1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
From 7ce93c802065cd926e7cbfd10e629f3a2d352301 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 1 Jan 2017 15:21:10 +0000
Subject: Make integrity tests more robust against timeouts
If the first test in a series for a given MAC happens to modify the low
bytes of a packet length, then ssh will time out and this will be
interpreted as a test failure. Handle this failure mode.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2658
Patch-Name: regress-integrity-robust.patch
Last-Update: 2017-01-01
---
regress/integrity.sh | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/regress/integrity.sh b/regress/integrity.sh
index 39d310de..fd7d58bc 100644
--- a/regress/integrity.sh
+++ b/regress/integrity.sh
@@ -5,8 +5,6 @@ tid="integrity"
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
# start at byte 2900 (i.e. after kex) and corrupt at different offsets
-# XXX the test hangs if we modify the low bytes of the packet length
-# XXX and ssh tries to read...
tries=10
startoffset=2900
macs=`${SSH} -Q mac`
@@ -27,6 +25,7 @@ for m in $macs; do
elen=0
epad=0
emac=0
+ etmo=0
ecnt=0
skip=0
for off in `jot $tries $startoffset`; do
@@ -61,14 +60,16 @@ for m in $macs; do
Corrupted?MAC* | *message?authentication?code?incorrect*)
emac=`expr $emac + 1`; skip=0;;
padding*) epad=`expr $epad + 1`; skip=0;;
+ *Timeout,?server*)
+ etmo=`expr $etmo + 1`; skip=0;;
*) fail "unexpected error mac $m at $off: $out";;
esac
done
- verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen"
+ verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen timeout $etmo"
if [ $emac -eq 0 ]; then
fail "$m: no mac errors"
fi
- expect=`expr $ecnt - $epad - $elen`
+ expect=`expr $ecnt - $epad - $elen - $etmo`
if [ $emac -ne $expect ]; then
fail "$m: expected $expect mac errors, got $emac"
fi
|
