propagate from branch 'au.asn.ucc.matt.dropbear' (head 31dcd7a22983ef19d6c63248e415e71d292dd0ec)

to branch 'au.asn.ucc.matt.dropbear.channel-fix' (head 7559a8cc4f6abe2338636f2aced3a395a79c172c) --HG-- branch : channel-fix extra : convert_revision : a94c5265558121fe936519b5d9a5eb27f95e9d9d
2025-02-08 21:54:13 +00:00 · 2006-10-12 03:01:10 +00:00 · 2006-10-12 03:01:10 +00:00 · 71e25058c1
commit 71e25058c1
parent 35bcc463e5 5b8a26f1d1
5 changed files with 185 additions and 271 deletions
--- a/channel.h
+++ b/channel.h
@ -73,10 +73,9 @@ struct Channel {
 	circbuffer *extrabuf; /* extended-data for the program - used like writebuf
 					     but for stderr */
-	int sentclosed, recvclosed;
+	/* whether close/eof messages have been exchanged */
-
+	int sent_close, recv_close;
-	/* this is set when we receive/send a channel eof packet */
+	int recv_eof, sent_eof;
 	int recveof, senteof;
 	int initconn; /* used for TCP forwarding, whether the channel has been
 					 fully initialised */
@ -94,7 +93,7 @@ struct ChanType {
 	int sepfds; /* Whether this channel has seperate pipes for in/out or not */
 	char *name;
 	int (*inithandler)(struct Channel*);
-	int (*checkclose)(struct Channel*);
+	int (*check_close)(struct Channel*);
 	void (*reqhandler)(struct Channel*);
 	void (*closehandler)(struct Channel*);
--- a/cli-channel.c
+++ b/cli-channel.c
@ -39,9 +39,6 @@ void recv_msg_channel_extended_data() {
 	TRACE(("enter recv_msg_channel_extended_data"))
 	channel = getchannel();
 	if (channel == NULL) {
 		dropbear_exit("Unknown channel");
 	}
 	if (channel->type != &clichansess) {
 		TRACE(("leave recv_msg_channel_extended_data: chantype is wrong"))
--- a/common-channel.c
+++ b/common-channel.c
@ -43,18 +43,15 @@ static void send_msg_channel_open_confirmation(struct Channel* channel,
 static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf);
 static void send_msg_channel_window_adjust(struct Channel *channel, 
 		unsigned int incr);
-static void send_msg_channel_data(struct Channel *channel, int isextended,
+static void send_msg_channel_data(struct Channel *channel, int isextended);
 		unsigned int exttype);
 static void send_msg_channel_eof(struct Channel *channel);
 static void send_msg_channel_close(struct Channel *channel);
-static void removechannel(struct Channel *channel);
+static void remove_channel(struct Channel *channel);
-static void deletechannel(struct Channel *channel);
+static void delete_channel(struct Channel *channel);
-static void checkinitdone(struct Channel *channel);
+static void check_in_progress(struct Channel *channel);
-static void checkclose(struct Channel *channel);
+static unsigned int write_pending(struct Channel * channel);
-
+static void check_close(struct Channel *channel);
-static void closewritefd(struct Channel * channel);
+static void close_chan_fd(struct Channel *channel, int fd, int how);
 static void closereadfd(struct Channel * channel, int fd);
 static void closechanfd(struct Channel *channel, int fd, int how);
 #define FD_UNINIT (-2)
 #define FD_CLOSED (-1)
@ -85,7 +82,7 @@ void chancleanup() {
 	for (i = 0; i < ses.chansize; i++) {
 		if (ses.channels[i] != NULL) {
 			TRACE(("channel %d closing", i))
-			removechannel(ses.channels[i]);
+			remove_channel(ses.channels[i]);
 		}
 	}
 	m_free(ses.channels);
@ -135,8 +132,8 @@ struct Channel* newchannel(unsigned int remotechan,
 	newchan = (struct Channel*)m_malloc(sizeof(struct Channel));
 	newchan->type = type;
 	newchan->index = i;
-	newchan->sentclosed = newchan->recvclosed = 0;
+	newchan->sent_close = newchan->recv_close = 0;
-	newchan->senteof = newchan->recveof = 0;
+	newchan->sent_eof = newchan->recv_eof = 0;
 	newchan->remotechan = remotechan;
 	newchan->transwindow = transwindow;
@ -164,26 +161,35 @@ struct Channel* newchannel(unsigned int remotechan,
 }
 /* Returns the channel structure corresponding to the channel in the current
- * data packet (ses.payload must be positioned appropriately) */
+ * data packet (ses.payload must be positioned appropriately).
