summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog9
-rw-r--r--clientloop.c38
2 files changed, 32 insertions, 15 deletions
diff --git a/ChangeLog b/ChangeLog
index 8a602213a..62fd4d68b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
120070815
2 - (dtucker) OpenBSD CVS Sync
3 - markus@cvs.openbsd.org 2007/08/15 08:14:46
4 [clientloop.c]
5 do NOT fall back to the trused x11 cookie if generation of an untrusted
6 cookie fails; from security-alert at sun.com; ok dtucker
7
120070813 820070813
2 - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always 9 - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always
3 called with PAM_ESTABLISH_CRED at least once, which resolves a problem 10 called with PAM_ESTABLISH_CRED at least once, which resolves a problem
@@ -3152,4 +3159,4 @@
3152 OpenServer 6 and add osr5bigcrypt support so when someone migrates 3159 OpenServer 6 and add osr5bigcrypt support so when someone migrates
3153 passwords between UnixWare and OpenServer they will still work. OK dtucker@ 3160 passwords between UnixWare and OpenServer they will still work. OK dtucker@
3154 3161
3155$Id: ChangeLog,v 1.4725 2007/08/13 13:11:56 dtucker Exp $ 3162$Id: ChangeLog,v 1.4726 2007/08/15 09:13:41 dtucker Exp $
diff --git a/clientloop.c b/clientloop.c
index 538644c20..b57fda042 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clientloop.c,v 1.180 2007/08/07 07:32:53 djm Exp $ */ 1/* $OpenBSD: clientloop.c,v 1.181 2007/08/15 08:14:46 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -290,19 +290,29 @@ client_x11_get_proto(const char *display, const char *xauth_path,
290 generated = 1; 290 generated = 1;
291 } 291 }
292 } 292 }
293 snprintf(cmd, sizeof(cmd), 293
294 "%s %s%s list %s 2>" _PATH_DEVNULL, 294 /*
295 xauth_path, 295 * When in untrusted mode, we read the cookie only if it was
296 generated ? "-f " : "" , 296 * successfully generated as an untrusted one in the step
297 generated ? xauthfile : "", 297 * above.
298 display); 298 */
299 debug2("x11_get_proto: %s", cmd); 299 if (trusted || generated) {
300 f = popen(cmd, "r"); 300 snprintf(cmd, sizeof(cmd),
301 if (f && fgets(line, sizeof(line), f) && 301 "%s %s%s list %s 2>" _PATH_DEVNULL,
302 sscanf(line, "%*s %511s %511s", proto, data) == 2) 302 xauth_path,
303 got_data = 1; 303 generated ? "-f " : "" ,
304 if (f) 304 generated ? xauthfile : "",
305 pclose(f); 305 display);
306 debug2("x11_get_proto: %s", cmd);
307 f = popen(cmd, "r");
308 if (f && fgets(line, sizeof(line), f) &&
309 sscanf(line, "%*s %511s %511s", proto, data) == 2)
310 got_data = 1;
311 if (f)
312 pclose(f);
313 } else
314 error("Warning: untrusted X11 forwarding setup failed: "
315 "xauth key data not generated");
306 } 316 }
307 317
308 if (do_unlink) { 318 if (do_unlink) {