summaryrefslogtreecommitdiff
path: root/session.c
diff options
context:
space:
mode:
Diffstat (limited to 'session.c')
-rw-r--r--session.c217
1 files changed, 111 insertions, 106 deletions
diff --git a/session.c b/session.c
index 2d0958d11..ac06b08e9 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: session.c,v 1.307 2018/10/04 00:10:11 djm Exp $ */ 1/* $OpenBSD: session.c,v 1.315 2019/02/22 03:37:11 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -123,9 +123,6 @@ int do_exec_no_pty(struct ssh *, Session *, const char *);
123int do_exec(struct ssh *, Session *, const char *); 123int do_exec(struct ssh *, Session *, const char *);
124void do_login(struct ssh *, Session *, const char *); 124void do_login(struct ssh *, Session *, const char *);
125void do_child(struct ssh *, Session *, const char *); 125void do_child(struct ssh *, Session *, const char *);
126#ifdef LOGIN_NEEDS_UTMPX
127static void do_pre_login(Session *s);
128#endif
129void do_motd(void); 126void do_motd(void);
130int check_quietlogin(Session *, const char *); 127int check_quietlogin(Session *, const char *);
131 128
@@ -142,7 +139,7 @@ extern int startup_pipe;
142extern void destroy_sensitive_data(void); 139extern void destroy_sensitive_data(void);
143extern struct sshbuf *loginmsg; 140extern struct sshbuf *loginmsg;
144extern struct sshauthopt *auth_opts; 141extern struct sshauthopt *auth_opts;
145char *tun_fwd_ifnames; /* serverloop.c */ 142extern char *tun_fwd_ifnames; /* serverloop.c */
146 143
147/* original command from peer. */ 144/* original command from peer. */
148const char *original_command = NULL; 145const char *original_command = NULL;
@@ -204,7 +201,7 @@ auth_input_request_forwarding(struct ssh *ssh, struct passwd * pw)
204 201
205 /* Create private directory for socket */ 202 /* Create private directory for socket */
206 if (mkdtemp(auth_sock_dir) == NULL) { 203 if (mkdtemp(auth_sock_dir) == NULL) {
207 packet_send_debug("Agent forwarding disabled: " 204 ssh_packet_send_debug(ssh, "Agent forwarding disabled: "
208 "mkdtemp() failed: %.100s", strerror(errno)); 205 "mkdtemp() failed: %.100s", strerror(errno));
209 restore_uid(); 206 restore_uid();
210 free(auth_sock_dir); 207 free(auth_sock_dir);
@@ -236,7 +233,9 @@ auth_input_request_forwarding(struct ssh *ssh, struct passwd * pw)
236 authsock_err: 233 authsock_err:
237 free(auth_sock_name); 234 free(auth_sock_name);
238 if (auth_sock_dir != NULL) { 235 if (auth_sock_dir != NULL) {
236 temporarily_use_uid(pw);
239 rmdir(auth_sock_dir); 237 rmdir(auth_sock_dir);
238 restore_uid();
240 free(auth_sock_dir); 239 free(auth_sock_dir);
241 } 240 }
242 if (sock != -1) 241 if (sock != -1)
@@ -359,7 +358,7 @@ do_authenticated(struct ssh *ssh, Authctxt *authctxt)
359 else 358 else
360 channel_permit_all(ssh, FORWARD_REMOTE); 359 channel_permit_all(ssh, FORWARD_REMOTE);
361 } 360 }
362 auth_debug_send(); 361 auth_debug_send(ssh);
363 362
364 prepare_auth_info_file(authctxt->pw, authctxt->session_info); 363 prepare_auth_info_file(authctxt->pw, authctxt->session_info);
365 364
@@ -521,7 +520,7 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)
521 520
522 s->pid = pid; 521 s->pid = pid;
523 /* Set interactive/non-interactive mode. */ 522 /* Set interactive/non-interactive mode. */
524 packet_set_interactive(s->display != NULL, 523 ssh_packet_set_interactive(ssh, s->display != NULL,
525 options.ip_qos_interactive, options.ip_qos_bulk); 524 options.ip_qos_interactive, options.ip_qos_bulk);
526 525
527 /* 526 /*
@@ -548,7 +547,7 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)
548 * Enter the interactive session. Note: server_loop must be able to 547 * Enter the interactive session. Note: server_loop must be able to
549 * handle the case that fdin and fdout are the same. 548 * handle the case that fdin and fdout are the same.
