diff options
author | Colin Watson <cjwatson@debian.org> | 2016-12-20 00:22:52 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2016-12-20 00:22:52 +0000 |
commit | 971a7653746a6972b907dfe0ce139c06e4a6f482 (patch) | |
tree | 70fb964265d57ae4967be55b75dbb2a122e9b969 /clientloop.c | |
parent | a8ed8d256b2e2c05b0c15565a7938028c5192277 (diff) | |
parent | 4a354fc231174901f2629437c2a6e924a2dd6772 (diff) |
Import openssh_7.4p1.orig.tar.gz
Diffstat (limited to 'clientloop.c')
-rw-r--r-- | clientloop.c | 73 |
1 files changed, 52 insertions, 21 deletions
diff --git a/clientloop.c b/clientloop.c index 2c44f5d19..4289a4081 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.286 2016/07/23 02:54:08 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.289 2016/09/30 09:19:13 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -61,7 +61,6 @@ | |||
61 | 61 | ||
62 | #include "includes.h" | 62 | #include "includes.h" |
63 | 63 | ||
64 | #include <sys/param.h> /* MIN MAX */ | ||
65 | #include <sys/types.h> | 64 | #include <sys/types.h> |
66 | #include <sys/ioctl.h> | 65 | #include <sys/ioctl.h> |
67 | #ifdef HAVE_SYS_STAT_H | 66 | #ifdef HAVE_SYS_STAT_H |
@@ -312,7 +311,7 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
312 | char xauthfile[PATH_MAX], xauthdir[PATH_MAX]; | 311 | char xauthfile[PATH_MAX], xauthdir[PATH_MAX]; |
313 | static char proto[512], data[512]; | 312 | static char proto[512], data[512]; |
314 | FILE *f; | 313 | FILE *f; |
315 | int got_data = 0, generated = 0, do_unlink = 0, i, r; | 314 | int got_data = 0, generated = 0, do_unlink = 0, r; |
316 | struct stat st; | 315 | struct stat st; |
317 | u_int now, x11_timeout_real; | 316 | u_int now, x11_timeout_real; |
318 | 317 | ||
@@ -439,17 +438,16 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
439 | * for the local connection. | 438 | * for the local connection. |
440 | */ | 439 | */ |
441 | if (!got_data) { | 440 | if (!got_data) { |
442 | u_int32_t rnd = 0; | 441 | u_int8_t rnd[16]; |
442 | u_int i; | ||
443 | 443 | ||
444 | logit("Warning: No xauth data; " | 444 | logit("Warning: No xauth data; " |
445 | "using fake authentication data for X11 forwarding."); | 445 | "using fake authentication data for X11 forwarding."); |
446 | strlcpy(proto, SSH_X11_PROTO, sizeof proto); | 446 | strlcpy(proto, SSH_X11_PROTO, sizeof proto); |
447 | for (i = 0; i < 16; i++) { | 447 | arc4random_buf(rnd, sizeof(rnd)); |
448 | if (i % 4 == 0) | 448 | for (i = 0; i < sizeof(rnd); i++) { |
449 | rnd = arc4random(); | ||
450 | snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", | 449 | snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", |
451 | rnd & 0xff); | 450 | rnd[i]); |
452 | rnd >>= 8; | ||
453 | } | 451 | } |
454 | } | 452 | } |
455 | 453 | ||
@@ -672,16 +670,16 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, | |||
672 | server_alive_time = now + options.server_alive_interval; | 670 | server_alive_time = now + options.server_alive_interval; |
673 | } | 671 | } |
674 | if (options.rekey_interval > 0 && compat20 && !rekeying) | 672 | if (options.rekey_interval > 0 && compat20 && !rekeying) |
675 | timeout_secs = MIN(timeout_secs, packet_get_rekey_timeout()); | 673 | timeout_secs = MINIMUM(timeout_secs, packet_get_rekey_timeout()); |
676 | set_control_persist_exit_time(); | 674 | set_control_persist_exit_time(); |
677 | if (control_persist_exit_time > 0) { | 675 | if (control_persist_exit_time > 0) { |
678 | timeout_secs = MIN(timeout_secs, | 676 | timeout_secs = MINIMUM(timeout_secs, |
679 | control_persist_exit_time - now); | 677 | control_persist_exit_time - now); |