-struct Channel* getchannel() {
+ * A valid channel is always returns, it will fail fatally with an unknown
 * channel */
 static struct Channel* getchannel_msg(const char* kind) {
 	unsigned int chan;
 	chan = buf_getint(ses.payload);
 	if (chan >= ses.chansize || ses.channels[chan] == NULL) {
-		return NULL;
+		if (kind) {
 			dropbear_exit("%s for unknown channel %d", kind, chan);
 		} else {
 			dropbear_exit("Unknown channel %d", chan);
 		}
 	}
 	return ses.channels[chan];
 }
 struct Channel* getchannel() {
 	return getchannel_msg(NULL);
 }
 /* Iterate through the channels, performing IO if available */
 void channelio(fd_set *readfds, fd_set *writefds) {
 	struct Channel *channel;
 	unsigned int i;
 	int ret;
-	/* iterate through all the possible channels */
+	/* foreach channel */
 	for (i = 0; i < ses.chansize; i++) {
 		channel = ses.channels[i];
@ -194,40 +200,22 @@ void channelio(fd_set *readfds, fd_set *writefds) {
 		/* read data and send it over the wire */
 		if (channel->readfd >= 0 && FD_ISSET(channel->readfd, readfds)) {
-			send_msg_channel_data(channel, 0, 0);
+			send_msg_channel_data(channel, 0);
 		}
 		/* read stderr data and send it over the wire */
 		if (channel->extrabuf == NULL &&
 				channel->errfd >= 0 && FD_ISSET(channel->errfd, readfds)) {
-				send_msg_channel_data(channel, 1, SSH_EXTENDED_DATA_STDERR);
+				send_msg_channel_data(channel, 1);
 		}
 		/* if we can read from the writefd, it might be closed, so we try to
 		 * see if it has errors */
 		if (IS_DROPBEAR_SERVER && channel->writefd >= 0 
 				&& channel->writefd != channel->readfd
 				&& FD_ISSET(channel->writefd, readfds)) {
 			if (channel->initconn) {
 				/* Handling for "in progress" connection - this is needed
 				 * to avoid spinning 100% CPU when we connect to a server
 				 * which doesn't send anything (tcpfwding) */
 				checkinitdone(channel);
 				continue; /* Important not to use the channel after 
 							 checkinitdone(), as it may be NULL */
 			}
 			ret = write(channel->writefd, NULL, 0); /* Fake write */
 			if (ret < 0 && errno != EINTR && errno != EAGAIN) {
 				closewritefd(channel);
 			}
 		}
 		/* write to program/pipe stdin */
 		if (channel->writefd >= 0 && FD_ISSET(channel->writefd, writefds)) {
 			if (channel->initconn) {
-				checkinitdone(channel);
+				/* XXX should this go somewhere cleaner? */
 				check_in_progress(channel);
 				continue; /* Important not to use the channel after
-							 checkinitdone(), as it may be NULL */
+							 check_in_progress(), as it may be NULL */
 			}
 			writechannel(channel, channel->writefd, channel->writebuf);
 		}
@ -238,10 +226,10 @@ void channelio(fd_set *readfds, fd_set *writefds) {
 			writechannel(channel, channel->errfd, channel->extrabuf);
 		}
-		/* now handle any of the channel-closing type stuff */
+		/* handle any channel closing etc */
-		checkclose(channel);
