL;
 
 	setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS),
 	    sizeof(fd_mask));
@@ -1460,9 +1502,34 @@ packet_write_wait(void)
 		memset(setp, 0, howmany(connection_out + 1, NFDBITS) *
 		    sizeof(fd_mask));
 		FD_SET(connection_out, setp);
-		while (select(connection_out + 1, NULL, setp, NULL, NULL) == -1 &&
+
-		    (errno == EAGAIN || errno == EINTR))
+		if (packet_timeout_ms > 0) {
-			;
+			ms_remain = packet_timeout_ms;
+			timeoutp = &timeout;
+		}
+		for (;;) {
+			if (packet_timeout_ms != -1) {
+				ms_to_timeval(&timeout, ms_remain);
+				gettimeofday(&start, NULL);
+			}
+			if ((ret = select(connection_out + 1, NULL, setp,
+			    NULL, timeoutp)) >= 0)
+				break;
+		   	if (errno != EAGAIN && errno != EINTR)
+				break;
+			if (packet_timeout_ms == -1)
+				continue;
+			ms_subtract_diff(&start, &ms_remain);
+			if (ms_remain <= 0) {
+				ret = 0;
+				break;
+			}
+		}
+		if (ret == 0) {
+			logit("Connection to %.200s timed out while "
+			    "waiting to write", get_remote_ipaddr());
+			cleanup_exit(255);
+		}
 		packet_write_poll();
 	}
 	xfree(setp);

packet.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.h,v 1.47 2008/05/08 06:59:01 markus Exp $ */
+/* $OpenBSD: packet.h,v 1.48 2008/06/12 20:38:28 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -21,6 +21,7 @@
 #include <openssl/bn.h>
 
 void     packet_set_connection(int, int);
+void     packet_set_timeout(int, int);
 void     packet_set_nonblocking(void);
 int      packet_get_connection_in(void);
 int      packet_get_connection_out(void);

sshconnect.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.206 2008/06/12 00:13:55 grunk Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.207 2008/06/12 20:38:28 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -77,23 +77,6 @@ extern pid_t proxy_command_pid;
 static int show_other_keys(const char *, Key *);
 static void warn_changed_key(Key *);
 
-static void
-ms_subtract_diff(struct timeval *start, int *ms)
-{
-	struct timeval diff, finish;
-
-	gettimeofday(&finish, NULL);
-	timersub(&finish, start, &diff);	
-	*ms -= (diff.tv_sec * 1000) + (diff.tv_usec / 1000);
-}
-
-static void
-ms_to_timeval(struct timeval *tv, int ms)
-{
-	tv->tv_sec = ms / 1000;
-	tv->tv_usec = (ms % 1000) * 1000;
-}
-
 /*
  * Connect to the given ssh server using a proxy command.
  */
@@ -178,6 +161,8 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
 
 	/* Set the connection file descriptors. */
 	packet_set_connection(pout[0], pin[1]);
+	packet_set_timeout(options.server_alive_interval,
+	    options.server_alive_count_max);
 
 	/* Indicate OK return */
 	return 0;
@@ -422,6 +407,8 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
 
 	/* Set the connection. */
 	packet_set_connection(sock, sock);
+	packet_set_timeout(options.server_alive_interval,
+	    options.server_alive_count_max);
 
 	return 0;
 }

sshd.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.359 2008/06/10 08:17:40 jmc Exp $ */
+/* $OpenBSD: sshd.c,v 1.360 2008/06/12 20:38:28 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1903,6 +1903,9 @@ main(int ac, char **av)
 			destroy_sensitive_data();
 	}
 
+	packet_set_timeout(options.client_alive_interval,
+	    options.client_alive_count_max);
+
 	/* Start session. */
 	do_authenticated(authctxt);