[erlang-bugs] ssh2_msg_channel_failure

Daniel Goertzen <>
Tue Apr 24 20:16:28 CEST 2012


The channel number on the putty side is 0x100, and on the Erlang side it is
0x0.  Erlang is responding to SSH_MSG_CHANNEL_REQUEST using 0x0, however
RFC4254 says the responses should be...



      byte      SSH_MSG_CHANNEL_SUCCESS
      uint32    recipient channel


      byte      SSH_MSG_CHANNEL_FAILURE
      uint32    recipient channel



...and I interpret "recipient channel" as being the Putty side, which is
0x100.  Putty seems to cope when Erlang returns SUCCESS, but blows up when
Erlang returns a FAILURE.

I could imagine this passing automated tests when both ends number their
channels starting from 0.  I bet randomizing the channel numbers would
reveal this and maybe other issues.

Dan.



On Tue, Apr 24, 2012 at 11:22 AM, Fyodor Ustinov <> wrote:

> Hi!
>
> I added this patch - did not help.
>
> http://blog.ufm.su/putty.log - this putty log.
>
>
>  Hi!
>>
>> This might be a symptom of the "close race-condition"-bug  reported by
>> Daniel. The patch for that bug is
>>
>> diff --git a/lib/ssh/src/ssh_channel.erl b/lib/ssh/src/ssh_channel.erl
>> index 7b600ed..1938858 100644
>> --- a/lib/ssh/src/ssh_channel.erl
>> +++ b/lib/ssh/src/ssh_channel.erl
>> @@ -1,7 +1,7 @@
>> %%
>> %% %CopyrightBegin%
>> %%
>> -%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
>> +%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
>> %%
>> %% The contents of this file are subject to the Erlang Public License,
>> %% Version 1.1, (the "License"); you may not use this file except in
>> @@ -215,7 +215,7 @@ handle_info({ssh_cm, ConnectionManager, {closed,
>> ChannelId}},
>>                  close_sent = false} = State) ->
>>    %% To be on the safe side, i.e. the manager has already been
>> terminated.
>>    (catch ssh_connection:close(**ConnectionManager, ChannelId)),
>> -    {stop, normal, State};
>> +    {stop, normal, State#state{close_sent = true}};
>>
>> handle_info({ssh_cm, _, _} = Msg, #state{cm = ConnectionManager,
>>                       channel_cb = Module,
>> diff --git a/lib/ssh/src/ssh_connection_**manager.erl
>> b/lib/ssh/src/ssh_connection_**manager.erl
>> index e993f59..8c1f88e 100644
>> --- a/lib/ssh/src/ssh_connection_**manager.erl
>> +++ b/lib/ssh/src/ssh_connection_**manager.erl
>> @@ -384,9 +384,10 @@ handle_call({close, ChannelId}, _,
>>           #state{connection = Pid, connection_state =
>>                  #connection{channel_cache = Cache}} = State) ->
>>    case ssh_channel:cache_lookup(**Cache, ChannelId) of
>> -       #channel{remote_id = Id} ->
>> +       #channel{remote_id = Id} = Channel ->
>>           send_msg({connection_reply, Pid,
>>                     ssh_connection:channel_close_**msg(Id)}),
>> +           ssh_channel:cache_update(**Cache, Channel#channel{sent_close
>> = true}),
>>           {reply, ok, State};
>>       undefined ->
>>           {reply, ok, State}
>>
>>
>> Regards Ingela Erlang/OTP  team - Ericsson AB
>>
>> Daniel Goertzen wrote:
>>
>>> Under Putty Session->Logging can you turn on "SSH Packets" and post the
>>> log showing the error?
>>>
>>> Dan.
>>>
>>> On Sun, Apr 22, 2012 at 3:58 AM, Fyodor Ustinov < <mailto:
>>> >> wrote:
>>>
>>>    Hi!
>>>
>>>    Windows ssh client PuTTY show message  "Disconnected: Received
>>>    SSH2_MSG_CHANNEL_FAILURE for nonexistent channel 0" while working
>>>    with erlang ssh daemon.
>>>
>>>    Erlang R15B01 (erts-5.9.1) [source] [64-bit] [smp:8:8]
>>>    [async-threads:0] [kernel-poll:false]
>>>
>>>    WBR,
>>>       Fyodor.
>>>
>>>    ______________________________**_________________
>>>    erlang-bugs mailing list
>>>     <mailto:**>
>>>    http://erlang.org/mailman/**listinfo/erlang-bugs<http://erlang.org/mailman/listinfo/erlang-bugs>
>>>
>>>
>>>
>>>
>>> --
>>> *Daniel Goertzen | Senior Software Engineer*
>>> Office: 828.610.4596 | Fax: 828.322.5294 | 
>>> **com <> <mailto:dang@**
>>> networkintegritysystems.com <>>
>>> *Network Integrity Systems | We Bring Security To Light™*
>>>
>>> 1937 Tate Blvd. SE
>>>
>>> Hickory, North Carolina, USA 28602
>>>
>>> /Network Integrity Systems’ INTERCEPTOR™ Optical Network Security System
>>> is a Smart-PDS™ that ensures superior protection and cost effectiveness of
>>> classified networks.  For more information, visit our website at:www.**
>>> networkintegritysystems.com <http://www.networkintegritysystems.com> <
>>> http://www.**networkintegritysystems.com/<http://www.networkintegritysystems.com/>
>>> >.**/
>>>
>>>
>>> ______________________________**____________
>>> INTERCEPTOR™ Optical Network Security System is made in the USA for the
>>> USA. Although not an export controlled item, because of the role it plays
>>> in the assurance of the safety and integrity of National Security
>>> Information, Network Integrity Systems (NIS) is committed to compliance
>>> with the U.S. Export Administration Act. Accordingly, NIS will not ship
>>> INTERCEPTOR products to certain foreign government end users without U.S.
>>> government approval and will refuse transactions with individuals or
>>> entities that have been denied export privileges.
>>>
>>>
>>> ------------------------------**------------------------------**
>>> ------------
>>>
>>> ______________________________**_________________
>>> erlang-bugs mailing list
>>> 
>>> http://erlang.org/mailman/**listinfo/erlang-bugs<http://erlang.org/mailman/listinfo/erlang-bugs>
>>>
>>
>>
> ______________________________**_________________
> erlang-bugs mailing list
> 
> http://erlang.org/mailman/**listinfo/erlang-bugs<http://erlang.org/mailman/listinfo/erlang-bugs>
>



-- 
*Daniel Goertzen | Senior Software Engineer*
Office: 828.610.4596 | Fax: 828.322.5294 | 
*Network Integrity Systems | We Bring Security To Light™*

1937 Tate Blvd. SE****
Hickory, North Carolina, USA 28602

*Network Integrity Systems’ INTERCEPTOR™ Optical Network Security System is
a Smart-PDS™ that ensures superior protection and cost effectiveness of
classified networks.  For more information, visit our website at:
www.networkintegritysystems.com.*


__________________________________________
INTERCEPTOR™ Optical Network Security System is made in the USA for the
USA. Although not an export controlled item, because of the role it plays
in the assurance of the safety and integrity of National Security
Information, Network Integrity Systems (NIS) is committed to compliance
with the U.S. Export Administration Act. Accordingly, NIS will not ship
INTERCEPTOR products to certain foreign government end users without U.S.
government approval and will refuse transactions with individuals or
entities that have been denied export privileges.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20120424/c6b969c4/attachment-0001.html>


More information about the erlang-bugs mailing list