On Mon, 12 Feb 2007, Lucas Newman wrote:
> I think I understand what is happening now. If a large read blocks in the
> middle, the chunk of data obtained is processed in transport.c to determine
> if a full packet was snagged. While processing half of a packet, if the
> data is not a multiple of the crypto block size, the extra bytes are
> discarded from the end of the chunk, and the remainder of the packet is
> missing those bytes, hence the MAC failure.
>
> To see this happening, add the following line to transport.c:441:
> fprintf(stderr, "Bytes being discarded: %d\n", numdecrypt % session-
> >remote.crypt->blocksize);
>
> If you are able to read a whole packet at once, you will never discard any
> bytes when decrypting, so that is why the behavior only appears when doing
> large, blocking reads.
>
> A solution would be to retain the extra bytes and just process them in the
> next iteration.
I must be stupid, but I read the code around line 441 and I can't see how the
bytes are being discarded.
Do you have a suggested patch to fix the problem you see?
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
libssh2-devel mailing list
libssh2-devel_at_lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libssh2-devel
Received on 2007-02-13