[jira] [Commented] (SSHD-828) Race condition when using SOCKS connections

Thu, 14 Jun 2018 01:47:28 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16512170#comment-16512170
 ] 

Gavin Camp commented on SSHD-828:
---------------------------------

> Why would "very fast hosts" send packets before they got an ACK telling them 
> that the channel is open ? Is it allowed by the SOCKS protocol ?

 

very fast hosts - I am referring to the host you are connecting to over SOCKS 
(not the host that is initiating the SOCKS request).

 

HostA (SOCKS) -> SSHD -> HostB

HostA requests connection via SOCKS/SSHD to Host B - SocksInitRequest

SSHD replies SocksInitReply

HostA requests command connect via SOCKS/SSHD

SSHD connects to HostB

HostB sends first packets to SSHD 

SSHD sends these packets to HostA

SSHD replies SOCKS command connection open to HostA

 

> Race condition when using SOCKS connections
> -------------------------------------------
>
>                 Key: SSHD-828
>                 URL: https://issues.apache.org/jira/browse/SSHD-828
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 1.7.0
>            Reporter: Gavin Camp
>            Priority: Major
>         Attachments: patch.diff
>
>
> There is a race condition when using SOCKS proxies with the SSHD server.  
> After the initial SOCKS negotiation the SOCKS proxy creates a channel.  When 
> notified that the SOCKS channel is open the SOCKS proxy then sends the final 
> accept SOCK packet.  However there is a timing issue where very fast hosts 
> could have already sent a packet over the now open channel - which will 
> arrive at the client before the final SOCKS proxy packet.  This confuses the 
> SOCKS client connected to the server as its expected a SOCKS packet and 
> instead gets a packet from the underlying stream.
> While this isn't a huge issue for us, given that we have the patch, this 
> could render the SOCKS implementation useless for some users.
> Attached is a rough patch the corrects the issue.
> Note: as we are just using SSHD for testing I wasn't overly concerned with 
> error checking or avoiding synchronization - I'm just providing it to help 
> illustrate the issue.  Also you can ignore the pom and check-style changes I 
> just disabled them for an easier life.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to