upstream commit

better refuse ForwardX11Trusted=no connections attempted
 after ForwardX11Timeout expires; reported by Jann Horn

Upstream-ID: bf0fddadc1b46a0334e26c080038313b4b6dea21

1 files changed, 17 insertions, 1 deletions

diff --git a/channels.c b/channels.c
index 3fe836aad..a84b487e5 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.346 2015/06/30 05:25:07 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.347 2015/07/01 02:26:31 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -161,6 +161,9 @@ static char *x11_saved_proto = NULL;
 static char *x11_saved_data = NULL;
 static u_int x11_saved_data_len = 0;
 
+/* Deadline after which all X11 connections are refused */
+static u_int x11_refuse_time;
+
 /*
  * Fake X11 authentication data.  This is what the server will be sending us;
  * we should replace any occurrences of this by the real data.
@@ -912,6 +915,13 @@ x11_open_helper(Buffer *b)
         u_char *ucp;
         u_int proto_len, data_len;
 
+        /* Is this being called after the refusal deadline? */
+        if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) {
+                verbose("Rejected X11 connection after ForwardX11Timeout "
+                    "expired");
+                return -1;
+        }
+
         /* Check if the fixed size part of the packet is in buffer. */
         if (buffer_len(b) < 12)
                 return 0;
@@ -1483,6 +1493,12 @@ channel_set_reuseaddr(int fd)
                 error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno));
 }
 
+void
+channel_set_x11_refuse_time(u_int refuse_time)
+{
+        x11_refuse_time = refuse_time;
+}
+
 /*
  * This socket is listening for connections to a forwarded TCP/IP port.
  */