Fix regression related to rekeying

ronf · ronf · commit c3dc86936003 · 2024-06-05T17:19:39.000-07:00
This commit corrects a mistake in a change which went into 2.14.1 that
could cause rekeying to fail in some cases where there was activity on
the connection. Thanks go to GitHub user eyalgolan1337 for reporting this
problem, helping to narrow down the source of it, and testing the fix!
diff --git a/asyncssh/connection.py b/asyncssh/connection.py
@@ -1634,7 +1634,9 @@ def send_packet(self, pkttype: int, *args: bytes,
             self._send_kexinit()
             self._kexinit_sent = True
 
-        if ((pkttype == MSG_USERAUTH_BANNER and
+        if (((pkttype in {MSG_SERVICE_REQUEST, MSG_SERVICE_ACCEPT} or
+              pkttype > MSG_KEX_LAST) and not self._kex_complete) or
+                (pkttype == MSG_USERAUTH_BANNER and
                  not (self._auth_in_progress or self._auth_complete)) or
                 (pkttype > MSG_USERAUTH_LAST and not self._auth_complete)):
             self._deferred_packets.append((pkttype, args))
diff --git a/tests/test_connection.py b/tests/test_connection.py
@@ -1136,6 +1136,8 @@ async def test_service_request_before_kex_complete(self):
         def send_newkeys(self, k, h):
             """Finish a key exchange and send a new keys message"""
 
+            self._kex_complete = True
+
             self.send_packet(MSG_SERVICE_REQUEST, String('ssh-userauth'))
 
             asyncssh.connection.SSHConnection.send_newkeys(self, k, h)
@@ -1152,6 +1154,8 @@ async def test_service_accept_before_kex_complete(self):
         def send_newkeys(self, k, h):
             """Finish a key exchange and send a new keys message"""
 
+            self._kex_complete = True
+
             self.send_packet(MSG_SERVICE_ACCEPT, String('ssh-userauth'))
 
             asyncssh.connection.SSHConnection.send_newkeys(self, k, h)
@@ -1438,6 +1442,8 @@ async def test_userauth_before_kex_complete(self):
         def send_newkeys(self, k, h):
             """Finish a key exchange and send a new keys message"""
 
+            self._kex_complete = True
+
             self.send_packet(MSG_USERAUTH_REQUEST, String('guest'),
                              String('ssh-connection'), String('none'))
 
