diff options
| author | Colin Watson <cjwatson@debian.org> | 2007-12-24 10:29:57 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2007-12-24 10:29:57 +0000 |
| commit | c3e531b12b2335b7fa5a6bcc9a309d3c523ff64b (patch) | |
| tree | b72c0867348e7e7914d64af6fc5e25c728922e03 /sftp-server.c | |
| parent | 6b222fdf3cb54c11a446df38e027fe7acf2220cb (diff) | |
| parent | 70847d299887abb96f8703ca99db6d817b78960e (diff) | |
* New upstream release (closes: #453367).
- CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if
creation of an untrusted cookie fails; found and fixed by Jan Pechanec
(closes: #444738).
- sshd(8) in new installations defaults to SSH Protocol 2 only. Existing
installations are unchanged.
- The SSH channel window size has been increased, and both ssh(1)
sshd(8) now send window updates more aggressively. These improves
performance on high-BDP (Bandwidth Delay Product) networks.
- ssh(1) and sshd(8) now preserve MAC contexts between packets, which
saves 2 hash calls per packet and results in 12-16% speedup for
arcfour256/hmac-md5.
- A new MAC algorithm has been added, UMAC-64 (RFC4418) as
"umac-64@openssh.com". UMAC-64 has been measured to be approximately
20% faster than HMAC-MD5.
- Failure to establish a ssh(1) TunnelForward is now treated as a fatal
error when the ExitOnForwardFailure option is set.
- ssh(1) returns a sensible exit status if the control master goes away
without passing the full exit status.
- When using a ProxyCommand in ssh(1), set the outgoing hostname with
gethostname(2), allowing hostbased authentication to work.
- Make scp(1) skip FIFOs rather than hanging (closes: #246774).
- Encode non-printing characters in scp(1) filenames. These could cause
copies to be aborted with a "protocol error".
- Handle SIGINT in sshd(8) privilege separation child process to ensure
that wtmp and lastlog records are correctly updated.
- Report GSSAPI mechanism in errors, for libraries that support multiple
mechanisms.
- Improve documentation for ssh-add(1)'s -d option.
- Rearrange and tidy GSSAPI code, removing server-only code being linked
into the client.
- Delay execution of ssh(1)'s LocalCommand until after all forwardings
have been established.
- In scp(1), do not truncate non-regular files.
- Improve exit message from ControlMaster clients.
- Prevent sftp-server(8) from reading until it runs out of buffer space,
whereupon it would exit with a fatal error (closes: #365541).
- pam_end() was not being called if authentication failed
(closes: #405041).
- Manual page datestamps updated (closes: #433181).
Diffstat (limited to 'sftp-server.c')
| -rw-r--r-- | sftp-server.c | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/sftp-server.c b/sftp-server.c index 64777beff..76edebc5a 100644 --- a/sftp-server.c +++ b/sftp-server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sftp-server.c,v 1.71 2007/01/03 07:22:36 stevesk Exp $ */ | 1 | /* $OpenBSD: sftp-server.c,v 1.73 2007/05/17 07:55:29 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -319,7 +319,8 @@ handle_log_close(int handle, char *emsg) | |||
| 319 | logit("%s%sclose \"%s\" bytes read %llu written %llu", | 319 | logit("%s%sclose \"%s\" bytes read %llu written %llu", |
| 320 | emsg == NULL ? "" : emsg, emsg == NULL ? "" : " ", | 320 | emsg == NULL ? "" : emsg, emsg == NULL ? "" : " ", |
| 321 | handle_to_name(handle), | 321 | handle_to_name(handle), |
| 322 | handle_bytes_read(handle), handle_bytes_write(handle)); | 322 | (unsigned long long)handle_bytes_read(handle), |
| 323 | (unsigned long long)handle_bytes_write(handle)); | ||
| 323 | } else { | 324 | } else { |
| 324 | logit("%s%sclosedir \"%s\"", | 325 | logit("%s%sclosedir \"%s\"", |
| 325 | emsg == NULL ? "" : emsg, emsg == NULL ? "" : " ", | 326 | emsg == NULL ? "" : emsg, emsg == NULL ? "" : " ", |
| @@ -702,7 +703,8 @@ process_setstat(void) | |||
