summaryrefslogtreecommitdiff
path: root/channels.c
diff options
context:
space:
mode:
Diffstat (limited to 'channels.c')
-rw-r--r--channels.c101
1 files changed, 69 insertions, 32 deletions
diff --git a/channels.c b/channels.c
index 657381b80..0f45aee4e 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.c,v 1.389 2019/01/19 21:37:13 djm Exp $ */ 1/* $OpenBSD: channels.c,v 1.394 2019/07/07 01:05:00 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -59,7 +59,7 @@
59#include <netdb.h> 59#include <netdb.h>
60#include <stdarg.h> 60#include <stdarg.h>
61#ifdef HAVE_STDINT_H 61#ifdef HAVE_STDINT_H
62 #include <stdint.h> 62# include <stdint.h>
63#endif 63#endif
64#include <stdio.h> 64#include <stdio.h>
65#include <stdlib.h> 65#include <stdlib.h>
@@ -493,7 +493,7 @@ permission_set_get(struct ssh *ssh, int where)
493 } 493 }
494} 494}
495 495
496/* Reutrns pointers to the specified forwarding list and its element count */ 496/* Returns pointers to the specified forwarding list and its element count */
497static void 497static void
498permission_set_get_array(struct ssh *ssh, int who, int where, 498permission_set_get_array(struct ssh *ssh, int who, int where,
499 struct permission ***permpp, u_int **npermpp) 499 struct permission ***permpp, u_int **npermpp)
@@ -639,10 +639,30 @@ void
639channel_free_all(struct ssh *ssh) 639channel_free_all(struct ssh *ssh)
640{ 640{
641 u_int i; 641 u_int i;
642 struct ssh_channels *sc = ssh->chanctxt;
642 643
643 for (i = 0; i < ssh->chanctxt->channels_alloc; i++) 644 for (i = 0; i < sc->channels_alloc; i++)
644 if (ssh->chanctxt->channels[i] != NULL) 645 if (sc->channels[i] != NULL)
645 channel_free(ssh, ssh->chanctxt->channels[i]); 646 channel_free(ssh, sc->channels[i]);
647
648 free(sc->channels);
649 sc->channels = NULL;
650 sc->channels_alloc = 0;
651 sc->channel_max_fd = 0;
652
653 free(sc->x11_saved_display);
654 sc->x11_saved_display = NULL;
655
656 free(sc->x11_saved_proto);
657 sc->x11_saved_proto = NULL;
658
659 free(sc->x11_saved_data);
660 sc->x11_saved_data = NULL;
661 sc->x11_saved_data_len = 0;
662
663 free(sc->x11_fake_data);
664 sc->x11_fake_data = NULL;
665 sc->x11_fake_data_len = 0;
646} 666}
647 667
648/* 668/*
@@ -1651,7 +1671,7 @@ channel_post_x11_listener(struct ssh *ssh, Channel *c,
1651 chan_mark_dead(ssh, c); 1671 chan_mark_dead(ssh, c);
1652 errno = oerrno; 1672 errno = oerrno;
1653 } 1673 }
1654 if (newsock < 0) { 1674 if (newsock == -1) {
1655 if (errno != EINTR && errno != EWOULDBLOCK && 1675 if (errno != EINTR && errno != EWOULDBLOCK &&
1656 errno != ECONNABORTED) 1676 errno != ECONNABORTED)
1657 error("accept: %.100s", strerror(errno)); 1677 error("accept: %.100s", strerror(errno));
@@ -1794,7 +1814,7 @@ channel_post_port_listener(struct ssh *ssh, Channel *c,
1794 1814
1795 addrlen = sizeof(addr); 1815 addrlen = sizeof(addr);
1796 newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); 1816 newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
1797 if (newsock < 0) { 1817 if (newsock == -1) {
1798 if (errno != EINTR && errno != EWOULDBLOCK && 1818 if (errno != EINTR && errno != EWOULDBLOCK &&
1799 errno != ECONNABORTED) 1819 errno != ECONNABORTED)
1800 error("accept: %.100s", strerror(errno)); 1820 error("accept: %.100s", strerror(errno));
@@ -1833,7 +1853,7 @@ channel_post_auth_listener(struct ssh *ssh, Channel *c,
1833 1853
1834 addrlen = sizeof(addr); 1854 addrlen = sizeof(addr);
1835 newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); 1855 newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
