Deathlock when using passwords with special characters

Dec 15, 2011 at 1:15 PM

Hi all,

I stumbled into a bug when using passwords with special characters. I can reproduce the bug with the following code:

 

using (SshClient client = new SshClient("host" /* existing */, "user" /* existing */ , "tést" /* mention the é */))
{
    client.Connect();
}

 

When using the password “test” (without é), everything works fine, however when including the special character, Connect() will not return. It does not matter whether the password is correct or wrong.

I was not able to track down the bug in the source code, nor have I found any relationship to the special characters. But I located the problem in Session.WaitHandle:

 

internal void WaitHandle(WaitHandle waitHandle)
{
    var waitHandles = new WaitHandle[]
        {
            this._exceptionWaitHandle,
            waitHandle,
        };

    var index = EventWaitHandle.WaitAny(waitHandles, this.ConnectionInfo.Timeout);

    if (index < 1)
    {
        throw this._exception;
    }
    else if (index > 1)
    {
        this.SendDisconnect(DisconnectReason.ByApplication, "Operation timeout");

        throw new SshOperationTimeoutException("Session operation has timed out");
 } }

For some reason, WaitAny will trigger the timeout. The deathlock then occurs during the stack unwinding while throwing the SshOperationTimeoutException.

 

Does anyone have a fix or a workaround for this problem?

Coordinator
Dec 15, 2011 at 1:36 PM

Hi,

 

Thanks for reporting this problem.

I will take a look at it and let you know what I find.

 

Thanks,

Oleg

Coordinator
Dec 15, 2011 at 1:45 PM

 

I just did a small test and it works fine, server receives request to authenticate user, which is UTF-8 encoded as it should be and client receives authentication failed message.

 

So in my case it throws an exception.

 

What server you using?

Try to put breakpoints in PasswordConnectionInfo in following methods:

Session_UserAuthenticationSuccessMessageReceived

Session_UserAuthenticationFailureReceived

 

And see if either of those methods are called during the authentication process.

 

Thanks,

Oleg