T233: With libssh 0.9.4 the open session hangs when the maxAuthtries is reached
Description
Originally reported by jjnicola: https://bugs.libssh.org/T233
When a server has set MaxAuthTries = 0, open session hangs for ever. It also happens whit user + key authentication and MaxAuthTries set to 1 (since it tries first with user + password).
This was tried also with libssh v0.8.7, stable version in Debian Buster and works as expected.
Some debug :
[2020/06/08 08:38:37.326113, 3] ssh_config_parse_file: Reading configuration data from /etc/ssh/ssh_config
[2020/06/08 08:38:37.326247, 2] ssh_config_parse_line: Unapplicable option: SendEnv, line: 49
[2020/06/08 08:38:37.326274, 1] ssh_config_parse_line: Unsupported option: HashKnownHosts, line: 50
[2020/06/08 08:38:37.326404, 2] ssh_connect: libssh 0.9.3 (c) 2003-2019 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_pthread
[2020/06/08 08:38:37.326448, 3] getai: host 192.168.0.42 matches an IP address
[2020/06/08 08:38:37.326598, 2] ssh_socket_connect: Nonblocking connection socket: 4
[2020/06/08 08:38:37.326648, 2] ssh_connect: Socket connecting, now waiting for the callbacks to work
[2020/06/08 08:38:37.326676, 3] ssh_connect: Actual timeout : 10000
[2020/06/08 08:38:37.327158, 4] ssh_socket_pollcallback: Poll callback on socket 4 (POLLOUT ), out buffer 0
[2020/06/08 08:38:37.327198, 3] ssh_socket_pollcallback: Received POLLOUT in connecting state
[2020/06/08 08:38:37.327218, 1] socket_callback_connected: Socket connection callback: 1 (0)
[2020/06/08 08:38:37.327286, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2020/06/08 08:38:37.327322, 4] ssh_socket_pollcallback: Poll callback on socket 4 (POLLOUT ), out buffer 0
[2020/06/08 08:38:37.350046, 4] ssh_socket_pollcallback: Poll callback on socket 4 (POLLIN ), out buffer 0
[2020/06/08 08:38:37.350119, 3] callback_receive_banner: Received banner: SSH-2.0-OpenSSH_7.9p1 Debian-10
[2020/06/08 08:38:37.350138, 2] ssh_client_connection_callback: SSH server banner: SSH-2.0-OpenSSH_7.9p1 Debian-10
[2020/06/08 08:38:37.350149, 2] ssh_analyze_banner: Analyzing banner: SSH-2.0-OpenSSH_7.9p1 Debian-10
[2020/06/08 08:38:37.350171, 2] ssh_analyze_banner: We are talking to an OpenSSH client version: 7.9 (70900)
[2020/06/08 08:38:37.350394, 3] ssh_client_select_hostkeys: Order of wanted host keys: "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss"
[2020/06/08 08:38:37.350452, 1] ssh_known_hosts_read_entries: Failed to open the known_hosts file '/etc/ssh/ssh_known_hosts': No such file or directory
[2020/06/08 08:38:37.350482, 3] ssh_client_select_hostkeys: No key found in known_hosts; changing host key method to "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss"
[2020/06/08 08:38:37.350505, 4] ssh_list_kex: kex algos: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
[2020/06/08 08:38:37.350524, 4] ssh_list_kex: server host key algo: ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
[2020/06/08 08:38:37.350541, 4] ssh_list_kex: encryption client->server: aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
[2020/06/08 08:38:37.350558, 4] ssh_list_kex: encryption server->client: aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
[2020/06/08 08:38:37.350574, 4] ssh_list_kex: mac algo client->server: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[2020/06/08 08:38:37.350592, 4] ssh_list_kex: mac algo server->client: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[2020/06/08 08:38:37.350610, 4] ssh_list_kex: compression algo client->server: none
[2020/06/08 08:38:37.350624, 4] ssh_list_kex: compression algo server->client: none
[2020/06/08 08:38:37.350637, 4] ssh_list_kex: languages client->server:
[2020/06/08 08:38:37.350651, 4] ssh_list_kex: languages server->client:
