From owner-freebsd-current@FreeBSD.ORG Thu Jul 31 13:21:38 2008 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 28DE91065681 for ; Thu, 31 Jul 2008 13:21:38 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (chello087206045140.chello.pl [87.206.45.140]) by mx1.freebsd.org (Postfix) with ESMTP id 855618FC0C for ; Thu, 31 Jul 2008 13:21:37 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 1BCC1456B1; Thu, 31 Jul 2008 15:21:35 +0200 (CEST) Received: from localhost (pjd.wheel.pl [10.0.1.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 51018456AB; Thu, 31 Jul 2008 15:21:30 +0200 (CEST) Date: Thu, 31 Jul 2008 15:21:36 +0200 From: Pawel Jakub Dawidek To: Patrick Lamaizi?re Message-ID: <20080731132136.GC4088@garage.freebsd.pl> References: <20080722081449.GA3241@garage.freebsd.pl> <20080731123246.365d0b1f@baby-jane-lamaiziere-net.local> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="HCdXmnRlPgeNBad2" Content-Disposition: inline In-Reply-To: <20080731123246.365d0b1f@baby-jane-lamaiziere-net.local> User-Agent: Mutt/1.4.2.3i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 8.0-CURRENT i386 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.0.4 Cc: current@freebsd.org Subject: Re: Recent Padlock changes break ssh X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2008 13:21:38 -0000 --HCdXmnRlPgeNBad2 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 31, 2008 at 12:32:46PM +0200, Patrick Lamaizi?re wrote: > Le Tue, 22 Jul 2008 10:14:49 +0200, > Pawel Jakub Dawidek a =E9crit : >=20 > Hello, >=20 > > Could you try this patch? Those are the only changes that could > > eventually change the behaviour. > >=20 > > http://people.freebsd.org/~pjd/patches/padlock.c.patch > >=20 >=20 > I think that one problem is that the session id (ses->ses_id) is not > updated when a free session is reused. The session id is set to zero by > bzero() in padlock_freesession(). So we can have several active > sessions with the same ses->ses_id =3D=3D 0 if the sessions are reused. Great catch! What do you think about using old sessid? I think it's ok to do so and a bit safer, because session ID is only 32bit long so we may get collision once we start from 0 again. > padlock_freession() > padlock_hash_free(ses); > bzero(ses, sizeof(*ses)); > ses->ses_used =3D 0; > TAILQ_INSERT_HEAD(&sc->sc_sessions, ses, ses_next); >=20 > and in padlock_newsession() > /* > * Free sessions goes first, so if first session is used, we > need to > * allocate one. > */ > ses =3D TAILQ_FIRST(&sc->sc_sessions); > if (ses =3D=3D NULL || ses->ses_used) > ses =3D NULL; > else { > TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next); > ses->ses_used =3D 1; > + ses->ses_id =3D sc->sc_sid++; > TAILQ_INSERT_TAIL(&sc->sc_sessions, ses, ses_next); I'd replace 'sc->sc_sid++' with 'sid'. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --HCdXmnRlPgeNBad2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFIkbxgForvXbEpPzQRAlc8AJkBKkgcFFuUD7BaitAgIlpS/tnvYgCgmVZ9 M2hckhua5657EKQ0fAayfPM= =7HAT -----END PGP SIGNATURE----- --HCdXmnRlPgeNBad2--