diff options
author | Colin Watson <cjwatson@debian.org> | 2015-08-19 14:23:51 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2015-08-19 16:48:11 +0100 |
commit | 0f0841b2d28b7463267d4d91577e72e3340a1d3a (patch) | |
tree | ba55fcd2b6e2cc22b30f5afb561dbb3da4c8b6c7 /channels.c | |
parent | f2a5f5dae656759efb0b76c3d94890b65c197a02 (diff) | |
parent | 8698446b972003b63dfe5dcbdb86acfe986afb85 (diff) |
New upstream release (6.8p1).
Diffstat (limited to 'channels.c')
-rw-r--r-- | channels.c | 77 |
1 files changed, 46 insertions, 31 deletions
diff --git a/channels.c b/channels.c index d67fdf48b..9486c1cff 100644 --- a/channels.c +++ b/channels.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.c,v 1.336 2014/07/15 15:54:14 millert Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.341 2015/02/06 23:21:59 millert Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -42,6 +42,7 @@ | |||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | 43 | ||
44 | #include <sys/types.h> | 44 | #include <sys/types.h> |
45 | #include <sys/param.h> /* MIN MAX */ | ||
45 | #include <sys/stat.h> | 46 | #include <sys/stat.h> |
46 | #include <sys/ioctl.h> | 47 | #include <sys/ioctl.h> |
47 | #include <sys/un.h> | 48 | #include <sys/un.h> |
@@ -56,6 +57,9 @@ | |||
56 | #include <errno.h> | 57 | #include <errno.h> |
57 | #include <fcntl.h> | 58 | #include <fcntl.h> |
58 | #include <netdb.h> | 59 | #include <netdb.h> |
60 | #ifdef HAVE_STDINT_H | ||
61 | #include <stdint.h> | ||
62 | #endif | ||
59 | #include <stdio.h> | 63 | #include <stdio.h> |
60 | #include <stdlib.h> | 64 | #include <stdlib.h> |
61 | #include <string.h> | 65 | #include <string.h> |
@@ -669,7 +673,7 @@ channel_open_message(void) | |||
669 | } | 673 | } |
670 | } | 674 | } |
671 | buffer_append(&buffer, "\0", 1); | 675 | buffer_append(&buffer, "\0", 1); |
672 | cp = xstrdup(buffer_ptr(&buffer)); | 676 | cp = xstrdup((char *)buffer_ptr(&buffer)); |
673 | buffer_free(&buffer); | 677 | buffer_free(&buffer); |
674 | return cp; | 678 | return cp; |
675 | } | 679 | } |
@@ -1055,7 +1059,7 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) | |||
1055 | len = sizeof(s4_req); | 1059 | len = sizeof(s4_req); |
1056 | if (have < len) | 1060 | if (have < len) |
1057 | return 0; | 1061 | return 0; |
1058 | p = buffer_ptr(&c->input); | 1062 | p = (char *)buffer_ptr(&c->input); |
1059 | 1063 | ||
1060 | need = 1; | 1064 | need = 1; |
1061 | /* SOCKS4A uses an invalid IP address 0.0.0.x */ | 1065 | /* SOCKS4A uses an invalid IP address 0.0.0.x */ |
@@ -1085,7 +1089,7 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) | |||
1085 | buffer_get(&c->input, (char *)&s4_req.dest_port, 2); | 1089 | buffer_get(&c->input, (char *)&s4_req.dest_port, 2); |
1086 | buffer_get(&c->input, (char *)&s4_req.dest_addr, 4); | 1090 | buffer_get(&c->input, (char *)&s4_req.dest_addr, 4); |
1087 | have = buffer_len(&c->input); | 1091 | have = buffer_len(&c->input); |
1088 | p = buffer_ptr(&c->input); | 1092 | p = (char *)buffer_ptr(&c->input); |