+		check_close(channel);
-	} /* foreach channel */
+	}
 	/* Listeners such as TCP, X11, agent-auth */
 #ifdef USING_LISTENERS
@ -250,57 +238,65 @@ void channelio(fd_set *readfds, fd_set *writefds) {
 }
-/* do all the EOF/close type stuff checking for a channel */
+/* Returns true if there is data remaining to be written to stdin or
-static void checkclose(struct Channel *channel) {
+ * stderr of a channel's endpoint. */
 static unsigned int write_pending(struct Channel * channel) {
-	TRACE(("checkclose: writefd %d, readfd %d, errfd %d, sentclosed %d, recvclosed %d",
+	if (channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0) {
 		return 1;
 	} else if (channel->errfd >= 0 && channel->extrabuf && 
 			cbuf_getused(channel->writebuf) > 0) {
 		return 1;
 	}
 	return 0;
 }
 /* EOF/close handling */
 static void check_close(struct Channel *channel) {
 	TRACE(("check_close: writefd %d, readfd %d, errfd %d, sent_close %d, recv_close %d",
 				channel->writefd, channel->readfd,
-				channel->errfd, channel->sentclosed, channel->recvclosed))
+				channel->errfd, channel->sent_close, channel->recv_close))
 	TRACE(("writebuf size %d extrabuf ptr 0x%x extrabuf size %d",
 				cbuf_getused(channel->writebuf),
 				channel->writebuf,
 				channel->writebuf ? 0 : cbuf_getused(channel->extrabuf)))
-	/* server chansession channels are special, since readfd mightn't
+	/* A bit of a hack for closing up server session channels */
-	 * close in the case of "sleep 4 & echo blah" until the sleep is up */
+	if (channel->writefd >= 0 
-	if (channel->type->checkclose) {
+			&& channel->type->check_close 
-		if (channel->type->checkclose(channel)) {
+			&& channel->type->check_close(channel)) {
-			closewritefd(channel);
+		TRACE(("channel->type->check_close got hit"))
-			closereadfd(channel, channel->readfd);
+		close_chan_fd(channel, channel->writefd, SHUT_WR);
 			closereadfd(channel, channel->errfd);
 		}
 	}
-	if (!channel->senteof
+	if (channel->recv_close && !write_pending(channel)) {
-		&& channel->readfd == FD_CLOSED 
+		if (! channel->sent_close) {
 		&& (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) {
 		send_msg_channel_eof(channel);
 	}
 	if (!channel->sentclosed
 		&& channel->writefd == FD_CLOSED
 		&& channel->readfd == FD_CLOSED
 		&& (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) {
 		send_msg_channel_close(channel);
 	}
 	/* When either party wishes to terminate the channel, it sends
 	 * SSH_MSG_CHANNEL_CLOSE.  Upon receiving this message, a party MUST
 	 * send back a SSH_MSG_CHANNEL_CLOSE unless it has already sent this
 	 * message for the channel.  The channel is considered closed for a
 	 * party when it has both sent and received SSH_MSG_CHANNEL_CLOSE, and
 	 * the party may then reuse the channel number.  A party MAY send
 	 * SSH_MSG_CHANNEL_CLOSE without having sent or received
 	 * SSH_MSG_CHANNEL_EOF. 
