diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2024-10-13 22:20:07 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2024-10-13 22:20:07 +0000 |
| commit | 02a58113e0321008af87280fc75972ab0f8c945f (patch) | |
| tree | 8d91330bb8438a82423984065241b6fd0a2a4f80 /usr.bin/ssh | |
| parent | 64c12edff8083b0681400852e839f76419f4f719 (diff) | |
don't start the ObscureKeystrokeTiming mitigations if there has been
traffic on a X11 forwarding channel recently.
Should fix X11 forwarding performance problems when this setting is
enabled. Patch from Antonio Larrosa via bz3655
Diffstat (limited to 'usr.bin/ssh')
| -rw-r--r-- | usr.bin/ssh/channels.c | 21 | ||||
| -rw-r--r-- | usr.bin/ssh/channels.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/clientloop.c | 7 |
3 files changed, 26 insertions, 5 deletions
diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index 15e702c32fe..07e8c08658d 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.439 2024/07/25 22:40:08 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.440 2024/10/13 22:20:06 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -5219,3 +5219,22 @@ x11_request_forwarding_with_spoofing(struct ssh *ssh, int client_session_id, fatal_fr(r, "send x11-req"); free(new_data); } + +/* + * Returns whether an x11 channel was used recently (less than a second ago) + */ +int +x11_channel_used_recently(struct ssh *ssh) { + u_int i; + Channel *c; + time_t lastused = 0; + + for (i = 0; i < ssh->chanctxt->channels_alloc; i++) { + c = ssh->chanctxt->channels[i]; + if (c == NULL || c->ctype == NULL || c->lastused == 0 || + strcmp(c->ctype, "x11-connection") != 0) + continue; + lastused = c->lastused; + } + return lastused != 0 && monotime() > lastused + 1; +} diff --git a/usr.bin/ssh/channels.h b/usr.bin/ssh/channels.h index 8a4615edac6..c227320af3a 100644 --- a/usr.bin/ssh/channels.h +++ b/usr.bin/ssh/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.157 2024/07/25 22:40:08 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.158 2024/10/13 22:20:06 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -379,6 +379,7 @@ int x11_connect_display(struct ssh *); int x11_create_display_inet(struct ssh *, int, int, int, u_int *, int **); void x11_request_forwarding_with_spoofing(struct ssh *, int, const char *, const char *, const char *, int); +int x11_channel_used_recently(struct ssh *ssh); /* channel close */ diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index c5296e32f04..07c321cc3d9 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.408 2024/07/01 04:31:17 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.409 2024/10/13 22:20:06 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -650,9 +650,10 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout, if (just_started) return 1; - /* Don't arm output fd for poll until the timing interval has elapsed */ + /* Don't arm output fd for poll until the timing interval has elapsed... */ if (timespeccmp(&now, &next_interval, <)) - return 0; + /* ...unless there's x11 communicattion happening */ + return x11_channel_used_recently(ssh); /* Calculate number of intervals missed since the last check */ n = (now.tv_sec - next_interval.tv_sec) * 1000LL * 1000 * 1000; |