1089 | if (memchr(p, '\0', have) == NULL) | 1093 | if (memchr(p, '\0', have) == NULL) |
1090 | fatal("channel %d: decode socks4: user not nul terminated", | 1094 | fatal("channel %d: decode socks4: user not nul terminated", |
1091 | c->self); | 1095 | c->self); |
@@ -1105,7 +1109,7 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) | |||
1105 | c->path = xstrdup(host); | 1109 | c->path = xstrdup(host); |
1106 | } else { /* SOCKS4A: two strings */ | 1110 | } else { /* SOCKS4A: two strings */ |
1107 | have = buffer_len(&c->input); | 1111 | have = buffer_len(&c->input); |
1108 | p = buffer_ptr(&c->input); | 1112 | p = (char *)buffer_ptr(&c->input); |
1109 | len = strlen(p); | 1113 | len = strlen(p); |
1110 | debug2("channel %d: decode socks4a: host %s/%d", | 1114 | debug2("channel %d: decode socks4a: host %s/%d", |
1111 | c->self, p, len); | 1115 | c->self, p, len); |
@@ -2182,7 +2186,7 @@ channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp, | |||
2182 | 2186 | ||
2183 | nfdset = howmany(n+1, NFDBITS); | 2187 | nfdset = howmany(n+1, NFDBITS); |
2184 | /* Explicitly test here, because xrealloc isn't always called */ | 2188 | /* Explicitly test here, because xrealloc isn't always called */ |
2185 | if (nfdset && SIZE_T_MAX / nfdset < sizeof(fd_mask)) | 2189 | if (nfdset && SIZE_MAX / nfdset < sizeof(fd_mask)) |
2186 | fatal("channel_prepare_select: max_fd (%d) is too large", n); | 2190 | fatal("channel_prepare_select: max_fd (%d) is too large", n); |
2187 | sz = nfdset * sizeof(fd_mask); | 2191 | sz = nfdset * sizeof(fd_mask); |
2188 | 2192 | ||
@@ -2342,7 +2346,7 @@ channel_output_poll(void) | |||
2342 | /* -- protocol input */ | 2346 | /* -- protocol input */ |
2343 | 2347 | ||
2344 | /* ARGSUSED */ | 2348 | /* ARGSUSED */ |
2345 | void | 2349 | int |
2346 | channel_input_data(int type, u_int32_t seq, void *ctxt) | 2350 | channel_input_data(int type, u_int32_t seq, void *ctxt) |
2347 | { | 2351 | { |
2348 | int id; | 2352 | int id; |
@@ -2359,7 +2363,7 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) | |||
2359 | /* Ignore any data for non-open channels (might happen on close) */ | 2363 | /* Ignore any data for non-open channels (might happen on close) */ |
2360 | if (c->type != SSH_CHANNEL_OPEN && | 2364 | if (c->type != SSH_CHANNEL_OPEN && |
2361 | c->type != SSH_CHANNEL_X11_OPEN) | 2365 | c->type != SSH_CHANNEL_X11_OPEN) |
2362 | return; | 2366 | return 0; |
2363 | 2367 | ||
2364 | /* Get the data. */ | 2368 | /* Get the data. */ |
2365 | data = packet_get_string_ptr(&data_len); | 2369 | data = packet_get_string_ptr(&data_len); |
@@ -2379,7 +2383,7 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) | |||
2379 | c->local_window -= win_len; | 2383 | c->local_window -= win_len; |
2380 | c->local_consumed += win_len; | 2384 | c->local_consumed += win_len; |
2381 | } | 2385 | } |
2382 | return; | 2386 | return 0; |
2383 | } | 2387 | } |
2384 | 2388 | ||
2385 | if (compat20) { | 2389 | if (compat20) { |
@@ -2390,7 +2394,7 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) | |||