 	 * (from draft-ietf-secsh-connect)
 	 */
 	if (channel->recvclosed) {
 		if (! channel->sentclosed) {
 			TRACE(("Sending MSG_CHANNEL_CLOSE in response to same."))
 			send_msg_channel_close(channel);
 		}
-		removechannel(channel);
+		remove_channel(channel);
 		return;
 	}
 	if (channel->recv_eof && !write_pending(channel)) {
 		close_chan_fd(channel, channel->writefd, SHUT_WR);
 	}
 	if (!channel->sent_eof
 			&& channel->readfd == FD_CLOSED 
 			&& (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) {
 		send_msg_channel_eof(channel);
 	}
 	if (!channel->sent_close
 			&& channel->writefd == FD_CLOSED
 			&& channel->readfd == FD_CLOSED
 			&& (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) {
 		send_msg_channel_close(channel);
 	}
 }
@ -308,36 +304,34 @@ static void checkclose(struct Channel *channel) {
 * if so, set up the channel properly. Otherwise, the channel is cleaned up, so
 * it is important that the channel reference isn't used after a call to this
 * function */
-static void checkinitdone(struct Channel *channel) {
+static void check_in_progress(struct Channel *channel) {
 	int val;
 	socklen_t vallen = sizeof(val);
-	TRACE(("enter checkinitdone"))
+	TRACE(("enter check_in_progress"))
 	if (getsockopt(channel->writefd, SOL_SOCKET, SO_ERROR, &val, &vallen)
 			|| val != 0) {
 		send_msg_channel_open_failure(channel->remotechan,
 				SSH_OPEN_CONNECT_FAILED, "", "");
 		close(channel->writefd);
-		deletechannel(channel);
+		delete_channel(channel);
-		TRACE(("leave checkinitdone: fail"))
+		TRACE(("leave check_in_progress: fail"))
 	} else {
 		send_msg_channel_open_confirmation(channel, channel->recvwindow,
 				channel->recvmaxpacket);
 		channel->readfd = channel->writefd;
 		channel->initconn = 0;
-		TRACE(("leave checkinitdone: success"))
+		TRACE(("leave check_in_progress: success"))
 	}
 }
 /* Send the close message and set the channel as closed */
 static void send_msg_channel_close(struct Channel *channel) {
 	TRACE(("enter send_msg_channel_close"))
 	/* XXX server */
 	if (channel->type->closehandler) {
 		channel->type->closehandler(channel);
 	}
@ -349,8 +343,8 @@ static void send_msg_channel_close(struct Channel *channel) {
 	encrypt_packet();
-	channel->senteof = 1;
+	channel->sent_eof = 1;
-	channel->sentclosed = 1;
+	channel->sent_close = 1;
 	TRACE(("leave send_msg_channel_close"))
 }
@ -365,7 +359,7 @@ static void send_msg_channel_eof(struct Channel *channel) {
 	encrypt_packet();
-	channel->senteof = 1;
+	channel->sent_eof = 1;
 	TRACE(("leave send_msg_channel_eof"))
 }
@ -385,9 +379,7 @@ static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) {
 	len = write(fd, cbuf_readptr(cbuf, maxlen), maxlen);
 	if (len <= 0) {
 		if (len < 0 && errno != EINTR) {
-			/* no more to write - we close it even if the fd was stderr, since
+			close_chan_fd(channel, fd, SHUT_WR);
 			 * that's a nasty failure too */
 			closewritefd(channel);
 		}
 		TRACE(("leave writechannel: len <= 0"))
 		return;
@ -396,13 +388,6 @@ static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) {
 	cbuf_incrread(cbuf, len);
 	channel->recvdonelen += len;
 	if (fd == channel->writefd && cbuf_getused(cbuf) == 0 && channel->recveof) { 
 		/* Check if we're closing up */
 		closewritefd(channel);
 		TRACE(("leave writechannel: recveof set"))