[2020/06/08 08:38:37.350792, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2020/06/08 08:38:37.350840, 3] packet_send2: packet: wrote [type=20, len=972, padding_size=6, comp=965, payload=965]
[2020/06/08 08:38:37.350868, 3] ssh_send_kex: SSH_MSG_KEXINIT sent
[2020/06/08 08:38:37.350896, 4] ssh_socket_pollcallback: Poll callback on socket 4 (POLLOUT ), out buffer 0
[2020/06/08 08:38:37.350908, 4] ssh_socket_pollcallback: sending control flow event
[2020/06/08 08:38:37.350918, 4] ssh_packet_socket_controlflow_callback: sending channel_write_wontblock callback
[2020/06/08 08:38:37.352777, 4] ssh_socket_pollcallback: Poll callback on socket 4 (POLLIN ), out buffer 0
[2020/06/08 08:38:37.352874, 3] ssh_packet_socket_callback: packet: read type 20 [len=1076,padding=6,comp=1069,payload=1069]
[2020/06/08 08:38:37.352894, 3] ssh_packet_process: Dispatching handler for packet type 20
[2020/06/08 08:38:37.352926, 4] ssh_list_kex: kex algos: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
[2020/06/08 08:38:37.352961, 4] ssh_list_kex: server host key algo: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
[2020/06/08 08:38:37.352976, 4] ssh_list_kex: encryption client->server: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
[2020/06/08 08:38:37.352988, 4] ssh_list_kex: encryption server->client: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
[2020/06/08 08:38:37.352997, 4] ssh_list_kex: mac algo client->server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[2020/06/08 08:38:37.353008, 4] ssh_list_kex: mac algo server->client: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[2020/06/08 08:38:37.353022, 4] ssh_list_kex: compression algo client->server: none,zlib@openssh.com
[2020/06/08 08:38:37.353031, 4] ssh_list_kex: compression algo server->client: none,zlib@openssh.com
[2020/06/08 08:38:37.353040, 4] ssh_list_kex: languages client->server:
[2020/06/08 08:38:37.353048, 4] ssh_list_kex: languages server->client:
[2020/06/08 08:38:37.353082, 2] ssh_kex_select_methods: Negotiated curve25519-sha256,ssh-ed25519,aes256-gcm@openssh.com,aes256-gcm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-256-etm@openssh.com,none,none,,
[2020/06/08 08:38:37.353269, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2020/06/08 08:38:37.353285, 3] packet_send2: packet: wrote [type=30, len=44, padding_size=6, comp=37, payload=37]
[2020/06/08 08:38:37.353301, 4] ssh_socket_pollcallback: Poll callback on socket 4 (POLLOUT ), out buffer 0
[2020/06/08 08:38:37.353310, 4] ssh_socket_pollcallback: sending control flow event
[2020/06/08 08:38:37.353321, 4] ssh_packet_socket_controlflow_callback: sending channel_write_wontblock callback
[2020/06/08 08:38:37.361221, 4] ssh_socket_pollcallback: Poll callback on socket 4 (POLLIN ), out buffer 0
[2020/06/08 08:38:37.361253, 3] ssh_packet_socket_callback: packet: read type 31 [len=188,padding=8,comp=179,payload=179]
[2020/06/08 08:38:37.361264, 3] ssh_packet_process: Dispatching handler for packet type 31
[2020/06/08 08:38:37.361498, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2020/06/08 08:38:37.361513, 3] packet_send2: packet: wrote [type=21, len=12, padding_size=10, comp=1, payload=1]
[2020/06/08 08:38:37.361524, 4] ssh_packet_set_newkeys: called, direction = OUT
[2020/06/08 08:38:37.361602, 3] crypt_set_algorithms2: Set output algorithm to aes256-gcm@openssh.com
[2020/06/08 08:38:37.361620, 3] crypt_set_algorithms2: Set HMAC output algorithm to aead-gcm
[2020/06/08 08:38:37.361628, 3] crypt_set_algorithms2: Set input algorithm to aes256-gcm@openssh.com
[2020/06/08 08:38:37.361635, 3] crypt_set_algorithms2: Set HMAC input algorithm to aead-gcm
[2020/06/08 08:38:37.361659, 2] ssh_init_rekey_state: Set rekey after 4294967296 blocks
[2020/06/08 08:38:37.361672, 2] ssh_init_rekey_state: Set rekey after 4294967296 blocks
[2020/06/08 08:38:37.361702, 2] ssh_packet_client_curve25519_reply: SSH_MSG_NEWKEYS sent
