[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: HMAC error


Hello,

Looks like the bug I encountered, although I only use callbacks for server
and client parts.

I've posted a patch a few weeks ago in my public repo here:

http://git.libssh.org/users/milo/libssh.git/log/

If you want to try it, let me know how it goes.

milo
 Le 8 juil. 2012 10:26, "Aviv Zilberman" <Aviv.Zilberman@xxxxxxxxxxx> a
écrit :

>  *Hi Aris,*
>
> * *
>
> *My code is very basic and doesn’t include recursive call.*
>
> * *
>
> ssh_channel channels[2] = { 0 };****
>
> channels[0] = chan;****
>
> sel_code = ssh_select(channels, outchannels, maxFD + 1, &my_fd_set,
> p_timeval);****
>
> if (sel_code == SSH_OK) {****
>
>                 if (outchannels[0])****
>
> ssh_channel_read_nonblocking(chan, buf, numBytesToRead, 0);****
>
> }****
>
> * *
>
> *As far as I can see there is a recursive call in libssh.*
>
> * *
>
> int *ssh_packet_socket_callback*(const void *data, size_t receivedlen,
> void *user)****
>
> {****
>
> …****
>
>       if(processed < receivedlen){****
>
>                 /* Handle a potential packet left in socket buffer */****
>
>                 ssh_log(session,SSH_LOG_PACKET,"Processing %" PRIdS "
> bytes left in socket buffer", receivedlen-processed);****
>
>                 rc = *ssh_packet_socket_callback*((char *)data +
> processed, receivedlen - processed,user);****
>
>                 processed += rc;****
>
>       }****
>
> …****
>
> }****
>
> ** **
>
> *I suspect there is a problem receiving large payload.*
>
> *I notice that buffer size in call to “recv” is currently set to 4096.*
>
> *I will try to increase it and let you know if it solved my problem …*
>
> ** **
>
> *Thanks in advance,*
>
> *Aviv*
>
> * *
>
> *From:* Aris Adamantiadis [mailto:aris@xxxxxxxxxxxx]
> *Sent:* Friday, July 06, 2012 11:51 AM
> *To:* libssh@xxxxxxxxxx
> *Subject:* Re: HMAC error****
>
> ** **
>
> Hello,
>
> Sorry I took so much time to answer.
> Unfortunately I don't understand what's happening there.
> These three lines :
>
> leaving function ssh_packet_socket_callback line 294 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c
> leaving function ssh_packet_socket_callback line 282 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c
> leaving function ssh_packet_socket_callback line 282 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c
> leaving function ssh_packet_socket_callback line 282 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c*1* entering
> function
>
> Show that at some point, there was some recursion which is not expected in
> libssh.
> Do you use callbacks ? It is unsafe to use ssh_channel_read-like function
> calls inside callback processing.
> A sample of your code would help a lot.
>
> Thx,
>
> Aris
>
>
>
> Le 2/07/12 15:07, Aviv Zilberman a écrit :****
>
> *Hi,*****
>
> * *****
>
> *I moved my application to single process but I am still facing HMAC
> error.*****
>
> *Below is a snap of the last few lines in log.*****
>
> * *****
>
> *Thanks in advance,*****
>
> *Aviv *****
>
>  ****
>
>  ****
>
> entering function ssh_channel_poll line 2495 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/channels.c****
>
> entering function ssh_handle_packets line 446 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/session.c****
>
> entering function ssh_packet_socket_callback line 138 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> Read a 1340 bytes packet****
>
> Decrypting 1328 bytes****
>
> 20 bytes padding, 1339 bytes left in buffer****
>
> After padding, 1319 bytes left in buffer****
>
> entering function ssh_packet_parse_type line 406 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> Final size 1319****
>
> Type 94****
>
> leaving function ssh_packet_parse_type line 426 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> entering function ssh_packet_process line 342 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> Dispatching handler for packet type 94****
>
> entering function channel_rcv_data line 461 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/channels.c****
>
> Channel receiving 1310 bytes data in 0 (local win=93430 remote win=36320)*
> ***
>
> placing 1310 bytes into channel buffer (stderr=0)****
>
> Channel windows are now (local win=92120 remote win=36320)****
>
