[erlang-bugs] ssh2_msg_channel_failure

Ingela Anderton Andin <>
Wed Apr 25 10:34:49 CEST 2012


Hi!

Daniel Goertzen wrote:
> The channel number on the putty side is 0x100, and on the Erlang side 
> it is 0x0.  Erlang is responding to SSH_MSG_CHANNEL_REQUEST using 0x0, 
> however RFC4254 says the responses should be...
>
>
>       byte      SSH_MSG_CHANNEL_SUCCESS
>       uint32    recipient channel
>
>
>       byte      SSH_MSG_CHANNEL_FAILURE
>       uint32    recipient channel
>   
>
>
> ...and I interpret "recipient channel" as being the Putty side, which 
> is 0x100.  Putty seems to cope when Erlang returns SUCCESS, but blows 
> up when Erlang returns a FAILURE.
>

Yes that is correct I remember correcting such a bug a long time ago, 
checking the code however there seems to be one error handling case that 
I missed.  Could you check if
the following patch resolves your issue Fyodor?

diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl
index 46f0c7e..8574e08 100644
--- a/lib/ssh/src/ssh_connection.erl
+++ b/lib/ssh/src/ssh_connection.erl
@@ -720,10 +720,12 @@ handle_msg(#ssh_msg_channel_request{request_type = 
"env"},

 handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId,
                                    request_type = _Other,
-                                   want_reply = WantReply}, Connection,
+                                   want_reply = WantReply},  
#connection{channel_cache = Cache} = Connection,
           ConnectionPid, _) ->
     if WantReply == true ->
-           FailMsg = channel_failure_msg(ChannelId),
+           #channel{remote_id = RemoteId} = ChannelId =
+               ssh_channel:cache_lookup(Cache, ChannelId),
+           FailMsg = channel_failure_msg(RemoteId),
            {{replies, [{connection_reply, ConnectionPid, FailMsg}]},
             Connection};
        true ->


> I could imagine this passing automated tests when both ends number 
> their channels starting from 0.  I bet randomizing the channel numbers 
> would reveal this and maybe other issues.
>
> Dan.
>
I think you have a valid point however we have to change the 
implementation in one way or an other to do that and that has not been 
prioritized.