1836 if (newsock < 0) { 1856 if (newsock == -1) {
1837 error("accept from auth socket: %.100s", strerror(errno)); 1857 error("accept from auth socket: %.100s", strerror(errno));
1838 if (errno == EMFILE || errno == ENFILE) 1858 if (errno == EMFILE || errno == ENFILE)
1839 c->notbefore = monotime() + 1; 1859 c->notbefore = monotime() + 1;
@@ -1861,7 +1881,7 @@ channel_post_connecting(struct ssh *ssh, Channel *c,
1861 fatal(":%s: channel %d: no remote id", __func__, c->self); 1881 fatal(":%s: channel %d: no remote id", __func__, c->self);
1862 /* for rdynamic the OPEN_CONFIRMATION has been sent already */ 1882 /* for rdynamic the OPEN_CONFIRMATION has been sent already */
1863 isopen = (c->type == SSH_CHANNEL_RDYNAMIC_FINISH); 1883 isopen = (c->type == SSH_CHANNEL_RDYNAMIC_FINISH);
1864 if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) < 0) { 1884 if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) == -1) {
1865 err = errno; 1885 err = errno;
1866 error("getsockopt SO_ERROR failed"); 1886 error("getsockopt SO_ERROR failed");
1867 } 1887 }
@@ -1936,7 +1956,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c,
1936 1956
1937 errno = 0; 1957 errno = 0;
1938 len = read(c->rfd, buf, sizeof(buf)); 1958 len = read(c->rfd, buf, sizeof(buf));
1939 if (len < 0 && (errno == EINTR || 1959 if (len == -1 && (errno == EINTR ||
1940 ((errno == EAGAIN || errno == EWOULDBLOCK) && !force))) 1960 ((errno == EAGAIN || errno == EWOULDBLOCK) && !force)))
1941 return 1; 1961 return 1;
1942#ifndef PTY_ZEROREAD 1962#ifndef PTY_ZEROREAD
@@ -2010,7 +2030,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c,
2010 /* ignore truncated writes, datagrams might get lost */ 2030 /* ignore truncated writes, datagrams might get lost */
2011 len = write(c->wfd, buf, dlen); 2031 len = write(c->wfd, buf, dlen);
2012 free(data); 2032 free(data);
2013 if (len < 0 && (errno == EINTR || errno == EAGAIN || 2033 if (len == -1 && (errno == EINTR || errno == EAGAIN ||
2014 errno == EWOULDBLOCK)) 2034 errno == EWOULDBLOCK))
2015 return 1; 2035 return 1;
2016 if (len <= 0) 2036 if (len <= 0)
@@ -2025,7 +2045,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c,
2025#endif 2045#endif
2026 2046
2027 len = write(c->wfd, buf, dlen); 2047 len = write(c->wfd, buf, dlen);
2028 if (len < 0 && 2048 if (len == -1 &&
2029 (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) 2049 (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK))
2030 return 1; 2050 return 1;
2031 if (len <= 0) { 2051 if (len <= 0) {
@@ -2079,7 +2099,7 @@ channel_handle_efd_write(struct ssh *ssh, Channel *c,
2079 len = write(c->efd, sshbuf_ptr(c->extended), 2099 len = write(c->efd, sshbuf_ptr(c->extended),
2080 sshbuf_len(c->extended)); 2100 sshbuf_len(c->extended));
2081 debug2("channel %d: written %zd to efd %d", c->self, len, c->efd); 2101 debug2("channel %d: written %zd to efd %d", c->self, len, c->efd);
2082 if (len < 0 && (errno == EINTR || errno == EAGAIN || 2102 if (len == -1 && (errno == EINTR || errno == EAGAIN ||
2083 errno == EWOULDBLOCK)) 2103 errno == EWOULDBLOCK))
2084 return 1; 2104 return 1;
2085 if (len <= 0) { 2105 if (len <= 0) {
@@ -2110,7 +2130,7 @@ channel_handle_efd_read(struct ssh *ssh, Channel *c,
2110 2130
2111 len = read(c->efd, buf, sizeof(buf)); 2131 len = read(c->efd, buf, sizeof(buf));
2112 debug2("channel %d: read %zd from efd %d", c->self, len, c->efd); 2132 debug2("channel %d: read %zd from efd %d", c->self, len, c->efd);