> leaving function channel_rcv_data line 549 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/channels.c****
>
> leaving function ssh_packet_process line 369 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> Processing 3044 bytes left in socket buffer****
>
> entering function ssh_packet_socket_callback line 138 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> Decrypting 16 bytes****
>
> Packet size decrypted: 1340 (0x53c)****
>
> Read a 1340 bytes packet****
>
> Decrypting 1328 bytes****
>
> 20 bytes padding, 1339 bytes left in buffer****
>
> After padding, 1319 bytes left in buffer****
>
> entering function ssh_packet_parse_type line 406 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> Final size 1319****
>
> Type 94****
>
> leaving function ssh_packet_parse_type line 426 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> entering function ssh_packet_process line 342 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> Dispatching handler for packet type 94****
>
> entering function channel_rcv_data line 461 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/channels.c****
>
> Channel receiving 1310 bytes data in 0 (local win=92120 remote win=36320)*
> ***
>
> placing 1310 bytes into channel buffer (stderr=0)****
>
> Channel windows are now (local win=90810 remote win=36320)****
>
> leaving function channel_rcv_data line 549 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/channels.c****
>
> leaving function ssh_packet_process line 369 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> Processing 1680 bytes left in socket buffer****
>
> entering function ssh_packet_socket_callback line 138 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> Decrypting 16 bytes****
>
> Packet size decrypted: 28 (0x1c)****
>
> Read a 28 bytes packet****
>
> Decrypting 16 bytes****
>
> 18 bytes padding, 27 bytes left in buffer****
>
> After padding, 9 bytes left in buffer****
>
> entering function ssh_packet_parse_type line 406 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> Final size 9****
>
> Type 93****
>
> leaving function ssh_packet_parse_type line 426 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> entering function ssh_packet_process line 342 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> Dispatching handler for packet type 93****
>
> entering function channel_rcv_change_window line 423 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/channels.c****
>
> Adding 64 bytes to channel (43:85460946) (from 36320 bytes)****
>
> leaving function channel_rcv_change_window line 448 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/channels.c****
>
> leaving function ssh_packet_process line 369 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> Processing 1628 bytes left in socket buffer****
>
> entering function ssh_packet_socket_callback line 138 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> Decrypting 16 bytes****
>
> Packet size decrypted: 1340 (0x53c)****
>
> Read a 1340 bytes packet****
>
> Decrypting 1328 bytes****
>
> Error : HMAC error****
>
> leaving function ssh_packet_socket_callback line 294 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> leaving function ssh_packet_socket_callback line 282 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> leaving function ssh_packet_socket_callback line 282 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c****
>
> leaving function ssh_packet_socket_callback line 282 in
> /auto/ns_nm/users/azilber/SSH/libssh/libssh-0.5.1/src/packet.c*1* entering
> function ****
>
> This e-mail message is intended for the recipient only and contains
> information which is CONFIDENTIAL and which may be proprietary to ECI
> Telecom. If you have received this transmission in error, please inform us
> by e-mail, phone or fax, and then delete the original and all copies
> thereof. ****
>
> ** **
>
> This e-mail message is intended for the recipient only and contains
> information which is CONFIDENTIAL and which may be proprietary to ECI
> Telecom. If you have received this transmission in error, please inform us
> by e-mail, phone or fax, and then delete the original and all copies
> thereof.
>

References:
HMAC errorAviv Zilberman <Aviv.Zilberman@xxxxxxxxxxx>
Re: HMAC errorAris Adamantiadis <aris@xxxxxxxxxxxx>
RE: HMAC errorAviv Zilberman <Aviv.Zilberman@xxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org