[jira] [Commented] (SSHD-828) Race condition when using SOCKS connections

Tue, 19 Jun 2018 03:37:29 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16516924#comment-16516924
 ] 

Gavin Camp commented on SSHD-828:
---------------------------------

The best fix would be to notify the socks/proxy implementation that the channel 
is active before actually allowing any packets to flow over it, thus allowing 
the socks/proxy implementation to send the final socks packet before any 
packets from the channel.

 

That is, ensure that any listeners add to the channel e.g.

channel.open().addListener(this::onChannelOpened);

are always called before allowing any packets to flow over the channel.

 

> Race condition when using SOCKS connections
> -------------------------------------------
>
>                 Key: SSHD-828
>                 URL: https://issues.apache.org/jira/browse/SSHD-828
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 1.7.0
>            Reporter: Gavin Camp
>            Priority: Major
>         Attachments: patch.diff
>
>
> There is a race condition when using SOCKS proxies with the SSHD server.  
> After the initial SOCKS negotiation the SOCKS proxy creates a channel.  When 
> notified that the SOCKS channel is open the SOCKS proxy then sends the final 
> accept SOCK packet.  However there is a timing issue where very fast hosts 
> could have already sent a packet over the now open channel - which will 
> arrive at the client before the final SOCKS proxy packet.  This confuses the 
> SOCKS client connected to the server as its expected a SOCKS packet and 
> instead gets a packet from the underlying stream.
> While this isn't a huge issue for us, given that we have the patch, this 
> could render the SOCKS implementation useless for some users.
> Attached is a rough patch the corrects the issue.
> Note: as we are just using SSHD for testing I wasn't overly concerned with 
> error checking or avoiding synchronization - I'm just providing it to help 
> illustrate the issue.  Also you can ignore the pom and check-style changes I 
> just disabled them for an easier life.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to