680 | if (timeout_secs < 0) | 678 | if (timeout_secs < 0) |
681 | timeout_secs = 0; | 679 | timeout_secs = 0; |
682 | } | 680 | } |
683 | if (minwait_secs != 0) | 681 | if (minwait_secs != 0) |
684 | timeout_secs = MIN(timeout_secs, (int)minwait_secs); | 682 | timeout_secs = MINIMUM(timeout_secs, (int)minwait_secs); |
685 | if (timeout_secs == INT_MAX) | 683 | if (timeout_secs == INT_MAX) |
686 | tvp = NULL; | 684 | tvp = NULL; |
687 | else { | 685 | else { |
@@ -1553,7 +1551,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
1553 | buffer_high = 64 * 1024; | 1551 | buffer_high = 64 * 1024; |
1554 | connection_in = packet_get_connection_in(); | 1552 | connection_in = packet_get_connection_in(); |
1555 | connection_out = packet_get_connection_out(); | 1553 | connection_out = packet_get_connection_out(); |
1556 | max_fd = MAX(connection_in, connection_out); | 1554 | max_fd = MAXIMUM(connection_in, connection_out); |
1557 | 1555 | ||
1558 | if (!compat20) { | 1556 | if (!compat20) { |
1559 | /* enable nonblocking unless tty */ | 1557 | /* enable nonblocking unless tty */ |
@@ -1563,9 +1561,9 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
1563 | set_nonblock(fileno(stdout)); | 1561 | set_nonblock(fileno(stdout)); |
1564 | if (!isatty(fileno(stderr))) | 1562 | if (!isatty(fileno(stderr))) |
1565 | set_nonblock(fileno(stderr)); | 1563 | set_nonblock(fileno(stderr)); |
1566 | max_fd = MAX(max_fd, fileno(stdin)); | 1564 | max_fd = MAXIMUM(max_fd, fileno(stdin)); |
1567 | max_fd = MAX(max_fd, fileno(stdout)); | 1565 | max_fd = MAXIMUM(max_fd, fileno(stdout)); |
1568 | max_fd = MAX(max_fd, fileno(stderr)); | 1566 | max_fd = MAXIMUM(max_fd, fileno(stderr)); |
1569 | } | 1567 | } |
1570 | quit_pending = 0; | 1568 | quit_pending = 0; |
1571 | escape_char1 = escape_char_arg; | 1569 | escape_char1 = escape_char_arg; |
@@ -1885,11 +1883,14 @@ client_input_agent_open(int type, u_int32_t seq, void *ctxt) | |||
1885 | } | 1883 | } |
1886 | 1884 | ||
1887 | static Channel * | 1885 | static Channel * |
1888 | client_request_forwarded_tcpip(const char *request_type, int rchan) | 1886 | client_request_forwarded_tcpip(const char *request_type, int rchan, |
1887 | u_int rwindow, u_int rmaxpack) | ||
1889 | { | 1888 | { |
1890 | Channel *c = NULL; | 1889 | Channel *c = NULL; |
1890 | struct sshbuf *b = NULL; | ||
1891 | char *listen_address, *originator_address; | 1891 | char *listen_address, *originator_address; |
1892 | u_short listen_port, originator_port; | 1892 | u_short listen_port, originator_port; |
1893 | int r; | ||
1893 | 1894 | ||
1894 | /* Get rest of the packet */ | 1895 | /* Get rest of the packet */ |
1895 | listen_address = packet_get_string(NULL); | 1896 | listen_address = packet_get_string(NULL); |
@@ -1904,6 +1905,31 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) | |||
1904 | c = channel_connect_by_listen_address(listen_address, listen_port, | 1905 | c = channel_connect_by_listen_address(listen_address, listen_port, |
1905 | "forwarded-tcpip", originator_address); | 1906 | "forwarded-tcpip", originator_address); |
1906 | 1907 | ||
1908 | if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) { | ||
1909 | if ((b = sshbuf_new()) == NULL) { | ||
1910 | error("%s: alloc reply", __func__); | ||
1911 | goto out; | ||
1912 | } | ||
1913 | /* reconstruct and send to muxclient */ | ||
1914 | if ((r = sshbuf_put_u8(b, 0)) != 0 || /* padlen */ | ||
1915 | (r = sshbuf_put_u8(b, SSH2_MSG_CHANNEL_OPEN)) != 0 || | ||
1916 | (r = sshbuf_put_cstring(b, request_type)) != 0 || | ||
