[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [BUG] Recursion crash when calling ssh_channel_write()
[Thread Prev] | [Thread Next]
- Subject: Re: [BUG] Recursion crash when calling ssh_channel_write()
- From: Alberto Garcia <agarciaillera@xxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Wed, 13 Feb 2019 16:22:29 -0800
- To: libssh@xxxxxxxxxx
Forgot to add the callstack so you understand the code path the execution
takes when calling *ssh_channel_write*() . *my_fd_data_function* is the
callback set with ssh_event_add_fd()
[crash]
[.. more...]
VS-ssh-direct-tcp.exe!ssh_channel_write(ssh_channel_struct * channel, const
void * data, unsigned int len) Line 1403 C
VS-ssh-direct-tcp.exe!*my_fd_data_function*(unsigned int fd, int revents,
void * userdata) Line 460 C
VS-ssh-direct-tcp.exe!ssh_event_fd_wrapper_callback(ssh_poll_handle_struct
* p, unsigned int fd, int revents, void * userdata) Line 719 C
VS-ssh-direct-tcp.exe!ssh_poll_ctx_dopoll(ssh_poll_ctx_struct * ctx, int
timeout) Line 628 C
VS-ssh-direct-tcp.exe!ssh_handle_packets(ssh_session_struct * session,
int timeout) Line 630 C
VS-ssh-direct-tcp.exe!ssh_handle_packets_termination(ssh_session_struct *
session, int timeout, int(*)(void *) fct, void * user) Line 692 C
VS-ssh-direct-tcp.exe!ssh_blocking_flush(ssh_session_struct * session,
int timeout) Line 500 C
VS-ssh-direct-tcp.exe!ssh_channel_flush(ssh_channel_struct * channel)
Line 1222 C
VS-ssh-direct-tcp.exe!channel_write_common(ssh_channel_struct * channel,
const void * data, unsigned int len, int is_stderr) Line 1354 C
VS-ssh-direct-tcp.exe!ssh_channel_write(ssh_channel_struct * channel,
const void * data, unsigned int len) Line 1403 C
VS-ssh-direct-tcp.exe!*my_fd_data_function*(unsigned int fd, int revents,
void * userdata) Line 460 C
VS-ssh-direct-tcp.exe!ssh_event_fd_wrapper_callback(ssh_poll_handle_struct
* p, unsigned int fd, int revents, void * userdata) Line 719 C
VS-ssh-direct-tcp.exe!ssh_poll_ctx_dopoll(ssh_poll_ctx_struct * ctx, int
timeout) Line 628 C
VS-ssh-direct-tcp.exe!ssh_handle_packets(ssh_session_struct * session,
int timeout) Line 630 C
VS-ssh-direct-tcp.exe!ssh_handle_packets_termination(ssh_session_struct *
session, int timeout, int(*)(void *) fct, void * user) Line 692 C
VS-ssh-direct-tcp.exe!ssh_blocking_flush(ssh_session_struct * session, int
timeout) Line 500 C
VS-ssh-direct-tcp.exe!ssh_channel_flush(ssh_channel_struct * channel)
Line 1222 C
VS-ssh-direct-tcp.exe!channel_write_common(ssh_channel_struct * channel,
const void * data, unsigned int len, int is_stderr) Line 1354 C
VS-ssh-direct-tcp.exe!ssh_channel_write(ssh_channel_struct * channel,
const void * data, unsigned int len) Line 1403 C
VS-ssh-direct-tcp.exe!*my_fd_data_function*(unsigned int fd, int revents,
void * userdata) Line 460 C
VS-ssh-direct-tcp.exe!ssh_event_fd_wrapper_callback(ssh_poll_handle_struct
* p, unsigned int fd, int revents, void * userdata) Line 719 C
VS-ssh-direct-tcp.exe!ssh_poll_ctx_dopoll(ssh_poll_ctx_struct * ctx, int
timeout) Line 628 C
VS-ssh-direct-tcp.exe!ssh_handle_packets(ssh_session_struct * session,
int timeout) Line 630 C
VS-ssh-direct-tcp.exe!ssh_handle_packets_termination(ssh_session_struct *
session, int timeout, int(*)(void *) fct, void * user) Line 692 C
VS-ssh-direct-tcp.exe!ssh_blocking_flush(ssh_session_struct * session,
int timeout) Line 500 C
VS-ssh-direct-tcp.exe!ssh_channel_flush(ssh_channel_struct * channel)
Line 1222 C
VS-ssh-direct-tcp.exe!channel_write_common(ssh_channel_struct * channel,
const void * data, unsigned int len, int is_stderr) Line 1354 C
VS-ssh-direct-tcp.exe!ssh_channel_write(ssh_channel_struct * channel,
const void * data, unsigned int len) Line 1403 C
VS-ssh-direct-tcp.exe!*my_fd_data_function*(unsigned int fd, int revents,
void * userdata) Line 460 C
VS-ssh-direct-tcp.exe!ssh_event_fd_wrapper_callback(ssh_poll_handle_struct
* p, unsigned int fd, int revents, void * userdata) Line 719 C
VS-ssh-direct-tcp.exe!ssh_poll_ctx_dopoll(ssh_poll_ctx_struct * ctx, int
timeout) Line 628 C
VS-ssh-direct-tcp.exe!ssh_event_dopoll(ssh_event_struct * event, int
timeout) Line 888 C
VS-ssh-direct-tcp.exe!per_conn_thread(void * args) Line 1068 C
On Wed, Feb 13, 2019 at 4:19 PM Alberto Garcia <agarciaillera@xxxxxxxxx>
wrote:
> Hi,
>
> I think I found a bug in libssh. It happens when calling
> *ssh_channel_write()* (which gets called in the callback set by
> ssh_set_channel_callbacks()).
>
> The problem is that for some reason ssh_channel_write() ends up calling *ssh_poll_ctx_dopoll()
> *which at the same time will call the callback set
> with ssh_set_channel_callbacks() which again will call
> *ssh_channel_write().*
>
> If there are a lot of connections in the queue for
> *ssh_poll_ctx_dopoll() * to consume then recursion will happen and the
> crash will arise.
>
> *ssh_channel_write()* should do what it says, just writing to a channel
> and not calling *ssh_poll_ctx_dopoll() *again since if there other
> socket to read from recursion will happens and it will crash.
>
> Cheer
>
> --
> Alberto García Illera
>
> GPG Public Key <https://goo.gl/yshdwh>
>
--
Alberto García Illera
GPG Public Key <https://goo.gl/yshdwh>
| Re: [BUG] Recursion crash when calling ssh_channel_write() | g4-lisz@xxxxxxxxxxxx |
| [BUG] Recursion crash when calling ssh_channel_write() | Alberto Garcia <agarciaillera@xxxxxxxxx> |