2390 | if (win_len > c->local_window) { | 2394 | if (win_len > c->local_window) { |
2391 | logit("channel %d: rcvd too much data %d, win %d", | 2395 | logit("channel %d: rcvd too much data %d, win %d", |
2392 | c->self, win_len, c->local_window); | 2396 | c->self, win_len, c->local_window); |
2393 | return; | 2397 | return 0; |
2394 | } | 2398 | } |
2395 | c->local_window -= win_len; | 2399 | c->local_window -= win_len; |
2396 | } | 2400 | } |
@@ -2399,10 +2403,11 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) | |||
2399 | else | 2403 | else |
2400 | buffer_append(&c->output, data, data_len); | 2404 | buffer_append(&c->output, data, data_len); |
2401 | packet_check_eom(); | 2405 | packet_check_eom(); |
2406 | return 0; | ||
2402 | } | 2407 | } |
2403 | 2408 | ||
2404 | /* ARGSUSED */ | 2409 | /* ARGSUSED */ |
2405 | void | 2410 | int |
2406 | channel_input_extended_data(int type, u_int32_t seq, void *ctxt) | 2411 | channel_input_extended_data(int type, u_int32_t seq, void *ctxt) |
2407 | { | 2412 | { |
2408 | int id; | 2413 | int id; |
@@ -2418,7 +2423,7 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt) | |||
2418 | packet_disconnect("Received extended_data for bad channel %d.", id); | 2423 | packet_disconnect("Received extended_data for bad channel %d.", id); |
2419 | if (c->type != SSH_CHANNEL_OPEN) { | 2424 | if (c->type != SSH_CHANNEL_OPEN) { |
2420 | logit("channel %d: ext data for non open", id); | 2425 | logit("channel %d: ext data for non open", id); |
2421 | return; | 2426 | return 0; |
2422 | } | 2427 | } |
2423 | if (c->flags & CHAN_EOF_RCVD) { | 2428 | if (c->flags & CHAN_EOF_RCVD) { |
2424 | if (datafellows & SSH_BUG_EXTEOF) | 2429 | if (datafellows & SSH_BUG_EXTEOF) |
@@ -2432,7 +2437,7 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt) | |||
2432 | c->extended_usage != CHAN_EXTENDED_WRITE || | 2437 | c->extended_usage != CHAN_EXTENDED_WRITE || |
2433 | tcode != SSH2_EXTENDED_DATA_STDERR) { | 2438 | tcode != SSH2_EXTENDED_DATA_STDERR) { |
2434 | logit("channel %d: bad ext data", c->self); | 2439 | logit("channel %d: bad ext data", c->self); |
2435 | return; | 2440 | return 0; |
2436 | } | 2441 | } |
2437 | data = packet_get_string(&data_len); | 2442 | data = packet_get_string(&data_len); |
2438 | packet_check_eom(); | 2443 | packet_check_eom(); |
@@ -2440,16 +2445,17 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt) | |||
2440 | logit("channel %d: rcvd too much extended_data %d, win %d", | 2445 | logit("channel %d: rcvd too much extended_data %d, win %d", |
2441 | c->self, data_len, c->local_window); | 2446 | c->self, data_len, c->local_window); |
2442 | free(data); | 2447 | free(data); |
2443 | return; | 2448 | return 0; |
2444 | } | 2449 | } |
2445 | debug2("channel %d: rcvd ext data %d", c->self, data_len); | 2450 | debug2("channel %d: rcvd ext data %d", c->self, data_len); |
2446 | c->local_window -= data_len; | 2451 | c->local_window -= data_len; |
2447 | buffer_append(&c->extended, data, data_len); | 2452 | buffer_append(&c->extended, data, data_len); |
2448 | free(data); | 2453 | free(data); |