2113 if (len < 0 && (errno == EINTR || ((errno == EAGAIN || 2133 if (len == -1 && (errno == EINTR || ((errno == EAGAIN ||
2114 errno == EWOULDBLOCK) && !force))) 2134 errno == EWOULDBLOCK) && !force)))
2115 return 1; 2135 return 1;
2116 if (len <= 0) { 2136 if (len <= 0) {
@@ -2199,7 +2219,7 @@ read_mux(struct ssh *ssh, Channel *c, u_int need)
2199 if (sshbuf_len(c->input) < need) { 2219 if (sshbuf_len(c->input) < need) {
2200 rlen = need - sshbuf_len(c->input); 2220 rlen = need - sshbuf_len(c->input);
2201 len = read(c->rfd, buf, MINIMUM(rlen, CHAN_RBUF)); 2221 len = read(c->rfd, buf, MINIMUM(rlen, CHAN_RBUF));
2202 if (len < 0 && (errno == EINTR || errno == EAGAIN)) 2222 if (len == -1 && (errno == EINTR || errno == EAGAIN))
2203 return sshbuf_len(c->input); 2223 return sshbuf_len(c->input);
2204 if (len <= 0) { 2224 if (len <= 0) {
2205 debug2("channel %d: ctl read<=0 rfd %d len %zd", 2225 debug2("channel %d: ctl read<=0 rfd %d len %zd",
@@ -2263,7 +2283,7 @@ channel_post_mux_client_write(struct ssh *ssh, Channel *c,
2263 return; 2283 return;
2264 2284
2265 len = write(c->wfd, sshbuf_ptr(c->output), sshbuf_len(c->output)); 2285 len = write(c->wfd, sshbuf_ptr(c->output), sshbuf_len(c->output));
2266 if (len < 0 && (errno == EINTR || errno == EAGAIN)) 2286 if (len == -1 && (errno == EINTR || errno == EAGAIN))
2267 return; 2287 return;
2268 if (len <= 0) { 2288 if (len <= 0) {
2269 chan_mark_dead(ssh, c); 2289 chan_mark_dead(ssh, c);
@@ -2311,7 +2331,7 @@ channel_post_mux_listener(struct ssh *ssh, Channel *c,
2311 return; 2331 return;
2312 } 2332 }
2313 2333
2314 if (getpeereid(newsock, &euid, &egid) < 0) { 2334 if (getpeereid(newsock, &euid, &egid) == -1) {
2315 error("%s getpeereid failed: %s", __func__, 2335 error("%s getpeereid failed: %s", __func__,
2316 strerror(errno)); 2336 strerror(errno));
2317 close(newsock); 2337 close(newsock);
@@ -3257,7 +3277,6 @@ channel_input_status_confirm(int type, u_int32_t seq, struct ssh *ssh)
3257 int id = channel_parse_id(ssh, __func__, "status confirm"); 3277 int id = channel_parse_id(ssh, __func__, "status confirm");
3258 Channel *c; 3278 Channel *c;
3259 struct channel_confirm *cc; 3279 struct channel_confirm *cc;
3260 int r;
3261 3280
3262 /* Reset keepalive timeout */ 3281 /* Reset keepalive timeout */
3263 ssh_packet_set_alive_timeouts(ssh, 0); 3282 ssh_packet_set_alive_timeouts(ssh, 0);
@@ -3270,7 +3289,7 @@ channel_input_status_confirm(int type, u_int32_t seq, struct ssh *ssh)
3270 } 3289 }
3271 if (channel_proxy_upstream(c, type, seq, ssh)) 3290 if (channel_proxy_upstream(c, type, seq, ssh))
3272 return 0; 3291 return 0;
3273 if ((r = sshpkt_get_end(ssh)) != 0) 3292 if (sshpkt_get_end(ssh) != 0)
3274 ssh_packet_disconnect(ssh, "Invalid status confirm message"); 3293 ssh_packet_disconnect(ssh, "Invalid status confirm message");
3275 if ((cc = TAILQ_FIRST(&c->status_confirms)) == NULL) 3294 if ((cc = TAILQ_FIRST(&c->status_confirms)) == NULL)
3276 return 0; 3295 return 0;
@@ -3441,7 +3460,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type,
3441 } 3460 }
3442 /* Create a port to listen for the host. */ 3461 /* Create a port to listen for the host. */
3443 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 3462 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
3444 if (sock < 0) { 3463 if (sock == -1) {
3445 /* this is no error since kernel may not support ipv6 */ 3464 /* this is no error since kernel may not support ipv6 */
