From 43acab1d2a8cf45e7bb1bb146150ecc65aa0c296 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 29 Jan 2016 03:31:04 +0000 Subject: Revert "account for packets buffered but not yet processed" change as it breaks for very small RekeyLimit values due to continuous rekeying. ok djm@ --- usr.bin/ssh/packet.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index 1806d816c8c..bcdde494d46 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.224 2016/01/29 02:54:45 dtucker Exp $ */ +/* $OpenBSD: packet.c,v 1.225 2016/01/29 03:31:03 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2234,21 +2234,16 @@ int ssh_packet_need_rekeying(struct ssh *ssh) { struct session_state *state = ssh->state; - u_int32_t buf_in, buf_out; if (ssh->compat & SSH_BUG_NOREKEY) return 0; - buf_in = roundup(sshbuf_len(state->input), - state->newkeys[MODE_IN]->enc.block_size); - buf_out = roundup(sshbuf_len(state->output), - state->newkeys[MODE_OUT]->enc.block_size); return (state->p_send.packets > MAX_PACKETS) || (state->p_read.packets > MAX_PACKETS) || (state->max_blocks_out && - (state->p_send.blocks + buf_out > state->max_blocks_out)) || + (state->p_send.blocks > state->max_blocks_out)) || (state->max_blocks_in && - (state->p_read.blocks + buf_in > state->max_blocks_in)) || + (state->p_read.blocks > state->max_blocks_in)) || (state->rekey_interval != 0 && state->rekey_time + state->rekey_interval <= monotime()); } -- cgit v1.2.3