2454 | return 0; | ||
2449 | } | 2455 | } |
2450 | 2456 | ||
2451 | /* ARGSUSED */ | 2457 | /* ARGSUSED */ |
2452 | void | 2458 | int |
2453 | channel_input_ieof(int type, u_int32_t seq, void *ctxt) | 2459 | channel_input_ieof(int type, u_int32_t seq, void *ctxt) |
2454 | { | 2460 | { |
2455 | int id; | 2461 | int id; |
@@ -2469,11 +2475,11 @@ channel_input_ieof(int type, u_int32_t seq, void *ctxt) | |||
2469 | if (buffer_len(&c->input) == 0) | 2475 | if (buffer_len(&c->input) == 0) |
2470 | chan_ibuf_empty(c); | 2476 | chan_ibuf_empty(c); |
2471 | } | 2477 | } |
2472 | 2478 | return 0; | |
2473 | } | 2479 | } |
2474 | 2480 | ||
2475 | /* ARGSUSED */ | 2481 | /* ARGSUSED */ |
2476 | void | 2482 | int |
2477 | channel_input_close(int type, u_int32_t seq, void *ctxt) | 2483 | channel_input_close(int type, u_int32_t seq, void *ctxt) |
2478 | { | 2484 | { |
2479 | int id; | 2485 | int id; |
@@ -2508,11 +2514,12 @@ channel_input_close(int type, u_int32_t seq, void *ctxt) | |||
2508 | buffer_clear(&c->input); | 2514 | buffer_clear(&c->input); |
2509 | c->type = SSH_CHANNEL_OUTPUT_DRAINING; | 2515 | c->type = SSH_CHANNEL_OUTPUT_DRAINING; |
2510 | } | 2516 | } |
2517 | return 0; | ||
2511 | } | 2518 | } |
2512 | 2519 | ||
2513 | /* proto version 1.5 overloads CLOSE_CONFIRMATION with OCLOSE */ | 2520 | /* proto version 1.5 overloads CLOSE_CONFIRMATION with OCLOSE */ |
2514 | /* ARGSUSED */ | 2521 | /* ARGSUSED */ |
2515 | void | 2522 | int |
2516 | channel_input_oclose(int type, u_int32_t seq, void *ctxt) | 2523 | channel_input_oclose(int type, u_int32_t seq, void *ctxt) |
2517 | { | 2524 | { |
2518 | int id = packet_get_int(); | 2525 | int id = packet_get_int(); |
@@ -2522,10 +2529,11 @@ channel_input_oclose(int type, u_int32_t seq, void *ctxt) | |||
2522 | if (c == NULL) | 2529 | if (c == NULL) |
2523 | packet_disconnect("Received oclose for nonexistent channel %d.", id); | 2530 | packet_disconnect("Received oclose for nonexistent channel %d.", id); |
2524 | chan_rcvd_oclose(c); | 2531 | chan_rcvd_oclose(c); |
2532 | return 0; | ||
2525 | } | 2533 | } |
2526 | 2534 | ||
2527 | /* ARGSUSED */ | 2535 | /* ARGSUSED */ |
2528 | void | 2536 | int |
2529 | channel_input_close_confirmation(int type, u_int32_t seq, void *ctxt) | 2537 | channel_input_close_confirmation(int type, u_int32_t seq, void *ctxt) |
2530 | { | 2538 | { |
2531 | int id = packet_get_int(); | 2539 | int id = packet_get_int(); |
@@ -2539,10 +2547,11 @@ channel_input_close_confirmation(int type, u_int32_t seq, void *ctxt) | |||
2539 | packet_disconnect("Received close confirmation for " | 2547 | packet_disconnect("Received close confirmation for " |
2540 | "non-closed channel %d (type %d).", id, c->type); | 2548 | "non-closed channel %d (type %d).", id, c->type); |
2541 | channel_free(c); | 2549 | channel_free(c); |
2550 | return 0; | ||
2542 | } | 2551 | } |
2543 | 2552 | ||
2544 | /* ARGSUSED */ | 2553 | /* ARGSUSED */ |
2545 | void | 2554 | int |
2546 | channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt) | 2555 | channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt) |
