From 20c169fb0db5df36ae31e65d4c0a4e91d4402bd9 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sat, 7 Jul 2012 02:02:14 +0200 Subject: Add Fix-SSHException-when-re-keying-over-a-fast-connection.patch patch Fix bug "Transfers fail after 1GB; rekeying window too small". Closes: #659007 --- ...ion-when-re-keying-over-a-fast-connection.patch | 75 ++++++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 76 insertions(+) create mode 100644 debian/patches/Fix-SSHException-when-re-keying-over-a-fast-connection.patch diff --git a/debian/patches/Fix-SSHException-when-re-keying-over-a-fast-connection.patch b/debian/patches/Fix-SSHException-when-re-keying-over-a-fast-connection.patch new file mode 100644 index 0000000..62f0a07 --- /dev/null +++ b/debian/patches/Fix-SSHException-when-re-keying-over-a-fast-connection.patch @@ -0,0 +1,75 @@ +Description: Fix SSHException when re-keying over a fast connection +Origin: https://github.com/dlitz/paramiko/commit/c51b3b208c228fe6482ef00b3572a19683e7bb98 +Bug: https://github.com/paramiko/paramiko/issues/49 +Bug-Debian: http://bugs.debian.org/659007 +Forwarded: not-needed +Author: Salvatore Bonaccorso +Last-Update: 2012-07-07 + +--- a/paramiko/packet.py ++++ b/paramiko/packet.py +@@ -57,8 +57,11 @@ + + # READ the secsh RFC's before raising these values. if anything, + # they should probably be lower. +- REKEY_PACKETS = pow(2, 30) +- REKEY_BYTES = pow(2, 30) ++ REKEY_PACKETS = pow(2, 29) ++ REKEY_BYTES = pow(2, 29) ++ ++ REKEY_PACKETS_OVERFLOW_MAX = pow(2,29) # Allow receiving this many packets after a re-key request before terminating ++ REKEY_BYTES_OVERFLOW_MAX = pow(2,29) # Allow receiving this many bytes after a re-key request before terminating + + def __init__(self, socket): + self.__socket = socket +@@ -74,6 +77,7 @@ + self.__sent_packets = 0 + self.__received_bytes = 0 + self.__received_packets = 0 ++ self.__received_bytes_overflow = 0 + self.__received_packets_overflow = 0 + + # current inbound/outbound ciphering: +@@ -134,6 +138,7 @@ + self.__mac_key_in = mac_key + self.__received_bytes = 0 + self.__received_packets = 0 ++ self.__received_bytes_overflow = 0 + self.__received_packets_overflow = 0 + # wait until the reset happens in both directions before clearing rekey flag + self.__init_count |= 2 +@@ -316,6 +321,7 @@ + # only ask once for rekeying + self._log(DEBUG, 'Rekeying (hit %d packets, %d bytes sent)' % + (self.__sent_packets, self.__sent_bytes)) ++ self.__received_bytes_overflow = 0 + self.__received_packets_overflow = 0 + self._trigger_rekey() + finally: +@@ -368,19 +374,23 @@ + self.__sequence_number_in = (self.__sequence_number_in + 1) & 0xffffffffL + + # check for rekey +- self.__received_bytes += packet_size + self.__mac_size_in + 4 ++ raw_packet_size = packet_size + self.__mac_size_in + 4 ++ self.__received_bytes += raw_packet_size + self.__received_packets += 1 + if self.__need_rekey: +- # we've asked to rekey -- give them 20 packets to comply before ++ # we've asked to rekey -- give them some packets to comply before + # dropping the connection ++ self.__received_bytes_overflow += raw_packet_size + self.__received_packets_overflow += 1 +- if self.__received_packets_overflow >= 20: ++ if (self.__received_packets_overflow >= self.REKEY_PACKETS_OVERFLOW_MAX) or \ ++ (self.__received_bytes_overflow >= self.REKEY_BYTES_OVERFLOW_MAX): + raise SSHException('Remote transport is ignoring rekey requests') + elif (self.__received_packets >= self.REKEY_PACKETS) or \ + (self.__received_bytes >= self.REKEY_BYTES): + # only ask once for rekeying + self._log(DEBUG, 'Rekeying (hit %d packets, %d bytes received)' % + (self.__received_packets, self.__received_bytes)) ++ self.__received_bytes_overflow = 0 + self.__received_packets_overflow = 0 + self._trigger_rekey() + diff --git a/debian/patches/series b/debian/patches/series index 3ad788b..d6dadb3 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,2 @@ hostkey.patch +Fix-SSHException-when-re-keying-over-a-fast-connection.patch -- cgit v1.2.3