3446 verbose("socket [%s]:%s: %.100s", ntop, strport, 3465 verbose("socket [%s]:%s: %.100s", ntop, strport,
3447 strerror(errno)); 3466 strerror(errno));
@@ -3456,7 +3475,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type,
3456 ntop, strport); 3475 ntop, strport);
3457 3476
3458 /* Bind the socket to the address. */ 3477 /* Bind the socket to the address. */
3459 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 3478 if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
3460 /* 3479 /*
3461 * address can be in if use ipv6 address is 3480 * address can be in if use ipv6 address is
3462 * already bound 3481 * already bound
@@ -3472,7 +3491,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type,
3472 continue; 3491 continue;
3473 } 3492 }
3474 /* Start listening for connections on the socket. */ 3493 /* Start listening for connections on the socket. */
3475 if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { 3494 if (listen(sock, SSH_LISTEN_BACKLOG) == -1) {
3476 error("listen: %.100s", strerror(errno)); 3495 error("listen: %.100s", strerror(errno));
3477 error("listen [%s]:%s: %.100s", ntop, strport, 3496 error("listen [%s]:%s: %.100s", ntop, strport,
3478 strerror(errno)); 3497 strerror(errno));
@@ -3803,6 +3822,23 @@ channel_setup_remote_fwd_listener(struct ssh *ssh, struct Forward *fwd,
3803{ 3822{
3804 if (!check_rfwd_permission(ssh, fwd)) { 3823 if (!check_rfwd_permission(ssh, fwd)) {
3805 ssh_packet_send_debug(ssh, "port forwarding refused"); 3824 ssh_packet_send_debug(ssh, "port forwarding refused");
3825 if (fwd->listen_path != NULL)
3826 /* XXX always allowed, see remote_open_match() */
3827 logit("Received request from %.100s port %d to "
3828 "remote forward to path \"%.100s\", "
3829 "but the request was denied.",
3830 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
3831 fwd->listen_path);
3832 else if(fwd->listen_host != NULL)
3833 logit("Received request from %.100s port %d to "
3834 "remote forward to host %.100s port %d, "
3835 "but the request was denied.",
3836 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
3837 fwd->listen_host, fwd->listen_port );
3838 else
3839 logit("Received request from %.100s port %d to remote "
3840 "forward, but the request was denied.",
3841 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
3806 return 0; 3842 return 0;
3807 } 3843 }
3808 if (fwd->listen_path != NULL) { 3844 if (fwd->listen_path != NULL) {
@@ -4398,8 +4434,9 @@ channel_connect_to_port(struct ssh *ssh, const char *host, u_short port,
4398 } 4434 }
4399 4435
4400 if (!permit || !permit_adm) { 4436 if (!permit || !permit_adm) {
4401 logit("Received request to connect to host %.100s port %d, " 4437 logit("Received request from %.100s port %d to connect to "
4402 "but the request was denied.", host, port); 4438 "host %.100s port %d, but the request was denied.",
4439 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), host, port);
4403 if (reason != NULL) 4440 if (reason != NULL)
4404 *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED; 4441 *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED;
4405 return NULL; 4442 return NULL;
@@ -4474,7 +4511,7 @@ channel_send_window_changes(struct ssh *ssh)
4474 if (sc->channels[i] == NULL || !sc->channels[i]->client_tty || 4511 if (sc->channels[i] == NULL || !sc->channels[i]->client_tty ||
4475 sc->channels[i]->type != SSH_CHANNEL_OPEN) 4512 sc->channels[i]->type != SSH_CHANNEL_OPEN)
4476 continue; 4513 continue;
4477 if (ioctl(sc->channels[i]->rfd, TIOCGWINSZ, &ws) < 0) 4514 if (ioctl(sc->channels[i]->rfd, TIOCGWINSZ, &ws) == -1)