| 702 | a = get_attrib(); | 703 | a = get_attrib(); |
| 703 | debug("request %u: setstat name \"%s\"", id, name); | 704 | debug("request %u: setstat name \"%s\"", id, name); |
| 704 | if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { | 705 | if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { |
| 705 | logit("set \"%s\" size %llu", name, a->size); | 706 | logit("set \"%s\" size %llu", |
| 707 | name, (unsigned long long)a->size); | ||
| 706 | ret = truncate(name, a->size); | 708 | ret = truncate(name, a->size); |
| 707 | if (ret == -1) | 709 | if (ret == -1) |
| 708 | status = errno_to_portable(errno); | 710 | status = errno_to_portable(errno); |
| @@ -754,7 +756,8 @@ process_fsetstat(void) | |||
| 754 | char *name = handle_to_name(handle); | 756 | char *name = handle_to_name(handle); |
| 755 | 757 | ||
| 756 | if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { | 758 | if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { |
| 757 | logit("set \"%s\" size %llu", name, a->size); | 759 | logit("set \"%s\" size %llu", |
| 760 | name, (unsigned long long)a->size); | ||
| 758 | ret = ftruncate(fd, a->size); | 761 | ret = ftruncate(fd, a->size); |
| 759 | if (ret == -1) | 762 | if (ret == -1) |
| 760 | status = errno_to_portable(errno); | 763 | status = errno_to_portable(errno); |
| @@ -1211,7 +1214,7 @@ main(int argc, char **argv) | |||
| 1211 | int in, out, max, ch, skipargs = 0, log_stderr = 0; | 1214 | int in, out, max, ch, skipargs = 0, log_stderr = 0; |
| 1212 | ssize_t len, olen, set_size; | 1215 | ssize_t len, olen, set_size; |
| 1213 | SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; | 1216 | SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; |
| 1214 | char *cp; | 1217 | char *cp, buf[4*4096]; |
| 1215 | 1218 | ||
| 1216 | extern char *optarg; | 1219 | extern char *optarg; |
| 1217 | extern char *__progname; | 1220 | extern char *__progname; |
| @@ -1295,7 +1298,15 @@ main(int argc, char **argv) | |||
| 1295 | memset(rset, 0, set_size); | 1298 | memset(rset, 0, set_size); |
| 1296 | memset(wset, 0, set_size); | 1299 | memset(wset, 0, set_size); |
| 1297 | 1300 | ||
| 1298 | FD_SET(in, rset); | 1301 | /* |
| 1302 | * Ensure that we can read a full buffer and handle | ||
| 1303 | * the worst-case length packet it can generate, | ||
| 1304 | * otherwise apply backpressure by stopping reads. | ||
| 1305 | */ | ||
| 1306 | if (buffer_check_alloc(&iqueue, sizeof(buf)) && | ||
| 1307 | buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH)) | ||
| 1308 | FD_SET(in, rset); | ||
| 1309 | |||
| 1299 | olen = buffer_len(&oqueue); | 1310 | olen = buffer_len(&oqueue); |
| 1300 | if (olen > 0) | 1311 | if (olen > 0) |
| 1301 | FD_SET(out, wset); | 1312 | FD_SET(out, wset); |
| @@ -1309,7 +1320,6 @@ main(int argc, char **argv) | |||
| 1309 | 1320 | ||
| 1310 | /* copy stdin to iqueue */ | 1321 | /* copy stdin to iqueue */ |
| 1311 | if (FD_ISSET(in, rset)) { | 1322 | if (FD_ISSET(in, rset)) { |
| 1312 | char buf[4*4096]; | ||
| 1313 | len = read(in, buf, sizeof buf); | 1323 | len = read(in, buf, sizeof buf); |
| 1314 | if (len == 0) { | 1324 | if (len == 0) { |
| 1315 | debug("read eof"); | 1325 | debug("read eof"); |
| @@ -1331,7 +1341,13 @@ main(int argc, char **argv) | |||
| 1331 | buffer_consume(&oqueue, len); | 1341 | buffer_consume(&oqueue, len); |
| 1332 | } | 1342 | } |
| 1333 | } | 1343 | } |
| 1334 | /* process requests from client */ | 1344 | |
| 1335 | process(); | 1345 | /* |
| 1346 | * Process requests from client if we can fit the results | ||
| 1347 | * into the output buffer, otherwise stop processing input | ||
| 1348 | * and let the output queue drain. | ||
| 1349 | */ | ||
| 1350 | if (buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH)) | ||
| 1351 | process(); | ||
| 1336 | } | 1352 | } |
| 1337 | } | 1353 | } |