[2020/06/08 08:38:37.361714, 3] ssh_packet_socket_callback: Processing 196 bytes left in socket buffer
[2020/06/08 08:38:37.361735, 3] ssh_packet_socket_callback: packet: read type 21 [len=12,padding=10,comp=1,payload=1]
[2020/06/08 08:38:37.361747, 3] ssh_packet_process: Dispatching handler for packet type 21
[2020/06/08 08:38:37.361758, 2] ssh_packet_newkeys: Received SSH_MSG_NEWKEYS
[2020/06/08 08:38:37.361775, 4] ssh_pki_signature_verify: Going to verify a ssh-ed25519 type signature
[2020/06/08 08:38:37.362023, 4] pki_verify_data_signature: Signature valid
[2020/06/08 08:38:37.362034, 2] ssh_packet_newkeys: Signature verified and valid
[2020/06/08 08:38:37.362041, 4] ssh_packet_set_newkeys: called, direction = IN
[2020/06/08 08:38:37.362048, 3] ssh_packet_socket_callback: Processing 180 bytes left in socket buffer
[2020/06/08 08:38:37.362070, 3] ssh_packet_socket_callback: packet: read type 7 [len=160,padding=18,comp=141,payload=141]
[2020/06/08 08:38:37.362082, 3] ssh_packet_process: Dispatching handler for packet type 7
[2020/06/08 08:38:37.362091, 3] ssh_packet_ext_info: Received SSH_MSG_EXT_INFO
[2020/06/08 08:38:37.362103, 3] ssh_packet_ext_info: Follows 1 extensions
[2020/06/08 08:38:37.362114, 3] ssh_packet_ext_info: Extension: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
[2020/06/08 08:38:37.362129, 3] ssh_connect: current state : 7
[2020/06/08 08:38:37.362332, 3] packet_send2: packet: wrote [type=5, len=32, padding_size=14, comp=17, payload=17]
[2020/06/08 08:38:37.362346, 3] ssh_service_request: Sent SSH_MSG_SERVICE_REQUEST (service ssh-userauth)
[2020/06/08 08:38:37.362360, 4] ssh_socket_pollcallback: Poll callback on socket 4 (POLLOUT ), out buffer 52
[2020/06/08 08:38:37.362379, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2020/06/08 08:38:37.362392, 4] ssh_socket_pollcallback: Poll callback on socket 4 (POLLOUT ), out buffer 0
[2020/06/08 08:38:37.362401, 4] ssh_socket_pollcallback: sending control flow event
[2020/06/08 08:38:37.362412, 4] ssh_packet_socket_controlflow_callback: sending channel_write_wontblock callback
[2020/06/08 08:38:37.409040, 4] ssh_socket_pollcallback: Poll callback on socket 4 (POLLIN ), out buffer 0
[2020/06/08 08:38:37.409155, 3] ssh_packet_socket_callback: packet: read type 6 [len=32,padding=14,comp=17,payload=17]
[2020/06/08 08:38:37.409191, 3] ssh_packet_process: Dispatching handler for packet type 6
[2020/06/08 08:38:37.409216, 3] ssh_packet_service_accept: Received SSH_MSG_SERVICE_ACCEPT
[2020/06/08 08:38:37.409346, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2020/06/08 08:38:37.409390, 3] packet_send2: packet: wrote [type=50, len=48, padding_size=12, comp=35, payload=35]
[2020/06/08 08:38:37.409422, 4] ssh_socket_pollcallback: Poll callback on socket 4 (POLLOUT ), out buffer 0
[2020/06/08 08:38:37.409445, 4] ssh_socket_pollcallback: sending control flow event
[2020/06/08 08:38:37.409471, 4] ssh_packet_socket_controlflow_callback: sending channel_write_wontblock callback
[2020/06/08 08:38:37.417704, 4] ssh_socket_pollcallback: Poll callback on socket 4 (POLLIN ), out buffer 0
[2020/06/08 08:38:37.417892, 3] ssh_packet_socket_callback: packet: read type 1 [len=64,padding=18,comp=45,payload=45]
[2020/06/08 08:38:37.417941, 3] ssh_packet_process: Dispatching handler for packet type 1
[2020/06/08 08:38:37.417970, 3] ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT 2:Too many authentication failures
[2020/06/08 08:38:37.417992, 1] ssh_packet_disconnect_callback: Received SSH_MSG_DISCONNECT: 2:Too many authentication failures
More debug with gdb:
(gdb) bt
#0 0x00007f802ee977e4 in __GI___poll (fds=0x55b6d91b08a0, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1 0x00007f803049c500 in ssh_poll () at /home/jnicola/install/lib/libssh.so.4
#2 0x00007f803049cc7e in ssh_poll_ctx_dopoll () at /home/jnicola/install/lib/libssh.so.4