4478 continue; 4515 continue;
4479 channel_request_start(ssh, i, "window-change", 0); 4516 channel_request_start(ssh, i, "window-change", 0);
4480 if ((r = sshpkt_put_u32(ssh, (u_int)ws.ws_col)) != 0 || 4517 if ((r = sshpkt_put_u32(ssh, (u_int)ws.ws_col)) != 0 ||
@@ -4577,7 +4614,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset,
4577 continue; 4614 continue;
4578 sock = socket(ai->ai_family, ai->ai_socktype, 4615 sock = socket(ai->ai_family, ai->ai_socktype,
4579 ai->ai_protocol); 4616 ai->ai_protocol);
4580 if (sock < 0) { 4617 if (sock == -1) {
4581 if ((errno != EINVAL) && (errno != EAFNOSUPPORT) 4618 if ((errno != EINVAL) && (errno != EAFNOSUPPORT)
4582#ifdef EPFNOSUPPORT 4619#ifdef EPFNOSUPPORT
4583 && (errno != EPFNOSUPPORT) 4620 && (errno != EPFNOSUPPORT)
@@ -4596,7 +4633,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset,
4596 sock_set_v6only(sock); 4633 sock_set_v6only(sock);
4597 if (x11_use_localhost) 4634 if (x11_use_localhost)
4598 set_reuseaddr(sock); 4635 set_reuseaddr(sock);
4599 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 4636 if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
4600 debug2("%s: bind port %d: %.100s", __func__, 4637 debug2("%s: bind port %d: %.100s", __func__,
4601 port, strerror(errno)); 4638 port, strerror(errno));
4602 close(sock); 4639 close(sock);
@@ -4620,7 +4657,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset,
4620 /* Start listening for connections on the socket. */ 4657 /* Start listening for connections on the socket. */
4621 for (n = 0; n < num_socks; n++) { 4658 for (n = 0; n < num_socks; n++) {
4622 sock = socks[n]; 4659 sock = socks[n];
4623 if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { 4660 if (listen(sock, SSH_LISTEN_BACKLOG) == -1) {
4624 error("listen: %.100s", strerror(errno)); 4661 error("listen: %.100s", strerror(errno));
4625 close(sock); 4662 close(sock);
4626 return -1; 4663 return -1;
@@ -4652,7 +4689,7 @@ connect_local_xsocket_path(const char *pathname)
4652 struct sockaddr_un addr; 4689 struct sockaddr_un addr;
4653 4690
4654 sock = socket(AF_UNIX, SOCK_STREAM, 0); 4691 sock = socket(AF_UNIX, SOCK_STREAM, 0);
4655 if (sock < 0) 4692 if (sock == -1)
4656 error("socket: %.100s", strerror(errno)); 4693 error("socket: %.100s", strerror(errno));
4657 memset(&addr, 0, sizeof(addr)); 4694 memset(&addr, 0, sizeof(addr));
4658 addr.sun_family = AF_UNIX; 4695 addr.sun_family = AF_UNIX;
@@ -4793,12 +4830,12 @@ x11_connect_display(struct ssh *ssh)
4793 for (ai = aitop; ai; ai = ai->ai_next) { 4830 for (ai = aitop; ai; ai = ai->ai_next) {
4794 /* Create a socket. */ 4831 /* Create a socket. */
4795 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 4832 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
4796 if (sock < 0) { 4833 if (sock == -1) {
4797 debug2("socket: %.100s", strerror(errno)); 4834 debug2("socket: %.100s", strerror(errno));
4798 continue; 4835 continue;
4799 } 4836 }
4800 /* Connect it to the display. */ 4837 /* Connect it to the display. */
4801 if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 4838 if (connect(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
4802 debug2("connect %.100s port %u: %.100s", buf, 4839 debug2("connect %.100s port %u: %.100s", buf,
4803 6000 + display_number, strerror(errno)); 4840 6000 + display_number, strerror(errno));
4804 close(sock); 4841 close(sock);
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-22 01:30:31 +0000