# HG changeset patch # User Matt Johnston # Date 1248836313 0 # Node ID 7f66b8e40f2d0a2930e32b32a9fe07a119a76588 # Parent de3653483ac0202c4e57728ecf4dfc893c4ac5e9# Parent bcc5b69d15a647daa9143286b52c30a6a3ac8d84 propagate from branch 'au.asn.ucc.matt.dropbear' (head bbe4e11695a7b22bd89a722600eb4a4020b6fdf3) to branch 'au.asn.ucc.matt.dropbear.cli-agent' (head 276cf5e82276b6c879d246ba64739ec6868f5150) diff -r de3653483ac0 -r 7f66b8e40f2d common-kex.c --- a/common-kex.c Mon Jul 06 14:02:45 2009 +0000 +++ b/common-kex.c Wed Jul 29 02:58:33 2009 +0000 @@ -371,7 +371,9 @@ ses.newkeys->trans.zstream->zalloc = Z_NULL; ses.newkeys->trans.zstream->zfree = Z_NULL; - if (deflateInit(ses.newkeys->trans.zstream, Z_DEFAULT_COMPRESSION) + if (deflateInit2(ses.newkeys->trans.zstream, Z_DEFAULT_COMPRESSION, + Z_DEFLATED, DROPBEAR_ZLIB_WINDOW_BITS, + DROPBEAR_ZLIB_MEM_LEVEL, Z_DEFAULT_STRATEGY) != Z_OK) { dropbear_exit("zlib error"); } diff -r de3653483ac0 -r 7f66b8e40f2d debug.h diff -r de3653483ac0 -r 7f66b8e40f2d options.h --- a/options.h Mon Jul 06 14:02:45 2009 +0000 +++ b/options.h Wed Jul 29 02:58:33 2009 +0000 @@ -87,7 +87,8 @@ #define DROPBEAR_AES128 #define DROPBEAR_3DES #define DROPBEAR_AES256 -#define DROPBEAR_BLOWFISH +/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ +/*#define DROPBEAR_BLOWFISH*/ #define DROPBEAR_TWOFISH256 #define DROPBEAR_TWOFISH128 @@ -130,6 +131,21 @@ * if the random number source isn't good. In general this isn't required */ /* #define DSS_PROTOK */ +/* Control the memory/performance/compression tradeoff for zlib. + * Set windowBits=8, memLevel=1 for least memory usage, see your system's + * zlib.h for full details. + * Default settings (windowBits=15, memLevel=8) will use + * 256kB for compression + 32kB for decompression. + * windowBits=8, memLevel=1 will use 10kB compression + 32kB decompression. + * Note that windowBits is only set for deflate() - inflate() always uses the + * default of 15 so as to interoperate with other clients. */ +#ifndef DROPBEAR_ZLIB_WINDOW_BITS +#define DROPBEAR_ZLIB_WINDOW_BITS 15 +#endif +#ifndef DROPBEAR_ZLIB_MEM_LEVEL +#define DROPBEAR_ZLIB_MEM_LEVEL 8 +#endif + /* Whether to do reverse DNS lookups. */ #define DO_HOST_LOOKUP @@ -248,13 +264,19 @@ significant difference to network performance. 24kB was empirically chosen for a 100mbit ethernet network. The value can be altered at runtime with the -W argument. */ +#ifndef DEFAULT_RECV_WINDOW #define DEFAULT_RECV_WINDOW 24576 +#endif /* Maximum size of a received SSH data packet - this _MUST_ be >= 32768 in order to interoperate with other implementations */ +#ifndef RECV_MAX_PAYLOAD_LEN #define RECV_MAX_PAYLOAD_LEN 32768 +#endif /* Maximum size of a transmitted data packet - this can be any value, though increasing it may not make a significant difference. */ +#ifndef TRANS_MAX_PAYLOAD_LEN #define TRANS_MAX_PAYLOAD_LEN 16384 +#endif /* Ensure that data is transmitted every KEEPALIVE seconds. This can be overridden at runtime with -K. 0 disables keepalives */ diff -r de3653483ac0 -r 7f66b8e40f2d packet.c --- a/packet.c Mon Jul 06 14:02:45 2009 +0000 +++ b/packet.c Wed Jul 29 02:58:33 2009 +0000 @@ -261,7 +261,7 @@ /* payload length */ /* - 4 - 1 is for LEN and PADLEN values */ - len = ses.readbuf->len - padlen - 4 - 1; + len = ses.readbuf->len - padlen - 4 - 1 - macsize; if ((len > RECV_MAX_PAYLOAD_LEN) || (len < 1)) { dropbear_exit("bad packet size"); } diff -r de3653483ac0 -r 7f66b8e40f2d session.h --- a/session.h Mon Jul 06 14:02:45 2009 +0000 +++ b/session.h Wed Jul 29 02:58:33 2009 +0000 @@ -213,6 +213,10 @@ /* The numeric address they connected from, used for logging */ char * addrstring; +#ifdef __uClinux__ + pid_t server_pid; +#endif + }; typedef enum { diff -r de3653483ac0 -r 7f66b8e40f2d svr-session.c --- a/svr-session.c Mon Jul 06 14:02:45 2009 +0000 +++ b/svr-session.c Wed Jul 29 02:58:33 2009 +0000 @@ -85,6 +85,10 @@ /* Initialise server specific parts of the session */ svr_ses.childpipe = childpipe; svr_ses.addrstring = addrstring; +#ifdef __uClinux__ + svr_ses.server_pid = getpid(); +#endif + svr_ses.addrstring = addrstring; svr_authinitialise(); chaninitialise(svr_chantypes); svr_chansessinitialise(); @@ -144,11 +148,20 @@ _dropbear_log(LOG_INFO, fmtbuf, param); - /* free potential public key options */ - svr_pubkey_options_cleanup(); +#ifdef __uClinux__ + /* only the main server process should cleanup - we don't want + * forked children doing that */ + if (svr_ses.server_pid == getpid()) +#else + if (1) +#endif + { + /* free potential public key options */ + svr_pubkey_options_cleanup(); - /* must be after we've done with username etc */ - common_session_cleanup(); + /* must be after we've done with username etc */ + common_session_cleanup(); + } exit(exitcode);