From: Florian Kreutzer <[email protected]> Prevents sporadic crashes of dropbear server when multiple channels are active at the same time.
Upstream discussion: https://github.com/mkj/dropbear/pull/326/commits https://github.com/mkj/dropbear/issues/321 Issue was introduced in dropbear-2022.83 and fixed in v2024.86. Signed-off-by: Florian Kreutzer <[email protected]> --- ...e-channels-when-a-PID-hasn-t-started.patch | 45 +++++++++++++++++++ .../recipes-core/dropbear/dropbear_2022.83.bb | 1 + 2 files changed, 46 insertions(+) create mode 100644 meta/recipes-core/dropbear/dropbear/0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch diff --git a/meta/recipes-core/dropbear/dropbear/0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch b/meta/recipes-core/dropbear/dropbear/0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch new file mode 100644 index 0000000000..dff6534027 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch @@ -0,0 +1,45 @@ +From 5c34e70b80e5fc539f96e029b56b95cdee556010 Mon Sep 17 00:00:00 2001 +From: Matt Johnston <[email protected]> +Date: Sun, 8 Sep 2024 11:07:41 +0200 +Subject: Don't close channels when a PID hasn't started + +If check_close() ran prior to a server channel exec/shell +request, it would send a close immediately. +This fix changes it to exclude write_fd==FD_UNINIT from +being closed there. + +When a channel was closed by the time shell/exec request +was received, then data sent hits an assertion. +This fixes #321 on Github. + +The "pid == 0" check was initially added to avoid waiting +to close a channel when a process has never been launched +(which is correct), but that isn't correct in the case +of the closed-fd test. + +Fixes: 8e6f73e879ca ("- Remove "flushing" handling for exited processes) + +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/71521d1b78706a70d3570b860e65234cefdc8c81] + +Signed-off-by: Florian Kreutzer <[email protected]> +--- + common-channel.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/common-channel.c b/common-channel.c +index be5b57f..9926972 100644 +--- a/common-channel.c ++++ b/common-channel.c +@@ -317,7 +317,8 @@ static void check_close(struct Channel *channel) { + + if ((channel->recv_eof && !write_pending(channel)) + /* have a server "session" and child has exited */ +- || (channel->type->check_close && close_allowed)) { ++ || (channel->writefd != FD_UNINIT ++ && channel->type->check_close && close_allowed)) { + close_chan_fd(channel, channel->writefd, SHUT_WR); + } + +-- +2.34.1 + diff --git a/meta/recipes-core/dropbear/dropbear_2022.83.bb b/meta/recipes-core/dropbear/dropbear_2022.83.bb index 686cb8a809..772e08eaed 100644 --- a/meta/recipes-core/dropbear/dropbear_2022.83.bb +++ b/meta/recipes-core/dropbear/dropbear_2022.83.bb @@ -14,6 +14,7 @@ RCONFLICTS:${PN} = "openssh-sshd openssh" SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ file://0001-urandom-xauth-changes-to-options.h.patch \ + file://0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch \ file://init \ file://dropbearkey.service \ file://[email protected] \ -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#207867): https://lists.openembedded.org/g/openembedded-core/message/207867 Mute This Topic: https://lists.openembedded.org/mt/109792555/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
