Bug in rekeying

Oliver Metz oliver at freetz.org
Tue Jan 21 04:53:18 WST 2014 

Hi,

we see a bug when the rekey limit is reached. Dropbear is run on a embedded mips device. For testing purposes we changed the define in sysoptions.h to:
#define KEX_REKEY_DATA (1<<21)

This gives the following log:
...
TRACE (5619) 1389521630.365826: send_msg_channel_data: len 16375 fd 0
TRACE (5619) 1389521630.372597: leave send_msg_channel_data
TRACE (5619) 1389521630.373003: send normal readfd
TRACE (5619) 1389521630.373316: enter send_msg_channel_data
TRACE (5619) 1389521630.373707: enter send_msg_channel_data isextended 0 fd 0
TRACE (5619) 1389521630.374120: maxlen 16375
TRACE (5619) 1389521630.374595: send_msg_channel_data: len 16375 fd 0
TRACE (5619) 1389521630.381393: leave send_msg_channel_data
TRACE (5619) 1389521630.381798: rekeying after timeout or max data reached
TRACE (5619) 1389521630.382441: send_msg_kexdh_init()
TRACE (5619) 1389521630.391507: DATAALLOWED=0
TRACE (5619) 1389521630.391861: -> KEXINIT
TRACE (5619) 1389521630.392163: maybe_empty_reply_queue - no data allowed
TRACE (5619) 1389521630.769376: empty queue dequeing
TRACE (5619) 1389521630.769747: maybe_empty_reply_queue - no data allowed
TRACE (5619) 1389521631.234696: process_packet: packet type = 93, len 9
TRACE (5619) 1389521631.235255: enter session_cleanup
TRACE (5619) 1389521631.235565: enter cli_tty_cleanup
TRACE (5619) 1389521631.235865: leave cli_tty_cleanup: not in raw mode
TRACE (5619) 1389521631.236376: enter chancleanup
TRACE (5619) 1389521631.236683: channel 0 closing
TRACE (5619) 1389521631.237056: enter remove_channel
TRACE (5619) 1389521631.237352: channel index is 0
TRACE (5619) 1389521631.238302: CLOSE writefd 1
TRACE (5619) 1389521631.238677: CLOSE readfd 0
TRACE (5619) 1389521631.239089: CLOSE errfd 2
rsync: writefd_unbuffered failed to write 4092 bytes to socket [sender]: Broken pipe (32)
rsync: connection unexpectedly closed (34 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(605) [sender=3.0.9]

With the unaltered define this happens after exactly 1GB traffic. I'm sorry that I can't attach a patch. But I can provide more logs if you need them.

Regards
Oliver

http://freetz.org

More information about the Dropbear mailing list