diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2008-06-11 09:34:01 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2008-06-11 09:34:01 +1000 |
| commit | 8901fa9c88d52ac1f099e7a3ce5bd75089e7e731 (patch) | |
| tree | b8d241457d1c0abc2cbfb901f861864bd6940764 /serverloop.c | |
| parent | c9807e825a83df6d95ae7e0390c34ab71321f30b (diff) | |
- djm@cvs.openbsd.org 2008/06/10 22:15:23
[PROTOCOL ssh.c serverloop.c]
Add a no-more-sessions@openssh.com global request extension that the
client sends when it knows that it will never request another session
(i.e. when session multiplexing is disabled). This allows a server to
disallow further session requests and terminate the session.
Why would a non-multiplexing client ever issue additional session
requests? It could have been attacked with something like SSH'jack:
http://www.storm.net.nz/projects/7
feedback & ok markus
Diffstat (limited to 'serverloop.c')
| -rw-r--r-- | serverloop.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/serverloop.c b/serverloop.c index 6bc140f8b..76d76bab9 100644 --- a/serverloop.c +++ b/serverloop.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: serverloop.c,v 1.151 2008/05/09 16:21:13 markus Exp $ */ | 1 | /* $OpenBSD: serverloop.c,v 1.152 2008/06/10 22:15:23 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -105,6 +105,7 @@ static int connection_in; /* Connection to client (input). */ | |||
| 105 | static int connection_out; /* Connection to client (output). */ | 105 | static int connection_out; /* Connection to client (output). */ |
| 106 | static int connection_closed = 0; /* Connection to client closed. */ | 106 | static int connection_closed = 0; /* Connection to client closed. */ |
| 107 | static u_int buffer_high; /* "Soft" max buffer size. */ | 107 | static u_int buffer_high; /* "Soft" max buffer size. */ |
| 108 | static int no_more_sessions = 0; /* Disallow further sessions. */ | ||
| 108 | 109 | ||
| 109 | /* | 110 | /* |
| 110 | * This SIGCHLD kludge is used to detect when the child exits. The server | 111 | * This SIGCHLD kludge is used to detect when the child exits. The server |
| @@ -1013,6 +1014,12 @@ server_request_session(void) | |||
| 1013 | 1014 | ||
| 1014 | debug("input_session_request"); | 1015 | debug("input_session_request"); |
| 1015 | packet_check_eom(); | 1016 | packet_check_eom(); |
| 1017 | |||
| 1018 | if (no_more_sessions) { | ||
| 1019 | packet_disconnect("Possible attack: attempt to open a session " | ||
| 1020 | "after additional sessions disabled"); | ||
| 1021 | } | ||
| 1022 | |||
| 1016 | /* | 1023 | /* |
| 1017 | * A server session has no fd to read or write until a | 1024 | * A server session has no fd to read or write until a |
| 1018 | * CHANNEL_REQUEST for a shell is made, so we set the type to | 1025 | * CHANNEL_REQUEST for a shell is made, so we set the type to |
| @@ -1133,6 +1140,9 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) | |||
| 1133 | success = channel_cancel_rport_listener(cancel_address, | 1140 | success = channel_cancel_rport_listener(cancel_address, |
| 1134 | cancel_port); | 1141 | cancel_port); |
| 1135 | xfree(cancel_address); | 1142 | xfree(cancel_address); |
| 1143 | } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) { | ||
| 1144 | no_more_sessions = 1; | ||
| 1145 | success = 1; | ||
| 1136 | } | 1146 | } |
| 1137 | if (want_reply) { | 1147 | if (want_reply) { |
| 1138 | packet_start(success ? | 1148 | packet_start(success ? |