diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | channels.c | 48 | ||||
| -rw-r--r-- | channels.h | 6 | ||||
| -rw-r--r-- | session.c | 4 |
4 files changed, 44 insertions, 20 deletions
| @@ -53,6 +53,10 @@ | |||
| 53 | so move the comment. | 53 | so move the comment. |
| 54 | 3) reorder so like options are together | 54 | 3) reorder so like options are together |
| 55 | ok djm@ | 55 | ok djm@ |
| 56 | - djm@cvs.openbsd.org 2009/01/22 09:46:01 | ||
| 57 | [channels.c channels.h session.c] | ||
| 58 | make Channel->path an allocated string, saving a few bytes here and | ||
| 59 | there and fixing bz#1380 in the process; ok markus@ | ||
| 56 | 60 | ||
| 57 | 20090107 | 61 | 20090107 |
| 58 | - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X. | 62 | - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X. |
| @@ -5062,5 +5066,5 @@ | |||
| 5062 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 5066 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
| 5063 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 5067 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
| 5064 | 5068 | ||
| 5065 | $Id: ChangeLog,v 1.5172 2009/01/28 05:27:31 djm Exp $ | 5069 | $Id: ChangeLog,v 1.5173 2009/01/28 05:29:49 djm Exp $ |
| 5066 | 5070 | ||
diff --git a/channels.c b/channels.c index 2319afd4b..e6c08b62b 100644 --- a/channels.c +++ b/channels.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: channels.c,v 1.292 2009/01/14 01:38:06 djm Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.293 2009/01/22 09:46:01 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -296,6 +296,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, | |||
| 296 | buffer_init(&c->input); | 296 | buffer_init(&c->input); |
| 297 | buffer_init(&c->output); | 297 | buffer_init(&c->output); |
| 298 | buffer_init(&c->extended); | 298 | buffer_init(&c->extended); |
| 299 | c->path = NULL; | ||
| 299 | c->ostate = CHAN_OUTPUT_OPEN; | 300 | c->ostate = CHAN_OUTPUT_OPEN; |
| 300 | c->istate = CHAN_INPUT_OPEN; | 301 | c->istate = CHAN_INPUT_OPEN; |
| 301 | c->flags = 0; | 302 | c->flags = 0; |
| @@ -402,6 +403,10 @@ channel_free(Channel *c) | |||
| 402 | xfree(c->remote_name); | 403 | xfree(c->remote_name); |
| 403 | c->remote_name = NULL; | 404 | c->remote_name = NULL; |
| 404 | } | 405 | } |
| 406 | if (c->path) { | ||
| 407 | xfree(c->path); | ||
| 408 | c->path = NULL; | ||
| 409 | } | ||
| 405 | while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) { | 410 | while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) { |
| 406 | if (cc->abandon_cb != NULL) | 411 | if (cc->abandon_cb != NULL) |
| 407 | cc->abandon_cb(c, cc->ctx); | 412 | cc->abandon_cb(c, cc->ctx); |
| @@ -1035,9 +1040,13 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) | |||
| 1035 | strlcpy(username, p, sizeof(username)); | 1040 | strlcpy(username, p, sizeof(username)); |
| 1036 | buffer_consume(&c->input, len); | 1041 | buffer_consume(&c->input, len); |
| 1037 | 1042 | ||
| 1043 | if (c->path != NULL) { | ||
| 1044 | xfree(c->path); | ||
| 1045 | c->path = NULL; | ||
| 1046 | } | ||
| 1038 | if (need == 1) { /* SOCKS4: one string */ | 1047 | if (need == 1) { /* SOCKS4: one string */ |
| 1039 | host = inet_ntoa(s4_req.dest_addr); | 1048 | host = inet_ntoa(s4_req.dest_addr); |
| 1040 | strlcpy(c->path, host, sizeof(c->path)); | 1049 | c->path = xstrdup(host); |
| 1041 | } else { /* SOCKS4A: two strings */ | 1050 | } else { /* SOCKS4A: two strings */ |
| 1042 | have = buffer_len(&c->input); | 1051 | have = buffer_len(&c->input); |
| 1043 | p = buffer_ptr(&c->input); | 1052 | p = buffer_ptr(&c->input); |
| @@ -1048,11 +1057,12 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) | |||
| 1048 | if (len > have) | 1057 | if (len > have) |
| 1049 | fatal("channel %d: decode socks4a: len %d > have %d", | 1058 | fatal("channel %d: decode socks4a: len %d > have %d", |
