- deraadt@cvs.openbsd.org 2006/03/28 01:52:28

[channels.c] do not accept unreasonable X ports numbers; ok djm
author: Damien Miller <djm@mindrot.org> 2006-03-31 23:11:07 +1100
committer: Damien Miller <djm@mindrot.org> 2006-03-31 23:11:07 +1100
commit: 57c4e875f88ee7e6eac35e522be51618020cdaa7 (patch)
tree: 525ffc1cac574147fc35c2264a2c0148aa84e4d5 /channels.c
parent: ddd63ab1d0acaa41a41d0afe9f79adc38ecbd7a7 (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/channels.c b/channels.c
index 87e681319..248addedf 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.247 2006/03/25 18:58:10 deraadt Exp $ */
+/* $OpenBSD: channels.c,v 1.248 2006/03/28 01:52:28 deraadt Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2886,12 +2886,12 @@ connect_local_xsocket(u_int dnr)
 int
 x11_connect_display(void)
 {
-        int display_number, sock = 0;
+        u_int display_number;
        const char *display;
        char buf[1024], *cp;
        struct addrinfo hints, *ai, *aitop;
        char strport[NI_MAXSERV];
-        int gaierr;
+        int gaierr, sock = 0;
        /* Try to open a socket for the local X server. */
        display = getenv("DISPLAY");
@@ -2911,7 +2911,7 @@ x11_connect_display(void)
        if (strncmp(display, "unix:", 5) == 0 ||
            display[0] == ':') {
                /* Connect to the unix domain socket. */
-                if (sscanf(strrchr(display, ':') + 1, "%d", &display_number) != 1) {
+                if (sscanf(strrchr(display, ':') + 1, "%u", &display_number) != 1) {
                        error("Could not parse display number from DISPLAY: %.100s",
                            display);
                        return -1;
@@ -2936,7 +2936,7 @@ x11_connect_display(void)
        }
        *cp = 0;
        /* buf now contains the host name.  But first we parse the display number. */
-        if (sscanf(cp + 1, "%d", &display_number) != 1) {
+        if (sscanf(cp + 1, "%u", &display_number) != 1) {
                error("Could not parse display number from DISPLAY: %.100s",
                    display);
                return -1;
@@ -2946,7 +2946,7 @@ x11_connect_display(void)
        memset(&hints, 0, sizeof(hints));
        hints.ai_family = IPv4or6;
        hints.ai_socktype = SOCK_STREAM;
-        snprintf(strport, sizeof strport, "%d", 6000 + display_number);
+        snprintf(strport, sizeof strport, "%u", 6000 + display_number);
        if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) {
                error("%.100s: unknown host. (%s)", buf, gai_strerror(gaierr));
                return -1;
@@ -2960,7 +2960,7 @@ x11_connect_display(void)
                }
                /* Connect it to the display. */
                if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
-                        debug2("connect %.100s port %d: %.100s", buf,
+                        debug2("connect %.100s port %u: %.100s", buf,
                            6000 + display_number, strerror(errno));
                        close(sock);
                        continue;
@@ -2970,7 +2970,7 @@ x11_connect_display(void)
        }
        freeaddrinfo(aitop);
        if (!ai) {
-                error("connect %.100s port %d: %.100s", buf, 6000 + display_number,
+                error("connect %.100s port %u: %.100s", buf, 6000 + display_number,
                    strerror(errno));
                return -1;
        }
author	Damien Miller <djm@mindrot.org>	2006-03-31 23:11:07 +1100
committer	Damien Miller <djm@mindrot.org>	2006-03-31 23:11:07 +1100
commit	57c4e875f88ee7e6eac35e522be51618020cdaa7 (patch)
tree	525ffc1cac574147fc35c2264a2c0148aa84e4d5 /channels.c
parent	ddd63ab1d0acaa41a41d0afe9f79adc38ecbd7a7 (diff)

