- 1 KB
- Mime Type
- Raw Data
Before the fix: On Windows, during a successful download, ssh_poll() returns > 0. When there is a disconnect that occurs in the middle of the download, ssh_poll() returns 0.
ssh_poll_ctx_dopoll() checks if the return is 0, if so, it returns SSH_AGAIN. Because it's returning SSH_AGAIN, the calling method assumes it should attempt to poll again.
Following the stack trace up, it looks like ssh_handle_packets_termination() is where the while loop occurs - while there isn't an error, call ssh_handle_packets().
ssh_handle_packets() calls ssh_poll_ctx_dopoll() which calls ssh_poll() again. This results in an infinite loop during a disconnect.
For my fix, I am assuming that if the user provided a timeout to ssh_poll, then that means they would not want ssh_poll() to be called endlessly if there was a disconnect. So if there is a timeout and if there was a disconnect, return -1 for an error.
I think, this only should be done in the ssh_poll() which uses the poll emulation (second hunk of this patch)! Also you need to add what you explained here as a comment into that function before the if-clause. This is important information!
And please *always* use blocks with brackets for if-clauses, see CVE-2014-1266 ... ;-)