| 1050 | c->self, len, have); | 1059 | c->self, len, have); |
| 1051 | if (strlcpy(c->path, p, sizeof(c->path)) >= sizeof(c->path)) { | 1060 | if (len > NI_MAXHOST) { |
| 1052 | error("channel %d: hostname \"%.100s\" too long", | 1061 | error("channel %d: hostname \"%.100s\" too long", |
| 1053 | c->self, p); | 1062 | c->self, p); |
| 1054 | return -1; | 1063 | return -1; |
| 1055 | } | 1064 | } |
| 1065 | c->path = xstrdup(p); | ||
| 1056 | buffer_consume(&c->input, len); | 1066 | buffer_consume(&c->input, len); |
| 1057 | } | 1067 | } |
| 1058 | c->host_port = ntohs(s4_req.dest_port); | 1068 | c->host_port = ntohs(s4_req.dest_port); |
| @@ -1093,7 +1103,7 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) | |||
| 1093 | u_int8_t atyp; | 1103 | u_int8_t atyp; |
| 1094 | } s5_req, s5_rsp; | 1104 | } s5_req, s5_rsp; |
| 1095 | u_int16_t dest_port; | 1105 | u_int16_t dest_port; |
| 1096 | u_char *p, dest_addr[255+1]; | 1106 | u_char *p, dest_addr[255+1], ntop[INET6_ADDRSTRLEN]; |
| 1097 | u_int have, need, i, found, nmethods, addrlen, af; | 1107 | u_int have, need, i, found, nmethods, addrlen, af; |
| 1098 | 1108 | ||
| 1099 | debug2("channel %d: decode socks5", c->self); | 1109 | debug2("channel %d: decode socks5", c->self); |
| @@ -1166,10 +1176,22 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) | |||
| 1166 | buffer_get(&c->input, (char *)&dest_addr, addrlen); | 1176 | buffer_get(&c->input, (char *)&dest_addr, addrlen); |
| 1167 | buffer_get(&c->input, (char *)&dest_port, 2); | 1177 | buffer_get(&c->input, (char *)&dest_port, 2); |
| 1168 | dest_addr[addrlen] = '\0'; | 1178 | dest_addr[addrlen] = '\0'; |
| 1169 | if (s5_req.atyp == SSH_SOCKS5_DOMAIN) | 1179 | if (c->path != NULL) { |
| 1170 | strlcpy(c->path, (char *)dest_addr, sizeof(c->path)); | 1180 | xfree(c->path); |
| 1171 | else if (inet_ntop(af, dest_addr, c->path, sizeof(c->path)) == NULL) | 1181 | c->path = NULL; |
| 1172 | return -1; | 1182 | } |
| 1183 | if (s5_req.atyp == SSH_SOCKS5_DOMAIN) { | ||
| 1184 | if (addrlen > NI_MAXHOST - 1) { | ||
| 1185 | error("channel %d: dynamic request: socks5 hostname " | ||
| 1186 | "\"%.100s\" too long", c->self, dest_addr); | ||
| 1187 | return -1; | ||
| 1188 | } | ||
| 1189 | c->path = xstrdup(dest_addr); | ||
| 1190 | } else { | ||
| 1191 | if (inet_ntop(af, dest_addr, ntop, sizeof(ntop)) == NULL) | ||
| 1192 | return -1; | ||
| 1193 | c->path = xstrdup(ntop); | ||
| 1194 | } | ||
| 1173 | c->host_port = ntohs(dest_port); | 1195 | c->host_port = ntohs(dest_port); |
| 1174 | 1196 | ||
| 1175 | debug2("channel %d: dynamic request: socks5 host %s port %u command %u", | 1197 | debug2("channel %d: dynamic request: socks5 host %s port %u command %u", |
| @@ -1398,7 +1420,8 @@ channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset) | |||
| 1398 | c->local_window_max, c->local_maxpacket, 0, rtype, 1); | 1420 | c->local_window_max, c->local_maxpacket, 0, rtype, 1); |
| 1399 | nc->listening_port = c->listening_port; | 1421 | nc->listening_port = c->listening_port; |
| 1400 | nc->host_port = c->host_port; | 1422 | nc->host_port = c->host_port; |
| 1401 | strlcpy(nc->path, c->path, sizeof(nc->path)); | 1423 | if (c->path != NULL) |
| 1424 | nc->path = xstrdup(c->path); | ||
| 1402 | 1425 | ||
| 1403 | if (nextstate == SSH_CHANNEL_DYNAMIC) { | 1426 | if (nextstate == SSH_CHANNEL_DYNAMIC) { |
| 1404 | /* | 1427 | /* |
| @@ -2454,7 +2477,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por | |||
| 2454 | error("No forward host name."); | 2477 | error("No forward host name."); |
| 2455 | return 0; | 2478 | return 0; |
| 2456 | } | 2479 | } |
| 2457 | if (strlen(host) > SSH_CHANNEL_PATH_LEN - 1) { | 2480 | if (strlen(host) > NI_MAXHOST) { |
| 2458 | error("Forward host name too long."); | 2481 | error("Forward host name too long."); |
| 2459 | return 0; | 2482 | return 0; |
