New issue
Advanced search Search tips

Issue 671041 link

Starred by 1 user
Status: Verified
Owner:
joedow@chromium.org
Closed: Dec 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

[Posix][Security Key] Some SSH commands are not correctly handled

Project Member Reported by joedow@chromium.org, Dec 4 2016 
This issue was reported by an SK user.  Basically certain commands are forwarded to the remote machine, but the response was not correctly handled.

I looked into this and it appears that our SK handler is closing the socket and killing the active connection if it receives an EOF from the local socket before receiving the response from the remote machine.
Project Member

Comment 1 by bugdroid1@chromium.org, Dec 20 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cb5a2ea87efd87a693c43a79cd1bde92a91b78cd

commit cb5a2ea87efd87a693c43a79cd1bde92a91b78cd
Author: joedow <joedow@chromium.org>
Date: Tue Dec 20 02:28:51 2016

Updating SecurityKeyAuthHandlerPosix socket lifetime management

This change fixes two problems:
1.) Security key responses would not be delivered if the read end of
    the socket was closed before the response was received.  This
    should be allowed since the write end was still open.
2.) An SSH error was always written when the socket was closed.  This
    was misleading when no error occrred and the socket was being
    closed for a valid reason.

The old behavior would close the socket as soon as a read returned 0
bytes (or an error).  The auth handler would read a request and forward
it to the remote machine, then immediately try to read another request.
If the code on the other end had closed its side of the connection, the
auth handler would receive EOF and close the socket.  It would also
write an error to the write end of the socket which was also wrong.

The simpler change is to only write an error if the request timed out or
if we encountered a socket read error.  Otherwise we just close our end
of the socket and the listener receives an EOF.

The bigger change is that we no longer queue up another socket read
operation until after we have received the response from the remote
machine.  The SecurityKeySocket is meant to receive and respond to one
request at a time (per its class comments), and this new behavior also
makes lifetime management of the socket less complex.

BUG= 671041 

Review-Url: https://codereview.chromium.org/2589933002
Cr-Commit-Position: refs/heads/master@{#439675}

[modify] https://crrev.com/cb5a2ea87efd87a693c43a79cd1bde92a91b78cd/remoting/host/security_key/security_key_auth_handler_posix.cc
[modify] https://crrev.com/cb5a2ea87efd87a693c43a79cd1bde92a91b78cd/remoting/host/security_key/security_key_auth_handler_posix_unittest.cc
[modify] https://crrev.com/cb5a2ea87efd87a693c43a79cd1bde92a91b78cd/remoting/host/security_key/security_key_socket.cc
[modify] https://crrev.com/cb5a2ea87efd87a693c43a79cd1bde92a91b78cd/remoting/host/security_key/security_key_socket.h

Comment 2 by joedow@chromium.org, Dec 20 2016

Status: Verified (was: Assigned)

Sign in to add a comment