You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Gavin Camp (Jira)" <ji...@apache.org> on 2022/06/09 11:55:00 UTC
[jira] [Commented] (SSHD-828) Race condition when using SOCKS connections
[ https://issues.apache.org/jira/browse/SSHD-828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17552154#comment-17552154 ]
Gavin Camp commented on SSHD-828:
---------------------------------
Hi,
Yes, we still see the issue on 2.8.0.
We are currently working around the issue by putting a forced delay between the SOCKS and SSH negotiation - without this it randomly fails due to the race condition.
Sorry although its easily repeatable on our side its not possible to share a working test since it would require sharing Cisco internal code.
That’s an interesting idea, we may investigate that.
Although, I made a patch on the earlier Mina versions changing the code to fix this so it should be possible.
Just need to make sure no packets are returned to the caller before the underlying systems are active.
Regards,
Gavin
-----Original Message-----
From: Thomas Wolf (Jira) <ji...@apache.org>
Sent: 08 June 2022 07:42
To: Gavin Camp (gcamp) <gc...@cisco.com>
Subject: [jira] [Resolved] (SSHD-828) Race condition when using SOCKS connections
[ https://issues.apache.org/jira/browse/SSHD-828?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thomas Wolf resolved SSHD-828.
------------------------------
Resolution: Cannot Reproduce
I cannot reproduce this with 2.8.0 or 2.9.0 (current master). From code inspection (of the current code) I also don't see any way this race could happen, and I've not been able to write a test case that would show this race. It's possible, though, that 1.7.0 did have such a race.
If you do have a case where this race occurs with 2.8.0 or 2.9.0, a self-contained test case exhibiting the problem would be most welcome. The solution then might be to open the channel with an initial window size of zero, and increase that window size only after the SOCKS "success" reply has been sent.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
> Race condition when using SOCKS connections
> -------------------------------------------
>
> Key: SSHD-828
> URL: https://issues.apache.org/jira/browse/SSHD-828
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 1.7.0
> Reporter: Gavin Camp
> Priority: Major
> Attachments: patch.diff
>
>
> There is a race condition when using SOCKS proxies with the SSHD server. After the initial SOCKS negotiation the SOCKS proxy creates a channel. When notified that the SOCKS channel is open the SOCKS proxy then sends the final accept SOCK packet. However there is a timing issue where very fast hosts could have already sent a packet over the now open channel - which will arrive at the client before the final SOCKS proxy packet. This confuses the SOCKS client connected to the server as its expected a SOCKS packet and instead gets a packet from the underlying stream.
> While this isn't a huge issue for us, given that we have the patch, this could render the SOCKS implementation useless for some users.
> Attached is a rough patch the corrects the issue.
> Note: as we are just using SSHD for testing I wasn't overly concerned with error checking or avoiding synchronization - I'm just providing it to help illustrate the issue. Also you can ignore the pom and check-style changes I just disabled them for an easier life.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org