SwordArMor-gentoo-overlay/net-misc/openssh/files/openssh-9.6_p1-chaff-logic.patch

"Minor logic error in ObscureKeystrokeTiming"
https://marc.info/?l=oss-security&m=171982317624594&w=2
--- a/clientloop.c
+++ b/clientloop.c
@@ -608,8 +608,9 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout,
 		if (timespeccmp(&now, &chaff_until, >=)) {
 			/* Stop if there have been no keystrokes for a while */
 			stop_reason = "chaff time expired";
-		} else if (timespeccmp(&now, &next_interval, >=)) {
-			/* Otherwise if we were due to send, then send chaff */
+		} else if (timespeccmp(&now, &next_interval, >=) &&
+		    !ssh_packet_have_data_to_write(ssh)) {
+			/* If due to send but have no data, then send chaff */
 			if (send_chaff(ssh))
 				nchaff++;
 		}
net-misc/openssh: Adding 9.8 with DSA Signed-off-by: Alarig Le Lay <alarig@swordarmor.fr> 2024-10-10 13:14:58 +02:00			`"Minor logic error in ObscureKeystrokeTiming"`
			`https://marc.info/?l=oss-security&m=171982317624594&w=2`
			`--- a/clientloop.c`
			`+++ b/clientloop.c`
			`@@ -608,8 +608,9 @@ obfuscate_keystroke_timing(struct ssh ssh, struct timespec timeout,`
			`if (timespeccmp(&now, &chaff_until, >=)) {`
			`/* Stop if there have been no keystrokes for a while */`
			`stop_reason = "chaff time expired";`
			`- } else if (timespeccmp(&now, &next_interval, >=)) {`
			`- /* Otherwise if we were due to send, then send chaff */`
			`+ } else if (timespeccmp(&now, &next_interval, >=) &&`
			`+ !ssh_packet_have_data_to_write(ssh)) {`
			`+ /* If due to send but have no data, then send chaff */`
			`if (send_chaff(ssh))`
			`nchaff++;`
			`}`