[
https://issues.apache.org/jira/browse/SSHD-828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16512178#comment-16512178
]
Gavin Camp commented on SSHD-828:
---------------------------------
As I said the patch could be confusing because I don't fix the underlying
issue. I work around it using a different flow.
The underlying issue is that the packets from HostB are sent to HostA, before
SHHD sends the socks command response to HostA.
So the better fix would be to delay the packets from HostB until SSH has sent
the socks command response to HostA.
However I couldn't see an easy way to do this.
So instead of this in the patch I immediately send the socks command response
to HostA, to make sure its always sent before any packets from HostB.
The issue is now HostA thinks that the socks connection is active when actually
we could be still opening the connection to HostB.
So HostA could start sending packets to HostB at this point.
So I then have to buffer these packets until the connection to HostB is
actually open, at which point i then send on the packets.
> Race condition when using SOCKS connections
> -------------------------------------------
>
> Key: SSHD-828
> URL: https://issues.apache.org/jira/browse/SSHD-828
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 1.7.0
> Reporter: Gavin Camp
> Priority: Major
> Attachments: patch.diff
>
>
> There is a race condition when using SOCKS proxies with the SSHD server.
> After the initial SOCKS negotiation the SOCKS proxy creates a channel. When
> notified that the SOCKS channel is open the SOCKS proxy then sends the final
> accept SOCK packet. However there is a timing issue where very fast hosts
> could have already sent a packet over the now open channel - which will
> arrive at the client before the final SOCKS proxy packet. This confuses the
> SOCKS client connected to the server as its expected a SOCKS packet and
> instead gets a packet from the underlying stream.
> While this isn't a huge issue for us, given that we have the patch, this
> could render the SOCKS implementation useless for some users.
> Attached is a rough patch the corrects the issue.
> Note: as we are just using SSHD for testing I wasn't overly concerned with
> error checking or avoiding synchronization - I'm just providing it to help
> illustrate the issue. Also you can ignore the pom and check-style changes I
> just disabled them for an easier life.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
