From c8692f7570285bd10128fddce7afa732f6956b66 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Mon, 25 Nov 2024 16:36:54 -0700
Subject: [PATCH 1/2] kill child process after SSH connection failure

---
 apps/wolfsshd/wolfsshd.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/apps/wolfsshd/wolfsshd.c b/apps/wolfsshd/wolfsshd.c
index 9ea7ed77..1d4fb898 100644
--- a/apps/wolfsshd/wolfsshd.c
+++ b/apps/wolfsshd/wolfsshd.c
@@ -1498,6 +1498,8 @@ static int SHELL_Subsystem(WOLFSSHD_CONNECTION* conn, WOLFSSH* ssh,
                     continue;
                 }
                 else if (rc != WS_WANT_READ) {
+                    /* unexpected error, kill off child process */
+                    kill(childPid, SIGKILL);
                     break;
                 }
             }

From ce5b401ebd1ec7c05b54dce6eefde34429100187 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Tue, 26 Nov 2024 10:10:26 -0700
Subject: [PATCH 2/2] add regression test for closing down child on SSH
 connection issue

---
 apps/wolfsshd/test/run_all_sshd_tests.sh   |  1 +
 apps/wolfsshd/test/sshd_term_close_test.sh | 57 ++++++++++++++++++++++
 2 files changed, 58 insertions(+)
 create mode 100755 apps/wolfsshd/test/sshd_term_close_test.sh

diff --git a/apps/wolfsshd/test/run_all_sshd_tests.sh b/apps/wolfsshd/test/run_all_sshd_tests.sh
index e72421b8..d6ffb458 100755
--- a/apps/wolfsshd/test/run_all_sshd_tests.sh
+++ b/apps/wolfsshd/test/run_all_sshd_tests.sh
@@ -61,6 +61,7 @@ run_test "sshd_exec_test.sh"
 run_test "sshd_term_size_test.sh"
 run_test "sshd_large_sftp_test.sh"
 run_test "sshd_bad_sftp_test.sh"
+run_test "sshd_term_close_test.sh"
 
 #Github actions needs resolved for these test cases
 #run_test "error_return.sh"
diff --git a/apps/wolfsshd/test/sshd_term_close_test.sh b/apps/wolfsshd/test/sshd_term_close_test.sh
new file mode 100755
index 00000000..e140f439
--- /dev/null
+++ b/apps/wolfsshd/test/sshd_term_close_test.sh
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+# sshd local test
+
+ROOT_PWD=$(pwd)
+cd ../../..
+
+TEST_CLIENT="./examples/client/client"
+PRIVATE_KEY="./keys/hansel-key-ecc.der"
+PUBLIC_KEY="./keys/hansel-key-ecc.pub"
+
+if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then
+    echo "expecting host and port as arguments"
+    echo "$0 127.0.0.1 22222 $USER"
+    exit 1
+fi
+
+# get the current wolfsshd pid count to compare with
+WOLFSSHD_PID_COUNT=$(pgrep wolfsshd | wc -l)
+
+timeout 3 $TEST_CLIENT -p $2 -i $PRIVATE_KEY -j $PUBLIC_KEY -h $1 -c '/bin/sleep 10' -u $3 &
+sleep 1
+WOLFSSHD_PID_COUNT_AFTER=$(pgrep wolfsshd | wc -l)
+if [ "$WOLFSSHD_PID_COUNT" = "$WOLFSSHD_PID_COUNT_AFTER" ]; then
+    echo "Expecting another wolfSSHd pid after connection"
+    echo "PID count before = $WOLFSSHD_PID_COUNT"
+    echo "PID count after  = $WOLFSSHD_PID_COUNT_AFTER"
+    exit 1
+fi
+
+netstat -nt | grep ESTABLISHED
+RESULT=$?
+if [ "$RESULT" != "0" ]; then
+    echo "Expecting to find the TCP connection established"
+    exit 1
+fi
+
+sleep 2
+
+netstat -nt | grep CLOSE_WAIT
+RESULT=$?
+if [ "$RESULT" = "0" ]; then
+    echo "Found close wait and was not expecting it"
+    exit 1
+fi
+
+netstat -nt | grep TIME_WAIT
+RESULT=$?
+if [ "$RESULT" != "0" ]; then
+    echo "Did not find timed wait for TCP close down"
+    exit 1
+fi
+
+cd "$ROOT_PWD"
+exit 0
+
+