GitHub user gacamp opened a pull request:
https://github.com/apache/mina-sshd/pull/60
Gc socks timing
There is a race condition when using SOCKS proxies with the SSHD server.
After the initial SOCKS negotiation the SOCKS proxy creates a channel. When
notified that the SOCKS channel is open the SOCKS proxy then sends the final
accept SOCK packet. However there is a timing issue where very fast hosts
could have already sent a packet over the now open channel - which will arrive
at the client before the final SOCKS proxy packet. This confuses the SOCKS
client connected to the server as its expected a SOCKS packet and instead gets
a packet from the underlying stream.
I'm uncertain if you will want to use this code or not. The way I have
fixed the race condition is a little odd in this pull request. In the patch I
couldn't find an easy way to delay the underlying protocol packets until after
the connection was created, so instead I send the socks response before opening
the channel (which is technically wrong) and then I delay any SOCKS responses
until the channel is open. The reason I did this was because this confines all
of the required changes to the proxy, so it was a quicker fix for me.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/gacamp/mina-sshd gc-socks-timing
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/mina-sshd/pull/60.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #60
----
commit 877477a96175db50b3d202fbb965a4a88b427bcd
Author: Gavin Camp <gcamp@...>
Date: 2018-06-11T12:26:44Z
Fixes to sshd to fix the socks connection timing issue
commit b01d69258240a6c452eb36bb2899fe19a2a15d97
Author: Gavin Camp <gcamp@...>
Date: 2018-06-13T09:51:48Z
Reverted changes to poms
----
---
