OpenSSH: correct logic error in ObscureKeystrokeTiming

Cherry-pick fix: upstream: when sending ObscureKeystrokeTiming chaff packets, we can't rely on channel_did_enqueue to tell that there is data to send. This flag indicates that the channels code enqueued a packet on _this_ ppoll() iteration, not that data was enqueued in _any_ ppoll() iteration in the timeslice. ok markus@ OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136 Obtained from: openssh-portable 146c420d29d0 Reviewed by: gordon Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D45823
HardenedBSD · Jul 5, 2024 · b81424a · b81424a
1 parent 383fd3e
commit b81424a
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/crypto/openssh/clientloop.c b/crypto/openssh/clientloop.c
@@ -608,8 +608,9 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout,
 		if (timespeccmp(&now, &chaff_until, >=)) {
 			/* Stop if there have been no keystrokes for a while */
 			stop_reason = "chaff time expired";
-		} else if (timespeccmp(&now, &next_interval, >=)) {
-			/* Otherwise if we were due to send, then send chaff */
+		} else if (timespeccmp(&now, &next_interval, >=) &&
+		    !ssh_packet_have_data_to_write(ssh)) {
+			/* If due to send but have no data, then send chaff */
 			if (send_chaff(ssh))
 				nchaff++;
 		}