 		return;
 	}
 	/* Window adjust handling */
 	if (channel->recvdonelen >= RECV_WINDOWEXTEND) {
 		/* Set it back to max window */
@ -416,7 +401,6 @@ static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) {
 	dropbear_assert(channel->extrabuf == NULL ||
 			channel->recvwindow <= cbuf_getavail(channel->extrabuf));
 	TRACE(("leave writechannel"))
 }
@ -446,19 +430,6 @@ void setchannelfds(fd_set *readfds, fd_set *writefds) {
 			}
 		}
 		TRACE(("writefd = %d, readfd %d, errfd %d, bufused %d", 
 					channel->writefd, channel->readfd,
 					channel->errfd,
 					cbuf_getused(channel->writebuf) ))
 		/* For checking FD status (ie closure etc) - we don't actually
 		 * read data from writefd. We don't want to do this for the client,
 		 * since redirection to /dev/null will make it spin in the select */
 		if (IS_DROPBEAR_SERVER && channel->writefd >= 0 
 				&& channel->writefd != channel->readfd) {
 			FD_SET(channel->writefd, readfds);
 		}
 		/* Stuff from the wire */
 		if ((channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0 )
 				|| channel->initconn) {
@ -487,18 +458,11 @@ void recv_msg_channel_eof() {
 	TRACE(("enter recv_msg_channel_eof"))
-	channel = getchannel();
+	channel = getchannel_msg("EOF");
 	if (channel == NULL) {
 		dropbear_exit("EOF for unknown channel");
 	}
-	channel->recveof = 1;
+	channel->recv_eof = 1;
 	if (cbuf_getused(channel->writebuf) == 0
 			&& (channel->extrabuf == NULL 
 					|| cbuf_getused(channel->extrabuf) == 0)) {
 		closewritefd(channel);
 	}
 	check_close(channel);
 	TRACE(("leave recv_msg_channel_eof"))
 }
@ -510,27 +474,20 @@ void recv_msg_channel_close() {
 	TRACE(("enter recv_msg_channel_close"))
-	channel = getchannel();
+	channel = getchannel_msg("Close");
 	if (channel == NULL) {
 		/* disconnect ? */
 		dropbear_exit("Close for unknown channel");
 	}
-	channel->recveof = 1;
+	channel->recv_eof = 1;
-	channel->recvclosed = 1;
+	channel->recv_close = 1;
 	if (channel->sentclosed) {
 		removechannel(channel);
 	}
 	check_close(channel);
 	TRACE(("leave recv_msg_channel_close"))
 }
 /* Remove a channel entry, this is only executed after both sides have sent
 * channel close */
-static void removechannel(struct Channel * channel) {
+static void remove_channel(struct Channel * channel) {
-	TRACE(("enter removechannel"))
+	TRACE(("enter remove_channel"))
 	TRACE(("channel index is %d", channel->index))
 	cbuf_free(channel->writebuf);
@ -543,20 +500,20 @@ static void removechannel(struct Channel * channel) {
 	/* close the FDs in case they haven't been done
-	 * yet (ie they were shutdown etc */
+	 * yet (they might have been shutdown etc) */
 	close(channel->writefd);
 	close(channel->readfd);
 	close(channel->errfd);
 	channel->typedata = NULL;
-	deletechannel(channel);
+	delete_channel(channel);
-	TRACE(("leave removechannel"))
+	TRACE(("leave remove_channel"))
 }
 /* Remove a channel entry */
-static void deletechannel(struct Channel *channel) {
+static void delete_channel(struct Channel *channel) {
 	ses.channels[channel->index] = NULL;
 	m_free(channel);
@ -574,10 +531,6 @@ void recv_msg_channel_request() {
 	TRACE(("enter recv_msg_channel_request"))
 	channel = getchannel();
 	if (channel == NULL) {
 		/* disconnect ? */
 		dropbear_exit("Unknown channel");
 	}
 	if (channel->type->reqhandler) {
