Buffering non-kex packets received after issuing a KEXINIT

pmeunier

Jul 6, 2021, 7:46 AM

OQZGSEWMQXOSEDB6ACSY7NTNZYIYX4ECZWXJ6JD5I7FC64JHTLIQC

Dependencies

[2] J4ZEHJHG Flush pending packets after a key re-exchange
[3] 662ZS5JF Version 0.33.2
[4] PDTFLA4Y Version 0.30.7
[5] CWHVPLXN Version bump
[6] BRDS7STA Adding method `send_channel_msg` to client::Session, to make it easier to write handlers
[7] 7Y2ROIVZ Version bump
[8] DJT33BQE Version bump
[9] E2SB74SV Version 0.30.3
[10] CQSPFH4H Version 0.30.4
[11] 634OYCNM Tokio 0.3
[12] 7FRJYUI6 Reboot because of a bad change
[13] TFYJ3P2A Version 0.30.8/0.19.4, and solving conflicts
[14] 2WEO7OZL Version updates: getting rid of anyhow + moving to Tokio 1.0
[15] ASD7JVBE Do not read past the size of the buffer (after Tokio 0.3)
[16] 2VTUKRLJ Version
[17] WXZWQLGL Correct negotiation without OpenSSL
[18] FT67GGO4 Version bump (Pijul and Thrussh)
[19] VYDCQWSF Version 0.30.6
[20] ORSEEVB5 Version bump

Change contents

edit in thrussh/src/server/session.rs at line 13

[4.188593]

[4.188593]

pub(crate) pending_reads: Vec<CryptoVec>,
edit in thrussh/src/server/mod.rs at line 477

[4.218750]

[4.218750]

pending_reads: Vec::new(),
edit in thrussh/src/server/encrypted.rs at line 35

[4.6271]→[4.231221:231313](∅→∅),[4.231221]→[4.231221:231313](∅→∅)

let instant = tokio::time::Instant::now() + self.common.config.auth_rejection_time;
edit in thrussh/src/server/encrypted.rs at line 52

[4.231969]→[4.231969:232000](∅→∅)

self.flush()?;
edit in thrussh/src/server/encrypted.rs at line 89

[2.753]

[4.233171]

let mut pending = std::mem::replace(&mut self.pending_reads, Vec::new());
for p in pending.drain(..) {
self = self.process_packet(handler, &p).await?
}
self.pending_reads = pending;
replacement in thrussh/src/server/encrypted.rs at line 98

[4.233264]→[4.233264:233300](∅→∅)

rek => enc.rekey = rek,

[4.233264]

[4.233300]

Some(Kex::KexInit(k)) => {
enc.rekey = Some(Kex::KexInit(k));
self.pending_reads.push(CryptoVec::from_slice(buf));
return Ok(self);
}
rek => {
debug!("rek = {:?}", rek);
enc.rekey = rek
},
edit in thrussh/src/server/encrypted.rs at line 108

[4.233310]

[4.233310]

self.process_packet(handler, buf).await
}
edit in thrussh/src/server/encrypted.rs at line 111

[4.233311]

[4.233311]

async fn process_packet<H: Handler>(
mut self,
handler: &mut Option<H>,
buf: &[u8],
) -> Result<Self, H::Error> {
let instant = tokio::time::Instant::now() + self.common.config.auth_rejection_time;
let mut enc = self.common.encrypted.as_mut().unwrap();
edit in thrussh/src/client/mod.rs at line 52

[4.336548]

[4.336548]

pending_reads: Vec<CryptoVec>,
edit in thrussh/src/client/mod.rs at line 811

[4.358127]

[4.358127]

pending_reads: Vec::new(),
edit in thrussh/src/client/encrypted.rs at line 54

[4.385895]→[4.385895:385930](∅→∅)

self.flush()?;
edit in thrussh/src/client/encrypted.rs at line 103

[2.898]

[4.388084]

let mut pending = std::mem::replace(&mut self.pending_reads, Vec::new());
for p in pending.drain(..) {
self = self.process_packet(client, &p).await?
}
self.pending_reads = pending;
edit in thrussh/src/client/encrypted.rs at line 110

[2.934]

[4.388134]

return Ok(self);
}
Some(Kex::KexInit(k)) => {
enc.rekey = Some(Kex::KexInit(k));
self.pending_reads.push(CryptoVec::from_slice(buf));
edit in thrussh/src/client/encrypted.rs at line 120

[4.388253]

[4.388253]

self.process_packet(client, buf).await
}
edit in thrussh/src/client/encrypted.rs at line 123

[4.388254]

[4.388254]

async fn process_packet<H: super::Handler>(
mut self,
client: &mut Option<H>,
buf: &[u8],
) -> Result<Self, H::Error> {
replacement in thrussh/Cargo.toml at line 5

[4.426214]→[3.0:19](∅→∅)

version = "0.33.2"

[4.426214]

[4.426233]

version = "0.33.3"