Debian release 3.5p1-1.

author: Colin Watson <cjwatson@debian.org> 2003-09-01 02:05:26 +0000
committer: Colin Watson <cjwatson@debian.org> 2003-09-01 02:05:26 +0000
commit: 6d5a72bc1d98a42ba42f082e50a22e911c1d82d3 (patch)
tree: 1bf23174bdb6fc71e2846dda0eca195a418484e7 /sshd.c
parent: 2ee26b431f98cf1dc0e4fb9809ad1e0c879b8c08 (diff)
parent: 58657d96514cd6f16d82add8d6f4adbb36765758 (diff)
1 files changed, 50 insertions, 43 deletions
diff --git a/sshd.c b/sshd.c
index 904629e95..35685643f 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.260 2002/09/27 10:42:09 mickey Exp $");
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -303,11 +303,8 @@ grace_alarm_handler(int sig)
 {
        /* XXX no idea how fix this signal handler */
-        /* Close the connection. */
-        packet_close();
        /* Log error and exit. */
-        fatal("Timeout before authentication for %s.", get_remote_ipaddr());
+        fatal("Timeout before authentication for %s", get_remote_ipaddr());
 }
 /*
@@ -320,7 +317,7 @@ grace_alarm_handler(int sig)
 static void
 generate_ephemeral_server_key(void)
 {
-        u_int32_t rand = 0;
+        u_int32_t rnd = 0;
        int i;
        verbose("Generating %s%d bit RSA key.",
@@ -333,9 +330,9 @@ generate_ephemeral_server_key(void)
        for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
                if (i % 4 == 0)
-                        rand = arc4random();
+                        rnd = arc4random();
-                sensitive_data.ssh1_cookie[i] = rand & 0xff;
+                sensitive_data.ssh1_cookie[i] = rnd & 0xff;
-                rand >>= 8;
+                rnd >>= 8;
        }
        arc4random_stir();
 }
@@ -427,6 +424,12 @@ sshd_exchange_identification(int sock_in, int sock_out)
        compat_datafellows(remote_version);
+        if (datafellows & SSH_BUG_PROBE) {
+                log("probed from %s with %s.  Don't panic.",
+                    get_remote_ipaddr(), client_version_string);
+                fatal_cleanup();
+        }
        if (datafellows & SSH_BUG_SCANNER) {
                log("scanned from %s with %s.  Don't panic.",
                    get_remote_ipaddr(), client_version_string);
@@ -529,8 +532,8 @@ demote_sensitive_data(void)
 static void
 privsep_preauth_child(void)
 {
-        u_int32_t rand[256];
+        u_int32_t rnd[256];
-        gid_t gidset[2];
+        gid_t gidset[1];
        struct passwd *pw;
        int i;
@@ -538,8 +541,8 @@ privsep_preauth_child(void)
        privsep_challenge_enable();
        for (i = 0; i < 256; i++)
-                rand[i] = arc4random();
+                rnd[i] = arc4random();
-        RAND_seed(rand, sizeof(rand));
+        RAND_seed(rnd, sizeof(rnd));
        /* Demote the private keys to public keys. */
        demote_sensitive_data();
@@ -550,7 +553,7 @@ privsep_preauth_child(void)
        memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
        endpwent();
-        /* Change our root directory*/
+        /* Change our root directory */
        if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
                fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
                    strerror(errno));
@@ -573,7 +576,7 @@ privsep_preauth_child(void)
 #endif
 }
-static Authctxt*
+static Authctxt *
 privsep_preauth(void)
 {
        Authctxt *authctxt = NULL;
@@ -589,6 +592,8 @@ privsep_preauth(void)
        if (pid == -1) {
                fatal("fork of unprivileged child failed");
        } else if (pid != 0) {
+                fatal_remove_cleanup((void (*) (void *)) packet_close, NULL);
                debug2("Network child is on pid %ld", (long)pid);
                close(pmonitor->m_recvfd);
@@ -602,6 +607,10 @@ privsep_preauth(void)
                while (waitpid(pid, &status, 0) < 0)
                        if (errno != EINTR)
                                break;
+                /* Reinstall, since the child has finished */
+                fatal_add_cleanup((void (*) (void *)) packet_close, NULL);
                return (authctxt);
        } else {
                /* child */
@@ -624,7 +633,7 @@ privsep_postauth(Authctxt *authctxt)
        /* XXX - Remote port forwarding */
        x_authctxt = authctxt;
-#ifdef BROKEN_FD_PASSING
+#ifdef DISABLE_FD_PASSING
        if (1) {
 #else
        if (authctxt->pw->pw_uid == 0 || options.use_login) {
@@ -649,6 +658,8 @@ privsep_postauth(Authctxt *authctxt)
        if (pmonitor->m_pid == -1)
                fatal("fork of unprivileged child failed");
        else if (pmonitor->m_pid != 0) {
+                fatal_remove_cleanup((void (*) (void *)) packet_close, NULL);
                debug2("User child is on pid %ld", (long)pmonitor->m_pid);
                close(pmonitor->m_recvfd);
                monitor_child_postauth(pmonitor);
@@ -801,7 +812,6 @@ main(int ac, char **av)
        const char *remote_ip;
        int remote_port;
        FILE *f;
-        struct linger linger;
        struct addrinfo *ai;
        char ntop[NI_MAXHOST], strport[NI_MAXSERV];
        int listen_sock, maxfd;
@@ -911,6 +921,10 @@ main(int ac, char **av)
                        break;
                case 'u':
                        utmp_len = atoi(optarg);
+                        if (utmp_len > MAXHOSTNAMELEN) {
+                                fprintf(stderr, "Invalid utmp length.\n");
+                                exit(1);
+                        }
                        break;
                case 'o':
                        if (process_server_config_line(&options, optarg,
@@ -937,7 +951,7 @@ main(int ac, char **av)
            SYSLOG_FACILITY_AUTH : options.log_facility,
            !inetd_flag);
-#ifdef _CRAY
+#ifdef _UNICOS
        /* Cray can define user privs drop all prives now!
