diff options
author | Colin Watson <cjwatson@debian.org> | 2015-08-19 17:00:17 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2015-08-19 17:00:17 +0100 |
commit | 544df7a04ae5b5c1fc30be7c445ad685d7a02dc9 (patch) | |
tree | 33d2a87dd50fe5894ac6ec4579c83401b7ab00a4 /clientloop.c | |
parent | baccdb349b31c47cd76fb63211f754ed33a9707e (diff) | |
parent | 7de4b03a6e4071d454b72927ffaf52949fa34545 (diff) |
Import openssh_6.9p1.orig.tar.gz
Diffstat (limited to 'clientloop.c')
-rw-r--r-- | clientloop.c | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/clientloop.c b/clientloop.c index a9c8a90f0..dc0e557ad 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.272 2015/02/25 19:54:02 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.274 2015/07/01 02:26:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -163,7 +163,7 @@ static int connection_in; /* Connection to server (input). */ | |||
163 | static int connection_out; /* Connection to server (output). */ | 163 | static int connection_out; /* Connection to server (output). */ |
164 | static int need_rekeying; /* Set to non-zero if rekeying is requested. */ | 164 | static int need_rekeying; /* Set to non-zero if rekeying is requested. */ |
165 | static int session_closed; /* In SSH2: login session closed. */ | 165 | static int session_closed; /* In SSH2: login session closed. */ |
166 | static int x11_refuse_time; /* If >0, refuse x11 opens after this time. */ | 166 | static u_int x11_refuse_time; /* If >0, refuse x11 opens after this time. */ |
167 | 167 | ||
168 | static void client_init_dispatch(void); | 168 | static void client_init_dispatch(void); |
169 | int session_ident = -1; | 169 | int session_ident = -1; |
@@ -298,7 +298,8 @@ client_x11_display_valid(const char *display) | |||
298 | return 1; | 298 | return 1; |
299 | } | 299 | } |
300 | 300 | ||
301 | #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" | 301 | #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" |
302 | #define X11_TIMEOUT_SLACK 60 | ||
302 | void | 303 | void |
303 | client_x11_get_proto(const char *display, const char *xauth_path, | 304 | client_x11_get_proto(const char *display, const char *xauth_path, |
304 | u_int trusted, u_int timeout, char **_proto, char **_data) | 305 | u_int trusted, u_int timeout, char **_proto, char **_data) |
@@ -311,7 +312,7 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
311 | int got_data = 0, generated = 0, do_unlink = 0, i; | 312 | int got_data = 0, generated = 0, do_unlink = 0, i; |
312 | char *xauthdir, *xauthfile; | 313 | char *xauthdir, *xauthfile; |
313 | struct stat st; | 314 | struct stat st; |
314 | u_int now; | 315 | u_int now, x11_timeout_real; |
315 | 316 | ||
316 | xauthdir = xauthfile = NULL; | 317 | xauthdir = xauthfile = NULL; |
317 | *_proto = proto; | 318 | *_proto = proto; |
@@ -344,6 +345,15 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
344 | xauthdir = xmalloc(PATH_MAX); | 345 | xauthdir = xmalloc(PATH_MAX); |
345 | xauthfile = xmalloc(PATH_MAX); | 346 | xauthfile = xmalloc(PATH_MAX); |
346 | mktemp_proto(xauthdir, PATH_MAX); | 347 | mktemp_proto(xauthdir, PATH_MAX); |
348 | /* | ||
349 | * The authentication cookie should briefly outlive | ||
350 | * ssh's willingness to forward X11 connections to | ||
351 | * avoid nasty fail-open behaviour in the X server. | ||
352 | */ | ||
353 | if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK) | ||
354 | x11_timeout_real = UINT_MAX; | ||
355 | else | ||
356 | x11_timeout_real = timeout + X11_TIMEOUT_SLACK; | ||
347 | if (mkdtemp(xauthdir) != NULL) { | 357 | if (mkdtemp(xauthdir) != NULL) { |
348 | do_unlink = 1; | 358 | do_unlink = 1; |
349 | snprintf(xauthfile, PATH_MAX, "%s/xauthfile", | 359 | snprintf(xauthfile, PATH_MAX, "%s/xauthfile", |
@@ -351,17 +361,20 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
351 | snprintf(cmd, sizeof(cmd), | 361 | snprintf(cmd, sizeof(cmd), |
352 | "%s -f %s generate %s " SSH_X11_PROTO | 362 | "%s -f %s generate %s " SSH_X11_PROTO |
353 | " untrusted timeout %u 2>" _PATH_DEVNULL, | 363 | " untrusted timeout %u 2>" _PATH_DEVNULL, |
354 | xauth_path, xauthfile, display, timeout); | 364 | xauth_path, xauthfile, display, |
365 | x11_timeout_real); | ||
355 | debug2("x11_get_proto: %s", cmd); | 366 | debug2("x11_get_proto: %s", cmd); |
356 | if (system(cmd) == 0) | ||
357 | generated = 1; | ||
358 | if (x11_refuse_time == 0) { | 367 | if (x11_refuse_time == 0) { |
359 | now = monotime() + 1; | 368 | now = monotime() + 1; |
360 | if (UINT_MAX - timeout < now) | 369 | if (UINT_MAX - timeout < now) |
361 | x11_refuse_time = UINT_MAX; | 370 | x11_refuse_time = UINT_MAX; |
362 | else | 371 | else |
363 | x11_refuse_time = now + timeout; | 372 | x11_refuse_time = now + timeout; |
373 | channel_set_x11_refuse_time( | ||
374 | x11_refuse_time); | ||
364 | } | 375 | } |
376 | if (system(cmd) == 0) | ||
377 | generated = 1; | ||
365 | } | 378 | } |
366 | } | 379 | } |
367 | 380 | ||
@@ -1889,7 +1902,7 @@ client_request_x11(const char *request_type, int rchan) | |||
1889 | "malicious server."); | 1902 | "malicious server."); |
1890 | return NULL; | 1903 | return NULL; |
1891 | } | 1904 | } |
1892 | if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) { | 1905 | if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) { |
1893 | verbose("Rejected X11 connection after ForwardX11Timeout " | 1906 | verbose("Rejected X11 connection after ForwardX11Timeout " |
1894 | "expired"); | 1907 | "expired"); |
1895 | return NULL; | 1908 | return NULL; |
@@ -2352,8 +2365,7 @@ client_input_hostkeys(void) | |||
2352 | /* Check that the key is accepted in HostkeyAlgorithms */ | 2365 | /* Check that the key is accepted in HostkeyAlgorithms */ |
2353 | if (options.hostkeyalgorithms != NULL && | 2366 | if (options.hostkeyalgorithms != NULL && |
2354 | match_pattern_list(sshkey_ssh_name(key), | 2367 | match_pattern_list(sshkey_ssh_name(key), |
2355 | options.hostkeyalgorithms, | 2368 | options.hostkeyalgorithms, 0) != 1) { |
2356 | strlen(options.hostkeyalgorithms), 0) != 1) { | ||
2357 | debug3("%s: %s key not permitted by HostkeyAlgorithms", | 2369 | debug3("%s: %s key not permitted by HostkeyAlgorithms", |
2358 | __func__, sshkey_ssh_name(key)); | 2370 | __func__, sshkey_ssh_name(key)); |
2359 | continue; | 2371 | continue; |