2547 | { | 2556 | { |
2548 | int id, remote_id; | 2557 | int id, remote_id; |
@@ -2571,6 +2580,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt) | |||
2571 | c->remote_window, c->remote_maxpacket); | 2580 | c->remote_window, c->remote_maxpacket); |
2572 | } | 2581 | } |
2573 | packet_check_eom(); | 2582 | packet_check_eom(); |
2583 | return 0; | ||
2574 | } | 2584 | } |
2575 | 2585 | ||
2576 | static char * | 2586 | static char * |
@@ -2590,7 +2600,7 @@ reason2txt(int reason) | |||
2590 | } | 2600 | } |
2591 | 2601 | ||
2592 | /* ARGSUSED */ | 2602 | /* ARGSUSED */ |
2593 | void | 2603 | int |
2594 | channel_input_open_failure(int type, u_int32_t seq, void *ctxt) | 2604 | channel_input_open_failure(int type, u_int32_t seq, void *ctxt) |
2595 | { | 2605 | { |
2596 | int id, reason; | 2606 | int id, reason; |
@@ -2622,10 +2632,11 @@ channel_input_open_failure(int type, u_int32_t seq, void *ctxt) | |||
2622 | packet_check_eom(); | 2632 | packet_check_eom(); |
2623 | /* Schedule the channel for cleanup/deletion. */ | 2633 | /* Schedule the channel for cleanup/deletion. */ |
2624 | chan_mark_dead(c); | 2634 | chan_mark_dead(c); |
2635 | return 0; | ||
2625 | } | 2636 | } |
2626 | 2637 | ||
2627 | /* ARGSUSED */ | 2638 | /* ARGSUSED */ |
2628 | void | 2639 | int |
2629 | channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) | 2640 | channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) |
2630 | { | 2641 | { |
2631 | Channel *c; | 2642 | Channel *c; |
@@ -2633,7 +2644,7 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) | |||
2633 | u_int adjust; | 2644 | u_int adjust; |
2634 | 2645 | ||
2635 | if (!compat20) | 2646 | if (!compat20) |
2636 | return; | 2647 | return 0; |
2637 | 2648 | ||
2638 | /* Get the channel number and verify it. */ | 2649 | /* Get the channel number and verify it. */ |
2639 | id = packet_get_int(); | 2650 | id = packet_get_int(); |
@@ -2641,16 +2652,17 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) | |||
2641 | 2652 | ||
2642 | if (c == NULL) { | 2653 | if (c == NULL) { |
2643 | logit("Received window adjust for non-open channel %d.", id); | 2654 | logit("Received window adjust for non-open channel %d.", id); |
2644 | return; | 2655 | return 0; |
2645 | } | 2656 | } |
2646 | adjust = packet_get_int(); | 2657 | adjust = packet_get_int(); |
2647 | packet_check_eom(); | 2658 | packet_check_eom(); |
2648 | debug2("channel %d: rcvd adjust %u", id, adjust); | 2659 | debug2("channel %d: rcvd adjust %u", id, adjust); |
2649 | c->remote_window += adjust; | 2660 | c->remote_window += adjust; |
2661 | return 0; | ||
2650 | } | 2662 | } |
2651 | 2663 | ||
2652 | /* ARGSUSED */ | 2664 | /* ARGSUSED */ |
2653 | void | 2665 | int |
2654 | channel_input_port_open(int type, u_int32_t seq, void *ctxt) | 2666 | channel_input_port_open(int type, u_int32_t seq, void *ctxt) |
2655 | { | 2667 | { |
2656 | Channel *c = NULL; | 2668 | Channel *c = NULL; |
@@ -2678,10 +2690,11 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt) | |||
