client: Properly reset session structures on disconnect

torture_connect_double test case used to test the connect only up to key exchange phase, but not after the new keys are stated to be used for communication. The keys from previous connectoin were not cleaned up from the previous invocation as well as the seqence number was not reset and therefore any further packet was failing with length-check errors or MAC errors. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-21 14:22:59 +02:00 · 2018-06-21 14:22:59 +02:00 · f1b36c18f6
--- a/src/client.c
+++ b/src/client.c
@ -667,6 +667,8 @@ void ssh_disconnect(ssh_session session) {
    ssh_socket_close(session->socket);
  }
 error:
+  session->recv_seq = 0;
+  session->send_seq = 0;
  session->alive = 0;
  if (session->socket != NULL){
    ssh_socket_reset(session->socket);
@ -682,6 +684,13 @@ error:
    crypto_free(session->current_crypto);
    session->current_crypto=NULL;
  }
+  if (session->next_crypto) {
+    crypto_free(session->next_crypto);
+    session->next_crypto = crypto_new();
+    if (session->next_crypto == NULL) {
+      ssh_set_error_oom(session);
+    }
+  }
  if (session->in_buffer) {
    ssh_buffer_reinit(session->in_buffer);
  }