Date: Thu, 31 Jul 2008 17:45:36 +0200 From: Patrick =?ISO-8859-15?Q?Lamaizi=E8re?= <patfbsd@davenulle.org> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: current@freebsd.org Subject: Re: Recent Padlock changes break ssh Message-ID: <20080731174536.243579d1@baby-jane-lamaiziere-net.local> In-Reply-To: <20080731132136.GC4088@garage.freebsd.pl> References: <E1KLA49-0000W2-I1@clue.co.za> <20080722081449.GA3241@garage.freebsd.pl> <20080731123246.365d0b1f@baby-jane-lamaiziere-net.local> <20080731132136.GC4088@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Le Thu, 31 Jul 2008 15:21:36 +0200, Pawel Jakub Dawidek <pjd@FreeBSD.org> a écrit : Hello, > > I think that one problem is that the session id (ses->ses_id) is not > > updated when a free session is reused. The session id is set to > > zero by bzero() in padlock_freesession(). So we can have several > > active sessions with the same ses->ses_id == 0 if the sessions are > > reused. > > Great catch! What do you think about using old sessid? I think it's ok > to do so and a bit safer, because session ID is only 32bit long so we > may get collision once we start from 0 again. I agree, so just: padlock_freession() padlock_hash_free(ses); bzero(ses, sizeof(*ses)); ses->ses_used = 0; + ses->ses_id = sid; TAILQ_INSERT_HEAD(&sc->sc_sessions, ses, ses_next); I've made some tests with ipsec and openssl on the glxsb driver (it is quite the same code) and it looks good. Regards.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080731174536.243579d1>