#3 0x00007f803049e710 in ssh_handle_packets () at /home/jnicola/install/lib/libssh.so.4
#4 0x00007f803049e816 in ssh_handle_packets_termination () at /home/jnicola/install/lib/libssh.so.4
#5 0x00007f803046a1d4 in ssh_userauth_get_response () at /home/jnicola/install/lib/libssh.so.4
#6 0x00007f803046a9d0 in ssh_userauth_none () at /home/jnicola/install/lib/libssh.so.4
#7 0x00007f803073a60b in get_authmethods (tbl_slot=0) at /home/jnicola/dev/openvas-scanner/nasl/nasl_ssh.c:629
#8 0x00007f803073abec in nasl_ssh_userauth (lexic=0x55b6d91b0c20) at /home/jnicola/dev/openvas-scanner/nasl/nasl_ssh.c:835
#9 0x00007f80307415d0 in nasl_func_call (lexic=0x55b6d91b8df0, f=0x7f803077e1e0 <libfuncs+3648>, arg_list=0x55b6d910ebb0) at /home/jnicola/dev/openvas-scanner/nasl/nasl_func.c:196
#10 0x00007f8030720abc in nasl_exec (lexic=0x55b6d91b8df0, st=0x55b6d910eef0) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:1023
#11 0x00007f80307203aa in nasl_exec (lexic=0x55b6d91b8df0, st=0x55b6d910f230) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:821
#12 0x00007f8030720458 in nasl_exec (lexic=0x55b6d91b8df0, st=0x55b6d910f750) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:836
#13 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d91b8df0, st=0x55b6d910f790) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#14 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d91b8df0, st=0x55b6d910f7d0) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#15 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d91b8df0, st=0x55b6d910f810) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#16 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d91b8df0, st=0x55b6d910f850) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#17 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d91b8df0, st=0x55b6d910f890) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#18 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d91b8df0, st=0x55b6d910f8d0) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#19 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d91b8df0, st=0x55b6d910f910) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#20 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d91b8df0, st=0x55b6d910f950) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#21 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d91b8df0, st=0x55b6d910f990) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#22 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d91b8df0, st=0x55b6d910f9d0) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#23 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d91b8df0, st=0x55b6d910fa10) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#24 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d91b8df0, st=0x55b6d910fa50) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#25 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d91b8df0, st=0x55b6d910fa90) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#26 0x00007f803074160d in nasl_func_call (lexic=0x55b6d90e9510, f=0x55b6d913ce30, arg_list=0x0) at /home/jnicola/dev/openvas-scanner/nasl/nasl_func.c:202
#27 0x00007f8030720abc in nasl_exec (lexic=0x55b6d90e9510, st=0x55b6d90e1040) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:1023
#28 0x00007f8030720c82 in nasl_exec (lexic=0x55b6d90e9510, st=0x55b6d90e1080) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:1086
#29 0x00007f8030720458 in nasl_exec (lexic=0x55b6d90e9510, st=0x55b6d90e9170) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:836
#30 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d90e9510, st=0x55b6d90e91b0) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#31 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d90e9510, st=0x55b6d90e91f0) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#32 0x00007f80307203e5 in nasl_exec (lexic=0x55b6d90e9510, st=0x55b6d90e9230) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:827