 		channel->type->reqhandler(channel);
@ -594,20 +547,15 @@ void recv_msg_channel_request() {
 * chan is the remote channel, isextended is 0 if it is normal data, 1
 * if it is extended data. if it is extended, then the type is in
 * exttype */
-static void send_msg_channel_data(struct Channel *channel, int isextended,
+static void send_msg_channel_data(struct Channel *channel, int isextended) {
 		unsigned int exttype) {
 	buffer *buf;
 	int len;
-	unsigned int maxlen;
+	size_t maxlen, size_pos;
 	int fd;
 /*	TRACE(("enter send_msg_channel_data"))
 	TRACE(("extended = %d type = %d", isextended, exttype))*/
 	CHECKCLEARTOWRITE();
-	dropbear_assert(!channel->sentclosed);
+	dropbear_assert(!channel->sent_close);
 	if (isextended) {
 		fd = channel->errfd;
@ -621,40 +569,37 @@ static void send_msg_channel_data(struct Channel *channel, int isextended,
 	 * exttype if is extended */
 	maxlen = MIN(maxlen, 
 			ses.writepayload->size - 1 - 4 - 4 - (isextended ? 4 : 0));
 	TRACE(("maxlen %d", maxlen))
 	if (maxlen == 0) {
 		TRACE(("leave send_msg_channel_data: no window"))
 		return; /* the data will get written later */
 	}
 	/* read the data */
 	TRACE(("maxlen %d", maxlen))
 	buf = buf_new(maxlen);
 	TRACE(("buf pos %d data %x", buf->pos, buf->data))
 	len = read(fd, buf_getwriteptr(buf, maxlen), maxlen);
 	if (len <= 0) {
 		/* on error/eof, send eof */
 		if (len == 0 || errno != EINTR) {
 			closereadfd(channel, fd);
 		}
 		buf_free(buf);
 		buf = NULL;
 		TRACE(("leave send_msg_channel_data: read err or EOF for fd %d", 
 					channel->index));
 		return;
 	}
 	buf_incrlen(buf, len);
 	buf_putbyte(ses.writepayload, 
 			isextended ? SSH_MSG_CHANNEL_EXTENDED_DATA : SSH_MSG_CHANNEL_DATA);
 	buf_putint(ses.writepayload, channel->remotechan);
 	if (isextended) {
-		buf_putint(ses.writepayload, exttype);
+		buf_putint(ses.writepayload, SSH_EXTENDED_DATA_STDERR);
 	}
 	/* a dummy size first ...*/
 	size_pos = ses.writepayload->pos;
 	buf_putint(ses.writepayload, 0);
-	buf_putstring(ses.writepayload, buf_getptr(buf, len), len);
+	/* read the data */
-	buf_free(buf);
+	len = read(fd, buf_getwriteptr(ses.writepayload, maxlen), maxlen);
-	buf = NULL;
+	if (len <= 0) {
 		if (len == 0 || errno != EINTR) {
 			close_chan_fd(channel, fd, SHUT_RD);
 		}
 		ses.writepayload->len = ses.writepayload->pos = 0;
 		TRACE(("leave send_msg_channel_data: read err or EOF for fd %d", 
 					channel->index));
 		return;
 	}
 	buf_incrwritepos(ses.writepayload, len);
 	/* ... real size here */
 	buf_setpos(ses.writepayload, size_pos);
 	buf_putint(ses.writepayload, len);
 	channel->transwindow -= len;
@ -668,9 +613,6 @@ void recv_msg_channel_data() {
 	struct Channel *channel;
 	channel = getchannel();
 	if (channel == NULL) {
 		dropbear_exit("Unknown channel");
 	}
 	common_recv_msg_channel_data(channel, channel->writefd, channel->writebuf);
 }
@ -687,16 +629,19 @@ void common_recv_msg_channel_data(struct Channel *channel, int fd,
 	TRACE(("enter recv_msg_channel_data"))
-	if (channel->recveof) {
+	if (channel->recv_eof) {
 		dropbear_exit("received data after eof");
 	}
 	if (fd < 0) {
-		dropbear_exit("received data with bad writefd");
+		/* If we have encountered failed write, the far side might still
 		 * be sending data without having yet received our close notification.
