- djm@cvs.openbsd.org 2010/01/27 13:26:17
[mux.c]
fix bug introduced in mux rewrite:
In a mux master, when a socket to a mux slave closes before its server
session (as may occur when the slave has been signalled), gracefully
close the server session rather than deleting its channel immediately.
A server may have more messages on that channel to send (e.g. an exit
message) that will fatal() the client if they are sent to a channel that
has been prematurely deleted.
spotted by imorgan AT nas.nasa.gov
diff --git a/mux.c b/mux.c
index ef99b57..64781d4 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.11 2010/01/26 02:15:20 djm Exp $ */
+/* $OpenBSD: mux.c,v 1.12 2010/01/27 13:26:17 djm Exp $ */
/*
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
*
@@ -210,7 +210,13 @@
__func__, c->self, c->remote_id);
c->remote_id = -1;
sc->ctl_chan = -1;
- chan_mark_dead(sc);
+ if (sc->type != SSH_CHANNEL_OPEN) {
+ debug2("%s: channel %d: not open", __func__, sc->self);
+ chan_mark_dead(c);
+ } else {
+ chan_read_failed(sc);
+ chan_write_failed(sc);
+ }
}
channel_cancel_cleanup(c->self);
}