#33 0x00007f8030720458 in nasl_exec (lexic=0x55b6d90e9510, st=0x55b6d90e9390) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:836
#34 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d90e9510, st=0x55b6d90e93d0) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#35 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d90e9510, st=0x55b6d90e9410) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#36 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d90e9510, st=0x55b6d90e9450) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#37 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d90e9510, st=0x55b6d90e9490) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#38 0x00007f80307204c2 in nasl_exec (lexic=0x55b6d90e9510, st=0x55b6d90e94d0) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:840
#39 0x00007f8030722a12 in exec_nasl_script (script_infos=0x55b6d90e23b0, mode=12) at /home/jnicola/dev/openvas-scanner/nasl/exec.c:1729
#40 0x000055b6d78d1156 in main (argc=1, argv=0x7ffebf52a7b8) at /home/jnicola/dev/openvas-scanner/nasl/nasl.c:402
Comments:
Jakuje commented on 2020-06-08 11:10:22 UTC:
I am able to reproduce this locally. The server sends SSH_MSG_DISCONNECT
to the client, but in the ssh_userauth_get_response()
, this message is not accepted to terminate waiting for answer from server in ssh_auth_response_termination()
so it hangs forever in the poll -- I think this is a bug in poll implementation, which should stop waiting after receiving disconnect.
Attaching a reproducer:
diff --git a/tests/client/torture_auth.c b/tests/client/torture_auth.c
index 24ecc507..b3723547 100644
--- a/tests/client/torture_auth.c
+++ b/tests/client/torture_auth.c
@@ -257,6 +257,36 @@ static void torture_auth_none_nonblocking(void **state) {
}
+/* Setting MaxAuthTries 0 makes libssh hang. The option is ot practical,
+ * but simulates setting low value and requiring multiple authentication
+ * methods to succeed (T233)
+ */
+static void torture_auth_none_max_tries(void **state) {
+ struct torture_state *s = *state;
+ ssh_session session = s->ssh.session;
+ int rc;
+ const char *sshd_config = "MaxAuthTries 0";
+
+ torture_update_sshd_config(state, sshd_config);
+
+ rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_BOB);
+ assert_int_equal(rc, SSH_OK);
+
+ rc = ssh_connect(session);
+ assert_int_equal(rc, SSH_OK);
+
+ rc = ssh_userauth_none(session,NULL);
+ assert_int_equal(rc, SSH_AUTH_DENIED);
+
+ /* This request should return a SSH_REQUEST_DENIED error */
+ if (rc == SSH_ERROR) {
+ assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
+ }
+
+ /* Reset config back to defaults */
+ torture_update_sshd_config(state, "");
+}
+
static void torture_auth_autopubkey(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
@@ -903,6 +933,9 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_auth_none_nonblocking,
session_setup,
session_teardown),
+ cmocka_unit_test_setup_teardown(torture_auth_none_max_tries,
+ session_setup,
+ session_teardown),
cmocka_unit_test_setup_teardown(torture_auth_password,
session_setup,
session_teardown),
Jakuje commented on 2020-06-09 14:33:09 UTC:
Playing a bit more with that, it looks like a version 8.7.0 returns SSH_AUTH_AGAIN
from ssh_userauth_none()
, even though it is in blocking mode. It is certainly not correct, but better than not returning at all. But only after a timeout, which it spends in busy-loop wait.
Bisecting changes leads to commit e4e51ccc which is the one changing this behavior. This commit does not introduce this issue, but uncovers it by setting infinite timeout to ssh_handle_packets_termination()
function, which never returns in this case. @asn what do you think?