1917 | (r = sshbuf_put_u32(b, rchan)) != 0 || | ||
1918 | (r = sshbuf_put_u32(b, rwindow)) != 0 || | ||
1919 | (r = sshbuf_put_u32(b, rmaxpack)) != 0 || | ||
1920 | (r = sshbuf_put_cstring(b, listen_address)) != 0 || | ||
1921 | (r = sshbuf_put_u32(b, listen_port)) != 0 || | ||
1922 | (r = sshbuf_put_cstring(b, originator_address)) != 0 || | ||
1923 | (r = sshbuf_put_u32(b, originator_port)) != 0 || | ||
1924 | (r = sshbuf_put_stringb(&c->output, b)) != 0) { | ||
1925 | error("%s: compose for muxclient %s", __func__, | ||
1926 | ssh_err(r)); | ||
1927 | goto out; | ||
1928 | } | ||
1929 | } | ||
1930 | |||
1931 | out: | ||
1932 | sshbuf_free(b); | ||
1907 | free(originator_address); | 1933 | free(originator_address); |
1908 | free(listen_address); | 1934 | free(listen_address); |
1909 | return c; | 1935 | return c; |
@@ -2059,7 +2085,8 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt) | |||
2059 | ctype, rchan, rwindow, rmaxpack); | 2085 | ctype, rchan, rwindow, rmaxpack); |
2060 | 2086 | ||
2061 | if (strcmp(ctype, "forwarded-tcpip") == 0) { | 2087 | if (strcmp(ctype, "forwarded-tcpip") == 0) { |
2062 | c = client_request_forwarded_tcpip(ctype, rchan); | 2088 | c = client_request_forwarded_tcpip(ctype, rchan, rwindow, |
2089 | rmaxpack); | ||
2063 | } else if (strcmp(ctype, "forwarded-streamlocal@openssh.com") == 0) { | 2090 | } else if (strcmp(ctype, "forwarded-streamlocal@openssh.com") == 0) { |
2064 | c = client_request_forwarded_streamlocal(ctype, rchan); | 2091 | c = client_request_forwarded_streamlocal(ctype, rchan); |
2065 | } else if (strcmp(ctype, "x11") == 0) { | 2092 | } else if (strcmp(ctype, "x11") == 0) { |
@@ -2067,8 +2094,9 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt) | |||
2067 | } else if (strcmp(ctype, "auth-agent@openssh.com") == 0) { | 2094 | } else if (strcmp(ctype, "auth-agent@openssh.com") == 0) { |
2068 | c = client_request_agent(ctype, rchan); | 2095 | c = client_request_agent(ctype, rchan); |
2069 | } | 2096 | } |
2070 | /* XXX duplicate : */ | 2097 | if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) { |
2071 | if (c != NULL) { | 2098 | debug3("proxied to downstream: %s", ctype); |
2099 | } else if (c != NULL) { | ||
2072 | debug("confirm %s", ctype); | 2100 | debug("confirm %s", ctype); |
2073 | c->remote_id = rchan; | 2101 | c->remote_id = rchan; |
2074 | c->remote_window = rwindow; | 2102 | c->remote_window = rwindow; |
@@ -2104,6 +2132,9 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt) | |||
2104 | char *rtype; | 2132 | char *rtype; |
2105 | 2133 | ||
2106 | id = packet_get_int(); | 2134 | id = packet_get_int(); |
2135 | c = channel_lookup(id); | ||
2136 | if (channel_proxy_upstream(c, type, seq, ctxt)) | ||
2137 | return 0; | ||
2107 | rtype = packet_get_string(NULL); | 2138 | rtype = packet_get_string(NULL); |
2108 | reply = packet_get_char(); | 2139 | reply = packet_get_char(); |
2109 | 2140 | ||
@@ -2112,7 +2143,7 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt) | |||
2112 | 2143 | ||
2113 | if (id == -1) { | 2144 | if (id == -1) { |
2114 | error("client_input_channel_req: request for channel -1"); | 2145 | error("client_input_channel_req: request for channel -1"); |
2115 | } else if ((c = channel_lookup(id)) == NULL) { | 2146 | } else if (c == NULL) { |
2116 | error("client_input_channel_req: channel %d: " | 2147 | error("client_input_channel_req: channel %d: " |
2117 | "unknown channel", id); | 2148 | "unknown channel", id); |
2118 | } else if (strcmp(rtype, "eow@openssh.com") == 0) { | 2149 | } else if (strcmp(rtype, "eow@openssh.com") == 0) { |