 		 * We just drop the data. */
 		return;
 	}
 	datalen = buf_getint(ses.payload);
-
+	TRACE(("length %d", datalen))
 	maxdata = cbuf_getavail(cbuf);
@ -738,9 +683,6 @@ void recv_msg_channel_window_adjust() {
 	unsigned int incr;
 	channel = getchannel();
 	if (channel == NULL) {
 		dropbear_exit("Unknown channel");
 	}
 	incr = buf_getint(ses.payload);
 	TRACE(("received window increment %d", incr))
@ -767,7 +709,6 @@ static void send_msg_channel_window_adjust(struct Channel* channel,
 }
 /* Handle a new channel request, performing any channel-type-specific setup */
 /* XXX server */
 void recv_msg_channel_open() {
 	unsigned char *type;
@ -799,6 +740,7 @@ void recv_msg_channel_open() {
 	/* Get the channel type. Client and server style invokation will set up a
 	 * different list for ses.chantypes at startup. We just iterate through
 	 * this list and find the matching name */
 	/* XXX fugly */
 	for (cp = &ses.chantypes[0], chantype = (*cp); 
 			chantype != NULL;
 			cp++, chantype = (*cp)) {
@ -824,13 +766,13 @@ void recv_msg_channel_open() {
 	if (channel->type->inithandler) {
 		ret = channel->type->inithandler(channel);
 		if (ret == SSH_OPEN_IN_PROGRESS) {
 			/* We'll send the confirmation later */
 			goto cleanup;
 		}
 		if (ret > 0) {
 			if (ret == SSH_OPEN_IN_PROGRESS) {
 				/* We'll send the confirmation later */
 				goto cleanup;
 			}
 			errtype = ret;
-			deletechannel(channel);
+			delete_channel(channel);
 			TRACE(("inithandler returned failure %d", ret))
 			goto failure;
 		}
@ -914,6 +856,47 @@ static void send_msg_channel_open_confirmation(struct Channel* channel,
 	TRACE(("leave send_msg_channel_open_confirmation"))
 }
 /* close a fd, how is SHUT_RD or SHUT_WR */
 static void close_chan_fd(struct Channel *channel, int fd, int how) {
 	int closein = 0, closeout = 0;
 	if (channel->type->sepfds) {
 		TRACE(("shutdown((%d), %d)", fd, how))
 		shutdown(fd, how);
 		if (how == 0) {
 			closeout = 1;
 		} else {
 			closein = 1;
 		}
 	} else {
 		close(fd);
 		closein = closeout = 1;
 	}
 	if (closeout && fd == channel->readfd) {
 		channel->readfd = FD_CLOSED;
 	}
 	if (closeout && (channel->extrabuf == NULL) && (fd == channel->errfd)) {
 		channel->errfd = FD_CLOSED;
 	}
 	if (closein && fd == channel->writefd) {
 		channel->writefd = FD_CLOSED;
 	}
 	if (closein && (channel->extrabuf != NULL) && (fd == channel->errfd)) {
 		channel->errfd = FD_CLOSED;
 	}
 	/* if we called shutdown on it and all references are gone, then we 
 	 * need to close() it to stop it lingering */
 	if (channel->type->sepfds && channel->readfd == FD_CLOSED 
 		&& channel->writefd == FD_CLOSED && channel->errfd == FD_CLOSED) {
 		close(fd);
 	}
 }
 #if defined(USING_LISTENERS) || defined(DROPBEAR_CLIENT)
 /* Create a new channel, and start the open request. This is intended
 * for X11, agent, tcp forwarding, and should be filled with channel-specific
@ -962,9 +945,6 @@ void recv_msg_channel_open_confirmation() {
 	TRACE(("enter recv_msg_channel_open_confirmation"))
 	channel = getchannel();
 	if (channel == NULL) {
 		dropbear_exit("Unknown channel");
 	}
 	if (!channel->await_open) {
 		dropbear_exit("unexpected channel reply");
@ -982,7 +962,7 @@ void recv_msg_channel_open_confirmation() {
