Disable immediate auth for delayed-zlib mode

2025-01-31 10:57:01 +00:00 · 2014-02-15 21:23:41 +08:00 · 2014-02-15 21:23:41 +08:00 · fa2d843403
commit fa2d843403
parent 1dc5312f00
1 changed files with 16 additions and 8 deletions
--- a/cli-auth.c
+++ b/cli-auth.c
@ -52,6 +52,13 @@ void cli_auth_getmethods() {
 	encrypt_packet();

 #ifdef DROPBEAR_CLI_IMMEDIATE_AUTH
+	/* We can't haven't two auth requests in-flight with delayed zlib mode
+	since if the first one succeeds then the remote side will 
+	expect the second one to be compressed. 
+	Race described at
+	http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/zlib-openssh.html
+	*/
+	if (ses.keys->trans.algo_comp != DROPBEAR_COMP_ZLIB_DELAY) {
 		ses.authstate.authtypes = AUTH_TYPE_PUBKEY;
 		if (getenv(DROPBEAR_PASSWORD_ENV)) {
 			ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT;
@ -61,6 +68,7 @@ void cli_auth_getmethods() {
 			/* Note that there will be two auth responses in-flight */
 			cli_ses.ignore_next_auth_response = 1;
 		}
+	}
 #endif
 	TRACE(("leave cli_auth_getmethods"))
 }