diff options
| author | Damien Miller <djm@mindrot.org> | 2010-06-26 10:02:24 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2010-06-26 10:02:24 +1000 |
| commit | 1ab6a51f9b258a6e844f1ee442c15aec7fcb6a72 (patch) | |
| tree | 708954349afa3ef3f1294934443d5773c1b6b53f /clientloop.c | |
| parent | 383ffe6c5f31d3ecd89caadc8aef1bc2b821d63a (diff) | |
- djm@cvs.openbsd.org 2010/06/25 23:10:30
[ssh.c]
log the hostname and address that we connected to at LogLevel=verbose
after authentication is successful to mitigate "phishing" attacks by
servers with trusted keys that accept authentication silently and
automatically before presenting fake password/passphrase prompts;
"nice!" markus@
Diffstat (limited to 'clientloop.c')
| -rw-r--r-- | clientloop.c | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/clientloop.c b/clientloop.c index 76de37213..5608bcc2e 100644 --- a/clientloop.c +++ b/clientloop.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: clientloop.c,v 1.220 2010/04/10 02:08:44 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.221 2010/06/25 23:15:36 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -155,11 +155,12 @@ static int stdin_eof; /* EOF has been encountered on stderr. */ | |||
| 155 | static Buffer stdin_buffer; /* Buffer for stdin data. */ | 155 | static Buffer stdin_buffer; /* Buffer for stdin data. */ |
| 156 | static Buffer stdout_buffer; /* Buffer for stdout data. */ | 156 | static Buffer stdout_buffer; /* Buffer for stdout data. */ |
| 157 | static Buffer stderr_buffer; /* Buffer for stderr data. */ | 157 | static Buffer stderr_buffer; /* Buffer for stderr data. */ |
| 158 | static u_int buffer_high;/* Soft max buffer size. */ | 158 | static u_int buffer_high; /* Soft max buffer size. */ |
| 159 | static int connection_in; /* Connection to server (input). */ | 159 | static int connection_in; /* Connection to server (input). */ |
| 160 | static int connection_out; /* Connection to server (output). */ | 160 | static int connection_out; /* Connection to server (output). */ |
| 161 | static int need_rekeying; /* Set to non-zero if rekeying is requested. */ | 161 | static int need_rekeying; /* Set to non-zero if rekeying is requested. */ |
| 162 | static int session_closed = 0; /* In SSH2: login session closed. */ | 162 | static int session_closed; /* In SSH2: login session closed. */ |
| 163 | static int x11_refuse_time; /* If >0, refuse x11 opens after this time. */ | ||
| 163 | 164 | ||
| 164 | static void client_init_dispatch(void); | 165 | static void client_init_dispatch(void); |
| 165 | int session_ident = -1; | 166 | int session_ident = -1; |
| @@ -254,7 +255,7 @@ get_current_time(void) | |||
| 254 | #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" | 255 | #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" |
| 255 | void | 256 | void |
| 256 | client_x11_get_proto(const char *display, const char *xauth_path, | 257 | client_x11_get_proto(const char *display, const char *xauth_path, |
| 257 | u_int trusted, char **_proto, char **_data) | 258 | u_int trusted, u_int timeout, char **_proto, char **_data) |
| 258 | { | 259 | { |
| 259 | char cmd[1024]; | 260 | char cmd[1024]; |
| 260 | char line[512]; | 261 | char line[512]; |
| @@ -264,6 +265,7 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
| 264 | int got_data = 0, generated = 0, do_unlink = 0, i; | 265 | int got_data = 0, generated = 0, do_unlink = 0, i; |
| 265 | char *xauthdir, *xauthfile; | 266 | char *xauthdir, *xauthfile; |
| 266 | struct stat st; | 267 | struct stat st; |
| 268 | u_int now; | ||
| 267 | 269 | ||
| 268 | xauthdir = xauthfile = NULL; | 270 | xauthdir = xauthfile = NULL; |
| 269 | *_proto = proto; | 271 | *_proto = proto; |
| @@ -299,11 +301,18 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
| 299 | xauthdir); | 301 | xauthdir); |
| 300 | snprintf(cmd, sizeof(cmd), | 302 | snprintf(cmd, sizeof(cmd), |
| 301 | "%s -f %s generate %s " SSH_X11_PROTO | 303 | "%s -f %s generate %s " SSH_X11_PROTO |
| 302 | " untrusted timeout 1200 2>" _PATH_DEVNULL, | 304 | " untrusted timeout %u 2>" _PATH_DEVNULL, |
| 303 | xauth_path, xauthfile, display); | 305 | xauth_path, xauthfile, display, timeout); |
| 304 | debug2("x11_get_proto: %s", cmd); | 306 | debug2("x11_get_proto: %s", cmd); |
| 305 | if (system(cmd) == 0) | 307 | if (system(cmd) == 0) |
| 306 | generated = 1; | 308 | generated = 1; |
| 309 | if (x11_refuse_time == 0) { | ||
| 310 | now = time(NULL) + 1; | ||
| 311 | if (UINT_MAX - timeout < now) | ||
| 312 | x11_refuse_time = UINT_MAX; | ||
| 313 | else | ||
| 314 | x11_refuse_time = now + timeout; | ||
| 315 | } | ||
| 307 | } | 316 | } |
| 308 | } | 317 | } |
| 309 | 318 | ||
| @@ -1686,6 +1695,11 @@ client_request_x11(const char *request_type, int rchan) | |||
| 1686 | "malicious server."); | 1695 | "malicious server."); |
| 1687 | return NULL; | 1696 | return NULL; |
| 1688 | } | 1697 | } |
| 1698 | if (x11_refuse_time != 0 && time(NULL) >= x11_refuse_time) { | ||
| 1699 | verbose("Rejected X11 connection after ForwardX11Timeout " | ||
| 1700 | "expired"); | ||
| 1701 | return NULL; | ||
| 1702 | } | ||
| 1689 | originator = packet_get_string(NULL); | 1703 | originator = packet_get_string(NULL); |
| 1690 | if (datafellows & SSH_BUG_X11FWD) { | 1704 | if (datafellows & SSH_BUG_X11FWD) { |
| 1691 | debug2("buggy server: x11 request w/o originator_port"); | 1705 | debug2("buggy server: x11 request w/o originator_port"); |