Regards Ingela Erlang/OTP team -Ericsson AB

>
> On Tue, Apr 24, 2012 at 11:22 AM, Fyodor Ustinov < 
> <mailto:>> wrote:
>
>     Hi!
>
>     I added this patch - did not help.
>
>     http://blog.ufm.su/putty.log - this putty log.
>
>
>         Hi!
>
>         This might be a symptom of the "close race-condition"-bug
>          reported by Daniel. The patch for that bug is
>
>         diff --git a/lib/ssh/src/ssh_channel.erl
>         b/lib/ssh/src/ssh_channel.erl
>         index 7b600ed..1938858 100644
>         --- a/lib/ssh/src/ssh_channel.erl
>         +++ b/lib/ssh/src/ssh_channel.erl
>         @@ -1,7 +1,7 @@
>         %%
>         %% %CopyrightBegin%
>         %%
>         -%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
>         +%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
>         %%
>         %% The contents of this file are subject to the Erlang Public
>         License,
>         %% Version 1.1, (the "License"); you may not use this file
>         except in
>         @@ -215,7 +215,7 @@ handle_info({ssh_cm, ConnectionManager,
>         {closed, ChannelId}},
>                          close_sent = false} = State) ->
>            %% To be on the safe side, i.e. the manager has already
>         been terminated.
>            (catch ssh_connection:close(ConnectionManager, ChannelId)),
>         -    {stop, normal, State};
>         +    {stop, normal, State#state{close_sent = true}};
>
>         handle_info({ssh_cm, _, _} = Msg, #state{cm = ConnectionManager,
>                               channel_cb = Module,
>         diff --git a/lib/ssh/src/ssh_connection_manager.erl
>         b/lib/ssh/src/ssh_connection_manager.erl
>         index e993f59..8c1f88e 100644
>         --- a/lib/ssh/src/ssh_connection_manager.erl
>         +++ b/lib/ssh/src/ssh_connection_manager.erl
>         @@ -384,9 +384,10 @@ handle_call({close, ChannelId}, _,
>                   #state{connection = Pid, connection_state =
>                          #connection{channel_cache = Cache}} = State) ->
>            case ssh_channel:cache_lookup(Cache, ChannelId) of
>         -       #channel{remote_id = Id} ->
>         +       #channel{remote_id = Id} = Channel ->
>                   send_msg({connection_reply, Pid,
>                             ssh_connection:channel_close_msg(Id)}),
>         +           ssh_channel:cache_update(Cache,
>         Channel#channel{sent_close = true}),
>                   {reply, ok, State};
>               undefined ->
>                   {reply, ok, State}
>
>
>         Regards Ingela Erlang/OTP  team - Ericsson AB
>
>         Daniel Goertzen wrote:
>
>             Under Putty Session->Logging can you turn on "SSH Packets"
>             and post the log showing the error?
>
>             Dan.
>
>             On Sun, Apr 22, 2012 at 3:58 AM, Fyodor Ustinov
>             < <mailto:> <mailto:
>             <mailto:>>> wrote:
>
>                Hi!
>
>                Windows ssh client PuTTY show message  "Disconnected:
>             Received
>                SSH2_MSG_CHANNEL_FAILURE for nonexistent channel 0"
>             while working
>                with erlang ssh daemon.
>
>                Erlang R15B01 (erts-5.9.1) [source] [64-bit] [smp:8:8]
>                [async-threads:0] [kernel-poll:false]
>
>                WBR,
>                   Fyodor.
>
>                _______________________________________________
>                erlang-bugs mailing list
>                 <mailto:>
>             <mailto:
>             <mailto:>>
>                http://erlang.org/mailman/listinfo/erlang-bugs
>
>
>
>
>             -- 
>             *Daniel Goertzen | Senior Software Engineer*
>             Office: 828.610.4596 <tel:828.610.4596> | Fax:
>             828.322.5294 <tel:828.322.5294> |
>             
>             <mailto:>
>             <mailto:
>             <mailto:>>
>             *Network Integrity Systems | We Bring Security To Light™*
>
>             1937 Tate Blvd. SE
>
>             Hickory, North Carolina, USA 28602
>
>             /Network Integrity Systems’ INTERCEPTOR™ Optical Network
>             Security System is a Smart-PDS™ that ensures superior
>             protection and cost effectiveness of classified networks.
>              For more information, visit our website
>             at:www.networkintegritysystems.com
>             <http://www.networkintegritysystems.com>
>             <http://www.networkintegritysystems.com/>./
>
>
>             __________________________________________
>             INTERCEPTOR™ Optical Network Security System is made in
>             the USA for the USA. Although not an export controlled
>             item, because of the role it plays in the assurance of the
>             safety and integrity of National Security Information,
>             Network Integrity Systems (NIS) is committed to compliance
>             with the U.S. Export Administration Act. Accordingly, NIS
>             will not ship INTERCEPTOR products to certain foreign
>             government end users without U.S. government approval and
>             will refuse transactions with individuals or entities that
>             have been denied export privileges.
>
>
>             ------------------------------------------------------------------------
>
>             _______________________________________________
>             erlang-bugs mailing list
>              <mailto:>
>             http://erlang.org/mailman/listinfo/erlang-bugs
>
>
>
>     _______________________________________________
>     erlang-bugs mailing list
>      <mailto:>
>     http://erlang.org/mailman/listinfo/erlang-bugs
>
>
>
>
> -- 
> *Daniel Goertzen | Senior Software Engineer*
> Office: 828.610.4596 | Fax: 828.322.5294 |  
> <mailto:>
> *Network Integrity Systems | We Bring Security To Light™*
>
> 1937 Tate Blvd. SE
>
> Hickory, North Carolina, USA 28602
>
> /Network Integrity Systems’ INTERCEPTOR™ Optical Network Security 
> System is a Smart-PDS™ that ensures superior protection and cost 
> effectiveness of classified networks.  For more information, visit our 
> website at:www.networkintegritysystems.com 
> <http://www.networkintegritysystems.com/>./
>
>
> __________________________________________
> INTERCEPTOR™ Optical Network Security System is made in the USA for 
> the USA. Although not an export controlled item, because of the role 
> it plays in the assurance of the safety and integrity of National 
> Security Information, Network Integrity Systems (NIS) is committed to 
> compliance with the U.S. Export Administration Act. Accordingly, NIS 
> will not ship INTERCEPTOR products to certain foreign government end 
> users without U.S. government approval and will refuse transactions 
> with individuals or entities that have been denied export privileges.
>
>



More information about the erlang-bugs mailing list