| 2460 | } | 2483 | } |
| @@ -2555,7 +2578,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por | |||
| 2555 | c = channel_new("port listener", type, sock, sock, -1, | 2578 | c = channel_new("port listener", type, sock, sock, -1, |
| 2556 | CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, | 2579 | CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, |
| 2557 | 0, "port listener", 1); | 2580 | 0, "port listener", 1); |
| 2558 | strlcpy(c->path, host, sizeof(c->path)); | 2581 | c->path = xstrdup(host); |
| 2559 | c->host_port = port_to_connect; | 2582 | c->host_port = port_to_connect; |
| 2560 | c->listening_port = listen_port; | 2583 | c->listening_port = listen_port; |
| 2561 | success = 1; | 2584 | success = 1; |
| @@ -2577,8 +2600,7 @@ channel_cancel_rport_listener(const char *host, u_short port) | |||
| 2577 | Channel *c = channels[i]; | 2600 | Channel *c = channels[i]; |
| 2578 | 2601 | ||
| 2579 | if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER && | 2602 | if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER && |
| 2580 | strncmp(c->path, host, sizeof(c->path)) == 0 && | 2603 | strcmp(c->path, host) == 0 && c->listening_port == port) { |
| 2581 | c->listening_port == port) { | ||
| 2582 | debug2("%s: close channel %d", __func__, i); | 2604 | debug2("%s: close channel %d", __func__, i); |
| 2583 | channel_free(c); | 2605 | channel_free(c); |
| 2584 | found = 1; | 2606 | found = 1; |
diff --git a/channels.h b/channels.h index 108b36068..19fee769c 100644 --- a/channels.h +++ b/channels.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: channels.h,v 1.96 2008/06/15 20:06:26 djm Exp $ */ | 1 | /* $OpenBSD: channels.h,v 1.97 2009/01/22 09:46:01 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| @@ -55,8 +55,6 @@ | |||
| 55 | #define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */ | 55 | #define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */ |
| 56 | #define SSH_CHANNEL_MAX_TYPE 15 | 56 | #define SSH_CHANNEL_MAX_TYPE 15 |
| 57 | 57 | ||
| 58 | #define SSH_CHANNEL_PATH_LEN 256 | ||
| 59 | |||
| 60 | struct Channel; | 58 | struct Channel; |
| 61 | typedef struct Channel Channel; | 59 | typedef struct Channel Channel; |
| 62 | 60 | ||
| @@ -105,7 +103,7 @@ struct Channel { | |||
| 105 | Buffer output; /* data received over encrypted connection for | 103 | Buffer output; /* data received over encrypted connection for |
| 106 | * send on socket */ | 104 | * send on socket */ |
| 107 | Buffer extended; | 105 | Buffer extended; |
| 108 | char path[SSH_CHANNEL_PATH_LEN]; | 106 | char *path; |
| 109 | /* path for unix domain sockets, or host name for forwards */ | 107 | /* path for unix domain sockets, or host name for forwards */ |
| 110 | int listening_port; /* port being listened for forwards */ | 108 | int listening_port; /* port being listened for forwards */ |
| 111 | int host_port; /* remote port to connect for forwards */ | 109 | int host_port; /* remote port to connect for forwards */ |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: session.c,v 1.244 2008/11/09 12:34:47 tobias Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.245 2009/01/22 09:46:01 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 4 | * All rights reserved | 4 | * All rights reserved |
| @@ -234,7 +234,7 @@ auth_input_request_forwarding(struct passwd * pw) | |||
| 234 | SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, | 234 | SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, |
| 235 | CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, | 235 | CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, |
| 236 | 0, "auth socket", 1); | 236 | 0, "auth socket", 1); |
| 237 | strlcpy(nc->path, auth_sock_name, sizeof(nc->path)); | 237 | nc->path = xstrdup(auth_sock_name); |
| 238 | return 1; | 238 | return 1; |
| 239 | 239 | ||
| 240 | authsock_err: | 240 | authsock_err: |