* New upstream release (closes: #453367).

- CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails; found and fixed by Jan Pechanec (closes: #444738). - sshd(8) in new installations defaults to SSH Protocol 2 only. Existing installations are unchanged. - The SSH channel window size has been increased, and both ssh(1) sshd(8) now send window updates more aggressively. These improves performance on high-BDP (Bandwidth Delay Product) networks. - ssh(1) and sshd(8) now preserve MAC contexts between packets, which saves 2 hash calls per packet and results in 12-16% speedup for arcfour256/hmac-md5. - A new MAC algorithm has been added, UMAC-64 (RFC4418) as "umac-64@openssh.com". UMAC-64 has been measured to be approximately 20% faster than HMAC-MD5. - Failure to establish a ssh(1) TunnelForward is now treated as a fatal error when the ExitOnForwardFailure option is set. - ssh(1) returns a sensible exit status if the control master goes away without passing the full exit status. - When using a ProxyCommand in ssh(1), set the outgoing hostname with gethostname(2), allowing hostbased authentication to work. - Make scp(1) skip FIFOs rather than hanging (closes: #246774). - Encode non-printing characters in scp(1) filenames. These could cause copies to be aborted with a "protocol error". - Handle SIGINT in sshd(8) privilege separation child process to ensure that wtmp and lastlog records are correctly updated. - Report GSSAPI mechanism in errors, for libraries that support multiple mechanisms. - Improve documentation for ssh-add(1)'s -d option. - Rearrange and tidy GSSAPI code, removing server-only code being linked into the client. - Delay execution of ssh(1)'s LocalCommand until after all forwardings have been established. - In scp(1), do not truncate non-regular files. - Improve exit message from ControlMaster clients. - Prevent sftp-server(8) from reading until it runs out of buffer space, whereupon it would exit with a fatal error (closes: #365541). - pam_end() was not being called if authentication failed (closes: #405041). - Manual page datestamps updated (closes: #433181).
author: Colin Watson <cjwatson@debian.org> 2007-12-24 10:29:57 +0000
committer: Colin Watson <cjwatson@debian.org> 2007-12-24 10:29:57 +0000
commit: c3e531b12b2335b7fa5a6bcc9a309d3c523ff64b (patch)
tree: b72c0867348e7e7914d64af6fc5e25c728922e03 /ssh-agent.c
parent: 6b222fdf3cb54c11a446df38e027fe7acf2220cb (diff)
parent: 70847d299887abb96f8703ca99db6d817b78960e (diff)
1 files changed, 41 insertions, 25 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index a3a867c33..c3d5e5a75 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.154 2007/02/28 00:55:30 dtucker Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.155 2007/03/19 12:16:42 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -120,6 +120,7 @@ int max_fd = 0;
 /* pid of shell == parent of agent */
 pid_t parent_pid = -1;
+u_int parent_alive_interval = 0;
 /* pathname and directory for AUTH_SOCKET */
 char socket_name[MAXPATHLEN];
@@ -421,10 +422,11 @@ process_remove_all_identities(SocketEntry *e, int version)
        buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
 }
-static void
+/* removes expired keys and returns number of seconds until the next expiry */
+static u_int
 reaper(void)
 {
-        u_int now = time(NULL);
+        u_int deadline = 0, now = time(NULL);
        Identity *id, *nxt;
        int version;
        Idtab *tab;
@@ -433,14 +435,22 @@ reaper(void)
                tab = idtab_lookup(version);
                for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
                        nxt = TAILQ_NEXT(id, next);
-                        if (id->death != 0 && now >= id->death) {
+                        if (id->death == 0)
+                                continue;
+                        if (now >= id->death) {
                                debug("expiring key '%s'", id->comment);
                                TAILQ_REMOVE(&tab->idlist, id, next);
                                free_identity(id);
                                tab->nentries--;
-                        }
+                        } else
+                                deadline = (deadline == 0) ? id->death :
+                                    MIN(deadline, id->death);
                }
        }
+        if (deadline == 0 || deadline <= now)
+                return 0;
+        else
+                return (deadline - now);
 }
 static void
@@ -826,10 +836,12 @@ new_socket(sock_type type, int fd)
 }
 static int
-prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp)
+prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp,
+    struct timeval **tvpp)
 {
-        u_int i, sz;
+        u_int i, sz, deadline;
        int n = 0;
+        static struct timeval tv;
        for (i = 0; i < sockets_alloc; i++) {
                switch (sockets[i].type) {
@@ -873,6 +885,17 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp)
                        break;
                }
        }
+        deadline = reaper();
+        if (parent_alive_interval != 0)
+                deadline = (deadline == 0) ? parent_alive_interval :
+                    MIN(deadline, parent_alive_interval);
+        if (deadline == 0) {
+                *tvpp = NULL;
+        } else {
+                tv.tv_sec = deadline;
+                tv.tv_usec = 0;
+                *tvpp = &tv;
+        }
        return (1);
 }
@@ -980,19 +1003,14 @@ cleanup_handler(int sig)
        _exit(2);
 }
-/*ARGSUSED*/
 static void
-check_parent_exists(int sig)
+check_parent_exists(void)
 {
-        int save_errno = errno;
        if (parent_pid != -1 && kill(parent_pid, 0) < 0) {
                /* printf("Parent has died - Authentication agent exiting.\n"); */
-                cleanup_handler(sig); /* safe */
+                cleanup_socket();
+                _exit(2);
        }
-        mysignal(SIGALRM, check_parent_exists);
-        alarm(10);
-        errno = save_errno;
 }
 static void
@@ -1027,7 +1045,7 @@ main(int ac, char **av)
        extern char *optarg;
        pid_t pid;
        char pidstrbuf[1 + 3 * sizeof pid];
-        struct timeval tv;
+        struct timeval *tvp = NULL;
        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
        sanitise_stdfd();
@@ -1228,10 +1246,8 @@ main(int ac, char **av)
 skip:
        new_socket(AUTH_SOCKET, sock);
-        if (ac > 0) {
+        if (ac > 0)
-                mysignal(SIGALRM, check_parent_exists);
+                parent_alive_interval = 10;
-                alarm(10);
-        }
        idtab_init();
        if (!d_flag)
                signal(SIGINT, SIG_IGN);
@@ -1241,12 +1257,12 @@ skip:
        nalloc = 0;
        while (1) {
-                tv.tv_sec = 10;
+                prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp);
-                tv.tv_usec = 0;
+                result = select(max_fd + 1, readsetp, writesetp, NULL, tvp);
-                prepare_select(&readsetp, &writesetp, &max_fd, &nalloc);
-                result = select(max_fd + 1, readsetp, writesetp, NULL, &tv);
                saved_errno = errno;
-                reaper();       /* remove expired keys */
+                if (parent_alive_interval != 0)
+                        check_parent_exists();
+                (void) reaper();        /* remove expired keys */
                if (result < 0) {
                        if (saved_errno == EINTR)
                                continue;
author	Colin Watson <cjwatson@debian.org>	2007-12-24 10:29:57 +0000
committer	Colin Watson <cjwatson@debian.org>	2007-12-24 10:29:57 +0000
commit	c3e531b12b2335b7fa5a6bcc9a309d3c523ff64b (patch)
tree	b72c0867348e7e7914d64af6fc5e25c728922e03 /ssh-agent.c
parent	6b222fdf3cb54c11a446df38e027fe7acf2220cb (diff)
parent	70847d299887abb96f8703ca99db6d817b78960e (diff)