 	if (channel->type->inithandler) {
 		ret = channel->type->inithandler(channel);
 		if (ret > 0) {
-			removechannel(channel);
+			remove_channel(channel);
 			TRACE(("inithandler returned failure %d", ret))
 		}
 	}
@ -997,74 +977,12 @@ void recv_msg_channel_open_failure() {
 	struct Channel * channel;
 	channel = getchannel();
 	if (channel == NULL) {
 		dropbear_exit("Unknown channel");
 	}
 	if (!channel->await_open) {
 		dropbear_exit("unexpected channel reply");
 	}
 	channel->await_open = 0;
-	removechannel(channel);
+	remove_channel(channel);
 }
 #endif /* USING_LISTENERS */
 /* close a stdout/stderr fd */
 static void closereadfd(struct Channel * channel, int fd) {
 	/* don't close it if it is the same as writefd,
 	 * unless writefd is already set -1 */
 	TRACE(("enter closereadfd"))
 	closechanfd(channel, fd, 0);
 	TRACE(("leave closereadfd"))
 }
 /* close a stdin fd */
 static void closewritefd(struct Channel * channel) {
 	TRACE(("enter closewritefd"))
 	closechanfd(channel, channel->writefd, 1);
 	TRACE(("leave closewritefd"))
 }
 /* close a fd, how is 0 for stdout/stderr, 1 for stdin */
 static void closechanfd(struct Channel *channel, int fd, int how) {
 	int closein = 0, closeout = 0;
 	/* XXX server */
 	if (channel->type->sepfds) {
 		TRACE(("shutdown((%d), %d)", fd, how))
 		shutdown(fd, how);
 		if (how == 0) {
 			closeout = 1;
 		} else {
 			closein = 1;
 		}
 	} else {
 		close(fd);
 		closein = closeout = 1;
 	}
 	if (closeout && fd == channel->readfd) {
 		channel->readfd = FD_CLOSED;
 	}
 	if (closeout && (channel->extrabuf == NULL) && (fd == channel->errfd)) {
 		channel->errfd = FD_CLOSED;
 	}
 	if (closein && fd == channel->writefd) {
 		channel->writefd = FD_CLOSED;
 	}
 	if (closein && (channel->extrabuf != NULL) && (fd == channel->errfd)) {
 		channel->errfd = FD_CLOSED;
 	}
 	/* if we called shutdown on it and all references are gone, then we 
 	 * need to close() it to stop it lingering */
 	if (channel->type->sepfds && channel->readfd == FD_CLOSED 
 		&& channel->writefd == FD_CLOSED && channel->errfd == FD_CLOSED) {
 		close(fd);
 	}
 }
--- a/debug.h
+++ b/debug.h
@ -39,7 +39,7 @@
 * Caution: Don't use this in an unfriendly environment (ie unfirewalled),
 * since the printing may not sanitise strings etc. This will add a reasonable
 * amount to your executable size. */
-/*#define DEBUG_TRACE */
+#define DEBUG_TRACE
 /* All functions writing to the cleartext payload buffer call
 * CHECKCLEARTOWRITE() before writing. This is only really useful if you're
--- a/svr-chansession.c
+++ b/svr-chansession.c
@ -59,7 +59,6 @@ static void send_msg_chansess_exitstatus(struct Channel * channel,
 		struct ChanSess * chansess);
 static void send_msg_chansess_exitsignal(struct Channel * channel,
 		struct ChanSess * chansess);
 static int sesscheckclose(struct Channel *channel);
 static void get_termmodes(struct ChanSess *chansess);
@ -67,7 +66,8 @@ static void get_termmodes(struct ChanSess *chansess);
 extern char** environ;
 static int sesscheckclose(struct Channel *channel) {
-	return channel->writefd == -1;
+	struct ChanSess *chansess = (struct ChanSess*)channel->typedata;
 	return chansess->exit.exitpid != -1;
 }
 /* Handler for childs exiting, store the state for return to the client */