summaryrefslogtreecommitdiff
path: root/clientloop.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2018-10-19 21:29:01 +0100
committerColin Watson <cjwatson@debian.org>2018-10-19 21:29:01 +0100
commit3d246f10429fc9a37b98eabef94fe8dc7c61002b (patch)
tree1f35b42b5e5f462d35ba452e4dcfa188ce0543fd /clientloop.c
parente6547182a54f0f268ee36e7c99319eeddffbaff2 (diff)
parentaede1c34243a6f7feae2fb2cb686ade5f9be6f3d (diff)
Import openssh_7.9p1.orig.tar.gz
Diffstat (limited to 'clientloop.c')
-rw-r--r--clientloop.c43
1 files changed, 28 insertions, 15 deletions
diff --git a/clientloop.c b/clientloop.c
index ad35cb7ba..8d312cdaa 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clientloop.c,v 1.317 2018/07/11 18:53:29 markus Exp $ */ 1/* $OpenBSD: clientloop.c,v 1.318 2018/09/21 12:46:22 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -279,7 +279,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
279 const char *xauth_path, u_int trusted, u_int timeout, 279 const char *xauth_path, u_int trusted, u_int timeout,
280 char **_proto, char **_data) 280 char **_proto, char **_data)
281{ 281{
282 char cmd[1024], line[512], xdisplay[512]; 282 char *cmd, line[512], xdisplay[512];
283 char xauthfile[PATH_MAX], xauthdir[PATH_MAX]; 283 char xauthfile[PATH_MAX], xauthdir[PATH_MAX];
284 static char proto[512], data[512]; 284 static char proto[512], data[512];
285 FILE *f; 285 FILE *f;
@@ -343,19 +343,30 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
343 return -1; 343 return -1;
344 } 344 }
345 345
346 if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK) 346 if (timeout == 0) {
347 x11_timeout_real = UINT_MAX; 347 /* auth doesn't time out */
348 else 348 xasprintf(&cmd, "%s -f %s generate %s %s "
349 x11_timeout_real = timeout + X11_TIMEOUT_SLACK; 349 "untrusted 2>%s",
350 if ((r = snprintf(cmd, sizeof(cmd), 350 xauth_path, xauthfile, display,
351 "%s -f %s generate %s " SSH_X11_PROTO 351 SSH_X11_PROTO, _PATH_DEVNULL);
352 " untrusted timeout %u 2>" _PATH_DEVNULL, 352 } else {
353 xauth_path, xauthfile, display, 353 /* Add some slack to requested expiry */
354 x11_timeout_real)) < 0 || 354 if (timeout < UINT_MAX - X11_TIMEOUT_SLACK)
355 (size_t)r >= sizeof(cmd)) 355 x11_timeout_real = timeout +
356 fatal("%s: cmd too long", __func__); 356 X11_TIMEOUT_SLACK;
357 else {
358 /* Don't overflow on long timeouts */
359 x11_timeout_real = UINT_MAX;
360 }
361 xasprintf(&cmd, "%s -f %s generate %s %s "
362 "untrusted timeout %u 2>%s",
363 xauth_path, xauthfile, display,
364 SSH_X11_PROTO, x11_timeout_real,
365 _PATH_DEVNULL);
366 }
357 debug2("%s: %s", __func__, cmd); 367 debug2("%s: %s", __func__, cmd);
358 if (x11_refuse_time == 0) { 368
369 if (timeout != 0 && x11_refuse_time == 0) {
359 now = monotime() + 1; 370 now = monotime() + 1;
360 if (UINT_MAX - timeout < now) 371 if (UINT_MAX - timeout < now)
361 x11_refuse_time = UINT_MAX; 372 x11_refuse_time = UINT_MAX;
@@ -366,6 +377,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
366 } 377 }
367 if (system(cmd) == 0) 378 if (system(cmd) == 0)
368 generated = 1; 379 generated = 1;
380 free(cmd);
369 } 381 }
370 382
371 /* 383 /*
@@ -374,7 +386,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
374 * above. 386 * above.
375 */ 387 */
376 if (trusted || generated) { 388 if (trusted || generated) {
377 snprintf(cmd, sizeof(cmd), 389 xasprintf(&cmd,
378 "%s %s%s list %s 2>" _PATH_DEVNULL, 390 "%s %s%s list %s 2>" _PATH_DEVNULL,
379 xauth_path, 391 xauth_path,
380 generated ? "-f " : "" , 392 generated ? "-f " : "" ,
@@ -387,6 +399,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
387 got_data = 1; 399 got_data = 1;
388 if (f) 400 if (f)
389 pclose(f); 401 pclose(f);
402 free(cmd);
390 } 403 }
391 } 404 }
392 405