You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Thomas Wolf (Jira)" <ji...@apache.org> on 2022/06/08 06:42:00 UTC

[jira] [Resolved] (SSHD-828) Race condition when using SOCKS connections

     [ https://issues.apache.org/jira/browse/SSHD-828?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Thomas Wolf resolved SSHD-828.
------------------------------
    Resolution: Cannot Reproduce

I cannot reproduce this with 2.8.0 or 2.9.0 (current master). From code inspection (of the current code) I also don't see any way this race could happen, and I've not been able to write a test case that would show this race. It's possible, though, that 1.7.0 did have such a race.

If you do have a case where this race occurs with 2.8.0 or 2.9.0, a self-contained test case exhibiting the problem would be most welcome. The solution then might be to open the channel with an initial window size of zero, and increase that window size only after the SOCKS "success" reply has been sent.

> Race condition when using SOCKS connections
> -------------------------------------------
>
>                 Key: SSHD-828
>                 URL: https://issues.apache.org/jira/browse/SSHD-828
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 1.7.0
>            Reporter: Gavin Camp
>            Priority: Major
>         Attachments: patch.diff
>
>
> There is a race condition when using SOCKS proxies with the SSHD server.  After the initial SOCKS negotiation the SOCKS proxy creates a channel.  When notified that the SOCKS channel is open the SOCKS proxy then sends the final accept SOCK packet.  However there is a timing issue where very fast hosts could have already sent a packet over the now open channel - which will arrive at the client before the final SOCKS proxy packet.  This confuses the SOCKS client connected to the server as its expected a SOCKS packet and instead gets a packet from the underlying stream.
> While this isn't a huge issue for us, given that we have the patch, this could render the SOCKS implementation useless for some users.
> Attached is a rough patch the corrects the issue.
> Note: as we are just using SSHD for testing I wasn't overly concerned with error checking or avoiding synchronization - I'm just providing it to help illustrate the issue.  Also you can ignore the pom and check-style changes I just disabled them for an easier life.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org