diff --git a/channels.c b/channels.c index 87e681319..248addedf 100644 --- a/channels.c +++ b/channels.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: channels.c,v 1.247 2006/03/25 18:58:10 deraadt Exp $ */	1	/* $OpenBSD: channels.c,v 1.248 2006/03/28 01:52:28 deraadt Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2886,12 +2886,12 @@ connect_local_xsocket(u_int dnr)
2886	int	2886	int
2887	x11_connect_display(void)	2887	x11_connect_display(void)
2888	{	2888	{
2889	int display_number, sock = 0;	2889	u_int display_number;
2890	const char *display;	2890	const char *display;
2891	char buf[1024], *cp;	2891	char buf[1024], *cp;
2892	struct addrinfo hints, ai, aitop;	2892	struct addrinfo hints, ai, aitop;
2893	char strport[NI_MAXSERV];	2893	char strport[NI_MAXSERV];
2894	int gaierr;	2894	int gaierr, sock = 0;
2895		2895
2896	/* Try to open a socket for the local X server. */	2896	/* Try to open a socket for the local X server. */
2897	display = getenv("DISPLAY");	2897	display = getenv("DISPLAY");
@@ -2911,7 +2911,7 @@ x11_connect_display(void)
2911	if (strncmp(display, "unix:", 5) == 0 \|\|	2911	if (strncmp(display, "unix:", 5) == 0 \|\|
2912	display[0] == ':') {	2912	display[0] == ':') {
2913	/* Connect to the unix domain socket. */	2913	/* Connect to the unix domain socket. */
2914	if (sscanf(strrchr(display, ':') + 1, "%d", &display_number) != 1) {	2914	if (sscanf(strrchr(display, ':') + 1, "%u", &display_number) != 1) {
2915	error("Could not parse display number from DISPLAY: %.100s",	2915	error("Could not parse display number from DISPLAY: %.100s",
2916	display);	2916	display);
2917	return -1;	2917	return -1;
@@ -2936,7 +2936,7 @@ x11_connect_display(void)
2936	}	2936	}
2937	*cp = 0;	2937	*cp = 0;
2938	/* buf now contains the host name. But first we parse the display number. */	2938	/* buf now contains the host name. But first we parse the display number. */
2939	if (sscanf(cp + 1, "%d", &display_number) != 1) {	2939	if (sscanf(cp + 1, "%u", &display_number) != 1) {
2940	error("Could not parse display number from DISPLAY: %.100s",	2940	error("Could not parse display number from DISPLAY: %.100s",
2941	display);	2941	display);
2942	return -1;	2942	return -1;
@@ -2946,7 +2946,7 @@ x11_connect_display(void)
2946	memset(&hints, 0, sizeof(hints));	2946	memset(&hints, 0, sizeof(hints));
2947	hints.ai_family = IPv4or6;	2947	hints.ai_family = IPv4or6;
2948	hints.ai_socktype = SOCK_STREAM;	2948	hints.ai_socktype = SOCK_STREAM;
2949	snprintf(strport, sizeof strport, "%d", 6000 + display_number);	2949	snprintf(strport, sizeof strport, "%u", 6000 + display_number);
2950	if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) {	2950	if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) {
2951	error("%.100s: unknown host. (%s)", buf, gai_strerror(gaierr));	2951	error("%.100s: unknown host. (%s)", buf, gai_strerror(gaierr));
2952	return -1;	2952	return -1;
@@ -2960,7 +2960,7 @@ x11_connect_display(void)
2960	}	2960	}
2961	/* Connect it to the display. */	2961	/* Connect it to the display. */
2962	if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) {	2962	if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2963	debug2("connect %.100s port %d: %.100s", buf,	2963	debug2("connect %.100s port %u: %.100s", buf,
2964	6000 + display_number, strerror(errno));	2964	6000 + display_number, strerror(errno));
2965	close(sock);	2965	close(sock);
2966	continue;	2966	continue;
@@ -2970,7 +2970,7 @@ x11_connect_display(void)
2970	}	2970	}
2971	freeaddrinfo(aitop);	2971	freeaddrinfo(aitop);
2972	if (!ai) {	2972	if (!ai) {
2973	error("connect %.100s port %d: %.100s", buf, 6000 + display_number,	2973	error("connect %.100s port %u: %.100s", buf, 6000 + display_number,
2974	strerror(errno));	2974	strerror(errno));
2975	return -1;	2975	return -1;
2976	}	2976	}