upstream: don't start the ObscureKeystrokeTiming mitigations if

there has been traffic on a X11 forwarding channel recently.

Should fix X11 forwarding performance problems when this setting is
enabled. Patch from Antonio Larrosa via bz3655

OpenBSD-Commit-ID: 820284a92eb4592fcd3d181a62c1b86b08a4a7ab

diff --git a/channels.c b/channels.c
index a23fde425f3713e5cf3527add3d350e8008afe14..8ebe21c40ea57022f409bac6b02df368eb72849a 100644 (file)
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.439 2024/07/25 22:40:08 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.440 2024/10/13 22:20:06 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -5336,3 +5336,22 @@ x11_request_forwarding_with_spoofing(struct ssh *ssh, int client_session_id,
                fatal_fr(r, "send x11-req");
        free(new_data);
 }
+
+/*
+ * Returns whether an x11 channel was used recently (less than a second ago)
+ */
+int
+x11_channel_used_recently(struct ssh *ssh) {
+       u_int i;
+       Channel *c;
+       time_t lastused = 0;
+
+       for (i = 0; i < ssh->chanctxt->channels_alloc; i++) {
+               c = ssh->chanctxt->channels[i];
+               if (c == NULL || c->ctype == NULL || c->lastused == 0 ||
+                   strcmp(c->ctype, "x11-connection") != 0)
+                       continue;
+               lastused = c->lastused;
+       }
+       return lastused != 0 && monotime() > lastused + 1;
+}

diff --git a/channels.h b/channels.h
index 3ac5e837bfb4ad6734bde5dc72b8391e64965841..134528d59c725aba5018dfc55758723697dd9a85 100644 (file)
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.157 2024/07/25 22:40:08 djm Exp $ */
+/* $OpenBSD: channels.h,v 1.158 2024/10/13 22:20:06 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -382,6 +382,7 @@ int  x11_connect_display(struct ssh *);
 int     x11_create_display_inet(struct ssh *, int, int, int, u_int *, int **);
 void    x11_request_forwarding_with_spoofing(struct ssh *, int,
            const char *, const char *, const char *, int);
+int      x11_channel_used_recently(struct ssh *ssh);
 
 /* channel close */
 

diff --git a/clientloop.c b/clientloop.c
index 8ed8b1c3449d0f4733e571b7f11648f47d274fd4..ccd70b5a132e19233fc873fa67f234dc6efa793f 100644 (file)
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.408 2024/07/01 04:31:17 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.409 2024/10/13 22:20:06 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -659,9 +659,10 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout,
        if (just_started)
                return 1;
 
-       /* Don't arm output fd for poll until the timing interval has elapsed */
+       /* Don't arm output fd for poll until the timing interval has elapsed... */
        if (timespeccmp(&now, &next_interval, <))
-               return 0;
+               /* ...unless there's x11 communicattion happening */
+               return x11_channel_used_recently(ssh);
 
        /* Calculate number of intervals missed since the last check */
        n = (now.tv_sec - next_interval.tv_sec) * 1000LL * 1000 * 1000;