2678 | packet_send(); | 2690 | packet_send(); |
2679 | } else | 2691 | } else |
2680 | c->remote_id = remote_id; | 2692 | c->remote_id = remote_id; |
2693 | return 0; | ||
2681 | } | 2694 | } |
2682 | 2695 | ||
2683 | /* ARGSUSED */ | 2696 | /* ARGSUSED */ |
2684 | void | 2697 | int |
2685 | channel_input_status_confirm(int type, u_int32_t seq, void *ctxt) | 2698 | channel_input_status_confirm(int type, u_int32_t seq, void *ctxt) |
2686 | { | 2699 | { |
2687 | Channel *c; | 2700 | Channel *c; |
@@ -2698,15 +2711,15 @@ channel_input_status_confirm(int type, u_int32_t seq, void *ctxt) | |||
2698 | 2711 | ||
2699 | if ((c = channel_lookup(id)) == NULL) { | 2712 | if ((c = channel_lookup(id)) == NULL) { |
2700 | logit("channel_input_status_confirm: %d: unknown", id); | 2713 | logit("channel_input_status_confirm: %d: unknown", id); |
2701 | return; | 2714 | return 0; |
2702 | } | 2715 | } |
2703 | ; | ||
2704 | if ((cc = TAILQ_FIRST(&c->status_confirms)) == NULL) | 2716 | if ((cc = TAILQ_FIRST(&c->status_confirms)) == NULL) |
2705 | return; | 2717 | return 0; |
2706 | cc->cb(type, c, cc->ctx); | 2718 | cc->cb(type, c, cc->ctx); |
2707 | TAILQ_REMOVE(&c->status_confirms, cc, entry); | 2719 | TAILQ_REMOVE(&c->status_confirms, cc, entry); |
2708 | explicit_bzero(cc, sizeof(*cc)); | 2720 | explicit_bzero(cc, sizeof(*cc)); |
2709 | free(cc); | 2721 | free(cc); |
2722 | return 0; | ||
2710 | } | 2723 | } |
2711 | 2724 | ||
2712 | /* -- tcp forwarding */ | 2725 | /* -- tcp forwarding */ |
@@ -4094,7 +4107,7 @@ x11_connect_display(void) | |||
4094 | */ | 4107 | */ |
4095 | 4108 | ||
4096 | /* ARGSUSED */ | 4109 | /* ARGSUSED */ |
4097 | void | 4110 | int |
4098 | x11_input_open(int type, u_int32_t seq, void *ctxt) | 4111 | x11_input_open(int type, u_int32_t seq, void *ctxt) |
4099 | { | 4112 | { |
4100 | Channel *c = NULL; | 4113 | Channel *c = NULL; |
@@ -4134,11 +4147,12 @@ x11_input_open(int type, u_int32_t seq, void *ctxt) | |||
4134 | packet_put_int(c->self); | 4147 | packet_put_int(c->self); |
4135 | } | 4148 | } |
4136 | packet_send(); | 4149 | packet_send(); |
4150 | return 0; | ||
4137 | } | 4151 | } |
4138 | 4152 | ||
4139 | /* dummy protocol handler that denies SSH-1 requests (agent/x11) */ | 4153 | /* dummy protocol handler that denies SSH-1 requests (agent/x11) */ |
4140 | /* ARGSUSED */ | 4154 | /* ARGSUSED */ |
4141 | void | 4155 | int |
4142 | deny_input_open(int type, u_int32_t seq, void *ctxt) | 4156 | deny_input_open(int type, u_int32_t seq, void *ctxt) |
4143 | { | 4157 | { |
4144 | int rchan = packet_get_int(); | 4158 | int rchan = packet_get_int(); |
@@ -4158,6 +4172,7 @@ deny_input_open(int type, u_int32_t seq, void *ctxt) | |||
4158 | packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); | 4172 | packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); |
4159 | packet_put_int(rchan); | 4173 | packet_put_int(rchan); |
4160 | packet_send(); | 4174 | packet_send(); |
4175 | return 0; | ||
4161 | } | 4176 | } |
4162 | 4177 | ||
4163 | /* | 4178 | /* |