diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2016-01-13 23:04:47 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-01-14 10:06:01 +1100 |
| commit | ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c (patch) | |
| tree | 008ac3334471370857e32b48893cb6f07d28e987 /mux.c | |
| parent | 9a728cc918fad67c8a9a71201088b1e150340ba4 (diff) | |
upstream commit
eliminate fallback from untrusted X11 forwarding to trusted
forwarding when the X server disables the SECURITY extension; Reported by
Thomas Hoger; ok deraadt@
Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
Diffstat (limited to 'mux.c')
| -rw-r--r-- | mux.c | 22 |
1 files changed, 12 insertions, 10 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: mux.c,v 1.57 2015/12/26 07:46:03 semarie Exp $ */ | 1 | /* $OpenBSD: mux.c,v 1.58 2016/01/13 23:04:47 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> |
| 4 | * | 4 | * |
| @@ -1354,16 +1354,18 @@ mux_session_confirm(int id, int success, void *arg) | |||
| 1354 | char *proto, *data; | 1354 | char *proto, *data; |
| 1355 | 1355 | ||
| 1356 | /* Get reasonable local authentication information. */ | 1356 | /* Get reasonable local authentication information. */ |
| 1357 | client_x11_get_proto(display, options.xauth_location, | 1357 | if (client_x11_get_proto(display, options.xauth_location, |
| 1358 | options.forward_x11_trusted, options.forward_x11_timeout, | 1358 | options.forward_x11_trusted, options.forward_x11_timeout, |
| 1359 | &proto, &data); | 1359 | &proto, &data) == 0) { |
| 1360 | /* Request forwarding with authentication spoofing. */ | 1360 | /* Request forwarding with authentication spoofing. */ |
| 1361 | debug("Requesting X11 forwarding with authentication " | 1361 | debug("Requesting X11 forwarding with authentication " |
| 1362 | "spoofing."); | 1362 | "spoofing."); |
| 1363 | x11_request_forwarding_with_spoofing(id, display, proto, | 1363 | x11_request_forwarding_with_spoofing(id, display, proto, |
| 1364 | data, 1); | 1364 | data, 1); |
| 1365 | client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN); | 1365 | /* XXX exit_on_forward_failure */ |
| 1366 | /* XXX exit_on_forward_failure */ | 1366 | client_expect_confirm(id, "X11 forwarding", |
| 1367 | CONFIRM_WARN); | ||
| 1368 | } | ||
| 1367 | } | 1369 | } |
| 1368 | 1370 | ||
| 1369 | if (cctx->want_agent_fwd && options.forward_agent) { | 1371 | if (cctx->want_agent_fwd && options.forward_agent) { |