[erlang-patches] yet another ssh bug

Claes Wikstrom klacke@REDACTED
Fri Dec 28 15:03:58 CET 2007


This fatso bug is also triggered by the putty 0.60 client

Whenever recv_msg() returns an actual error, we loop
indefinitely. Tcp_closed is never received, since it is already
received when we were in passive mode.

It basically means that all all OTP ssh systems out there
that expose ssh outwards can be easily brought out of
service simply by trying to connect with putty 0.60 to them
and then exit putty.



Index: ssh_transport.erl
===================================================================
--- ssh_transport.erl   (revision 14365)
+++ ssh_transport.erl   (working copy)
@@ -733,9 +733,17 @@
                     inet:setopts(S, [{active, once}]),
                     ssh_main(S, User, SSH);
                 {error, _Other} ->
-                   inet:setopts(S, [{active, once}]),
-                   %% send disconnect!
-                   ssh_main(S, User, SSH)
+                   %% socket may or may not be closed, regardless
+                   %% we close again
+                   %% discon msg may be sent.
+                   User ! {
+                     ssh_msg, self(),
+                     #ssh_msg_disconnect {
+                                    code=?SSH_DISCONNECT_CONNECTION_LOST,
+                                    description = "Connection closed",
+                                    language = "" }},
+                   gen_tcp:close(S),
+                   ok
             end;



/klacke





More information about the erlang-patches mailing list