         * Not needed on PRIV_SU systems!
         */
@@ -961,7 +975,8 @@ main(int ac, char **av)
        debug("sshd version %.100s", SSH_VERSION);
        /* load private host keys */
-        sensitive_data.host_keys = xmalloc(options.num_host_key_files*sizeof(Key*));
+        sensitive_data.host_keys = xmalloc(options.num_host_key_files *
+            sizeof(Key *));
        for (i = 0; i < options.num_host_key_files; i++)
                sensitive_data.host_keys[i] = NULL;
        sensitive_data.server_key = NULL;
@@ -1040,7 +1055,14 @@ main(int ac, char **av)
                    (S_ISDIR(st.st_mode) == 0))
                        fatal("Missing privilege separation directory: %s",
                            _PATH_PRIVSEP_CHROOT_DIR);
+#ifdef HAVE_CYGWIN
+                if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) &&
+                    (st.st_uid != getuid () ||
+                    (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
+#else
                if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
+#endif
                        fatal("Bad owner or mode for %s",
                            _PATH_PRIVSEP_CHROOT_DIR);
        }
@@ -1140,17 +1162,12 @@ main(int ac, char **av)
                                continue;
                        }
                        /*
-                         * Set socket options.  We try to make the port
+                         * Set socket options.
-                         * reusable and have it close as fast as possible
+                         * Allow local port reuse in TIME_WAIT.
-                         * without waiting in unnecessary wait states on
-                         * close.
                         */
-                        setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR,
+                        if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR,
-                            &on, sizeof(on));
+                            &on, sizeof(on)) == -1)
-                        linger.l_onoff = 1;
+                                error("setsockopt SO_REUSEADDR: %s", strerror(errno));
-                        linger.l_linger = 5;
-                        setsockopt(listen_sock, SOL_SOCKET, SO_LINGER,
-                            &linger, sizeof(linger));
                        debug("Bind to port %s on %s.", strport, ntop);
@@ -1399,16 +1416,6 @@ main(int ac, char **av)
        signal(SIGCHLD, SIG_DFL);
        signal(SIGINT, SIG_DFL);
-        /*
-         * Set socket options for the connection.  We want the socket to
-         * close as fast as possible without waiting for anything.  If the
-         * connection is not a socket, these will do nothing.
-         */
-        /* setsockopt(sock_in, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
-        linger.l_onoff = 1;
-        linger.l_linger = 5;
-        setsockopt(sock_in, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger));
        /* Set keepalives if requested. */
        if (options.keepalives &&
            setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on,
@@ -1596,7 +1603,7 @@ do_ssh1_kex(void)
        u_char session_key[SSH_SESSION_KEY_LENGTH];
        u_char cookie[8];
        u_int cipher_type, auth_mask, protocol_flags;
-        u_int32_t rand = 0;
+        u_int32_t rnd = 0;
        /*
         * Generate check bytes that the client must send back in the user
@@ -1609,9 +1616,9 @@ do_ssh1_kex(void)
         */
        for (i = 0; i < 8; i++) {
                if (i % 4 == 0)
-                        rand = arc4random();
+                        rnd = arc4random();
-                cookie[i] = rand & 0xff;
+                cookie[i] = rnd & 0xff;
-                rand >>= 8;
+                rnd >>= 8;
        }
        /*
author	Colin Watson <cjwatson@debian.org>	2003-09-01 02:05:26 +0000
committer	Colin Watson <cjwatson@debian.org>	2003-09-01 02:05:26 +0000
commit	6d5a72bc1d98a42ba42f082e50a22e911c1d82d3 (patch)
tree	1bf23174bdb6fc71e2846dda0eca195a418484e7 /sshd.c
parent	2ee26b431f98cf1dc0e4fb9809ad1e0c879b8c08 (diff)
parent	58657d96514cd6f16d82add8d6f4adbb36765758 (diff)