RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: don't start the ObscureKeystrokeTiming mitigations if 

there has been traffic on a X11 forwarding channel recently.

Should fix X11 forwarding performance problems when this setting is
enabled. Patch from Antonio Larrosa via bz3655

OpenBSD-Commit-ID: 820284a92eb4592fcd3d181a62c1b86b08a4a7ab
This commit is contained in:
djm@openbsd.org 2024-10-13 22:20:06 +00:00 committed by Damien Miller
parent 538cd28598
commit fe6c6330c1
No known key found for this signature in database
3 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
channels.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.c,v 1.439 2024/07/25 22:40:08 djm Exp $ */ /* $OpenBSD: channels.c,v 1.440 2024/10/13 22:20:06 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -5336,3 +5336,22 @@ x11_request_forwarding_with_spoofing(struct ssh *ssh, int client_session_id,
fatal_fr(r, "send x11-req"); fatal_fr(r, "send x11-req");
free(new_data); free(new_data);
} }
/*
* Returns whether an x11 channel was used recently (less than a second ago)
*/
int
x11_channel_used_recently(struct ssh *ssh) {
u_int i;
Channel *c;
time_t lastused = 0;
for (i = 0; i < ssh->chanctxt->channels_alloc; i++) {
c = ssh->chanctxt->channels[i];
if (c == NULL || c->ctype == NULL || c->lastused == 0 ||
strcmp(c->ctype, "x11-connection") != 0)
continue;
lastused = c->lastused;
}
return lastused != 0 && monotime() > lastused + 1;
}

3
channels.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.h,v 1.157 2024/07/25 22:40:08 djm Exp $ */ /* $OpenBSD: channels.h,v 1.158 2024/10/13 22:20:06 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -382,6 +382,7 @@ int x11_connect_display(struct ssh *);
int x11_create_display_inet(struct ssh *, int, int, int, u_int *, int **); int x11_create_display_inet(struct ssh *, int, int, int, u_int *, int **);
void x11_request_forwarding_with_spoofing(struct ssh *, int, void x11_request_forwarding_with_spoofing(struct ssh *, int,
const char *, const char *, const char *, int); const char *, const char *, const char *, int);
int x11_channel_used_recently(struct ssh *ssh);
/* channel close */ /* channel close */

7
clientloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.c,v 1.408 2024/07/01 04:31:17 djm Exp $ */ /* $OpenBSD: clientloop.c,v 1.409 2024/10/13 22:20:06 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -659,9 +659,10 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout,
if (just_started) if (just_started)
return 1; return 1;
/* Don't arm output fd for poll until the timing interval has elapsed */ /* Don't arm output fd for poll until the timing interval has elapsed... */
if (timespeccmp(&now, &next_interval, <)) if (timespeccmp(&now, &next_interval, <))
return 0; /* ...unless there's x11 communicattion happening */
return x11_channel_used_recently(ssh);
/* Calculate number of intervals missed since the last check */ /* Calculate number of intervals missed since the last check */
n = (now.tv_sec - next_interval.tv_sec) * 1000LL * 1000 * 1000; n = (now.tv_sec - next_interval.tv_sec) * 1000LL * 1000 * 1000;