summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2012-07-07 02:02:14 +0200
committerSalvatore Bonaccorso <carnil@debian.org>2012-07-07 02:34:08 +0200
commit731877c6a8874d0d19265298c8ef78e44955156e (patch)
treec1f6b7c923f06ae62c6e1ffdf5d711ecbadac164
parent1556cca70ca8a75f2df8bed21ec021bac03e55a7 (diff)
downloadpython-paramiko-731877c6a8874d0d19265298c8ef78e44955156e.tar
python-paramiko-731877c6a8874d0d19265298c8ef78e44955156e.tar.gz
Add Fix-SSHException-when-re-keying-over-a-fast-connection.patch patch
Fix bug "Transfers fail after 1GB; rekeying window too small". Closes: #659007
-rw-r--r--debian/patches/Fix-SSHException-when-re-keying-over-a-fast-connection.patch75
-rw-r--r--debian/patches/series1
2 files changed, 76 insertions, 0 deletions
diff --git a/debian/patches/Fix-SSHException-when-re-keying-over-a-fast-connection.patch b/debian/patches/Fix-SSHException-when-re-keying-over-a-fast-connection.patch
new file mode 100644
index 0000000..62f0a07
--- /dev/null
+++ b/debian/patches/Fix-SSHException-when-re-keying-over-a-fast-connection.patch
@@ -0,0 +1,75 @@
+Description: Fix SSHException when re-keying over a fast connection
+Origin: https://github.com/dlitz/paramiko/commit/c51b3b208c228fe6482ef00b3572a19683e7bb98
+Bug: https://github.com/paramiko/paramiko/issues/49
+Bug-Debian: http://bugs.debian.org/659007
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2012-07-07
+
+--- a/paramiko/packet.py
++++ b/paramiko/packet.py
+@@ -57,8 +57,11 @@
+
+ # READ the secsh RFC's before raising these values. if anything,
+ # they should probably be lower.
+- REKEY_PACKETS = pow(2, 30)
+- REKEY_BYTES = pow(2, 30)
++ REKEY_PACKETS = pow(2, 29)
++ REKEY_BYTES = pow(2, 29)
++
++ REKEY_PACKETS_OVERFLOW_MAX = pow(2,29) # Allow receiving this many packets after a re-key request before terminating
++ REKEY_BYTES_OVERFLOW_MAX = pow(2,29) # Allow receiving this many bytes after a re-key request before terminating
+
+ def __init__(self, socket):
+ self.__socket = socket
+@@ -74,6 +77,7 @@
+ self.__sent_packets = 0
+ self.__received_bytes = 0
+ self.__received_packets = 0
++ self.__received_bytes_overflow = 0
+ self.__received_packets_overflow = 0
+
+ # current inbound/outbound ciphering:
+@@ -134,6 +138,7 @@
+ self.__mac_key_in = mac_key
+ self.__received_bytes = 0
+ self.__received_packets = 0
++ self.__received_bytes_overflow = 0
+ self.__received_packets_overflow = 0
+ # wait until the reset happens in both directions before clearing rekey flag
+ self.__init_count |= 2
+@@ -316,6 +321,7 @@
+ # only ask once for rekeying
+ self._log(DEBUG, 'Rekeying (hit %d packets, %d bytes sent)' %
+ (self.__sent_packets, self.__sent_bytes))
++ self.__received_bytes_overflow = 0
+ self.__received_packets_overflow = 0
+ self._trigger_rekey()
+ finally:
+@@ -368,19 +374,23 @@
+ self.__sequence_number_in = (self.__sequence_number_in + 1) & 0xffffffffL
+
+ # check for rekey
+- self.__received_bytes += packet_size + self.__mac_size_in + 4
++ raw_packet_size = packet_size + self.__mac_size_in + 4
++ self.__received_bytes += raw_packet_size
+ self.__received_packets += 1
+ if self.__need_rekey:
+- # we've asked to rekey -- give them 20 packets to comply before
++ # we've asked to rekey -- give them some packets to comply before
+ # dropping the connection
++ self.__received_bytes_overflow += raw_packet_size
+ self.__received_packets_overflow += 1
+- if self.__received_packets_overflow >= 20:
++ if (self.__received_packets_overflow >= self.REKEY_PACKETS_OVERFLOW_MAX) or \
++ (self.__received_bytes_overflow >= self.REKEY_BYTES_OVERFLOW_MAX):
+ raise SSHException('Remote transport is ignoring rekey requests')
+ elif (self.__received_packets >= self.REKEY_PACKETS) or \
+ (self.__received_bytes >= self.REKEY_BYTES):
+ # only ask once for rekeying
+ self._log(DEBUG, 'Rekeying (hit %d packets, %d bytes received)' %
+ (self.__received_packets, self.__received_bytes))
++ self.__received_bytes_overflow = 0
+ self.__received_packets_overflow = 0
+ self._trigger_rekey()
+
diff --git a/debian/patches/series b/debian/patches/series
index 3ad788b..d6dadb3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
hostkey.patch
+Fix-SSHException-when-re-keying-over-a-fast-connection.patch