550 */ 549 */
551 session_set_fds(s, inout[1], inout[1], err[1], 550 session_set_fds(ssh, s, inout[1], inout[1], err[1],
552 s->is_subsystem, 0); 551 s->is_subsystem, 0);
553#endif 552#endif
554 return 0; 553 return 0;
@@ -650,41 +649,12 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command)
650 649
651 /* Enter interactive session. */ 650 /* Enter interactive session. */
652 s->ptymaster = ptymaster; 651 s->ptymaster = ptymaster;
653 packet_set_interactive(1, 652 ssh_packet_set_interactive(ssh, 1,
654 options.ip_qos_interactive, options.ip_qos_bulk); 653 options.ip_qos_interactive, options.ip_qos_bulk);
655 session_set_fds(ssh, s, ptyfd, fdout, -1, 1, 1); 654 session_set_fds(ssh, s, ptyfd, fdout, -1, 1, 1);
656 return 0; 655 return 0;
657} 656}
658 657
659#ifdef LOGIN_NEEDS_UTMPX
660static void
661do_pre_login(Session *s)
662{
663 struct ssh *ssh = active_state; /* XXX */
664 socklen_t fromlen;
665 struct sockaddr_storage from;
666 pid_t pid = getpid();
667
668 /*
669 * Get IP address of client. If the connection is not a socket, let
670 * the address be 0.0.0.0.
671 */
672 memset(&from, 0, sizeof(from));
673 fromlen = sizeof(from);
674 if (packet_connection_is_on_socket()) {
675 if (getpeername(packet_get_connection_in(),
676 (struct sockaddr *)&from, &fromlen) < 0) {
677 debug("getpeername: %.100s", strerror(errno));
678 cleanup_exit(255);
679 }
680 }
681
682 record_utmp_only(pid, s->tty, s->pw->pw_name,
683 session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),
684 (struct sockaddr *)&from, fromlen);
685}
686#endif
687
688/* 658/*
689 * This is called to fork and execute a command. If another command is 659 * This is called to fork and execute a command. If another command is
690 * to be forced, execute that instead. 660 * to be forced, execute that instead.
@@ -783,8 +753,8 @@ do_login(struct ssh *ssh, Session *s, const char *command)
783 */ 753 */
784 memset(&from, 0, sizeof(from)); 754 memset(&from, 0, sizeof(from));
785 fromlen = sizeof(from); 755 fromlen = sizeof(from);
786 if (packet_connection_is_on_socket()) { 756 if (ssh_packet_connection_is_on_socket(ssh)) {
787 if (getpeername(packet_get_connection_in(), 757 if (getpeername(ssh_packet_get_connection_in(ssh),
788 (struct sockaddr *)&from, &fromlen) < 0) { 758 (struct sockaddr *)&from, &fromlen) < 0) {
789 debug("getpeername: %.100s", strerror(errno)); 759 debug("getpeername: %.100s", strerror(errno));
790 cleanup_exit(255); 760 cleanup_exit(255);
@@ -1082,8 +1052,11 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
1082# endif /* HAVE_CYGWIN */ 1052# endif /* HAVE_CYGWIN */
1083#endif /* HAVE_LOGIN_CAP */ 1053#endif /* HAVE_LOGIN_CAP */
1084 1054
1085 snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); 1055 if (!options.use_pam) {
1086 child_set_env(&env, &envsize, "MAIL", buf); 1056 snprintf(buf, sizeof buf, "%.200s/%.50s",
1057 _PATH_MAILDIR, pw->pw_name);
1058 child_set_env(&env, &envsize, "MAIL", buf);
1059 }
1087 1060
1088 /* Normal systems set SHELL by default. */ 1061 /* Normal systems set SHELL by default. */
1089 child_set_env(&env, &envsize, "SHELL", shell); 1062 child_set_env(&env, &envsize, "SHELL", shell);
@@ -1162,15 +1135,18 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
1162 char **p; 1135 char **p;
1163 1136
1164 /* 1137 /*
1165 * Don't allow SSH_AUTH_INFO variables posted to PAM to leak 1138 * Don't allow PAM-internal env vars to leak
1166 * back into the environment. 1139 * back into the session environment.
1167 */ 1140 */
1141#define PAM_ENV_BLACKLIST "SSH_AUTH_INFO*,SSH_CONNECTION*"
1168 p = fetch_pam_child_environment(); 1142 p = fetch_pam_child_environment();
1169 copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*"); 1143 copy_environment_blacklist(p, &env, &envsize,
1144 PAM_ENV_BLACKLIST);
1170 free_pam_environment(p); 1145 free_pam_environment(p);
1171 1146
1172 p = fetch_pam_environment(); 1147 p = fetch_pam_environment();
1173 copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*"); 1148 copy_environment_blacklist(p, &env, &envsize,
1149 PAM_ENV_BLACKLIST);
1174 free_pam_environment(p); 1150 free_pam_environment(p);
1175 } 1151 }
1176#endif /* USE_PAM */ 1152#endif /* USE_PAM */
@@ -1192,7 +1168,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
1192 ssh_local_port(ssh)); 1168 ssh_local_port(ssh));
1193 child_set_env(&env, &envsize, "SSH_CLIENT", buf); 1169 child_set_env(&env, &envsize, "SSH_CLIENT", buf);
1194 1170
1195 laddr = get_local_ipaddr(packet_get_connection_in()); 1171 laddr = get_local_ipaddr(ssh_packet_get_connection_in(ssh));
1196 snprintf(buf, sizeof buf, "%.50s %d %.50s %d", 1172 snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
1197 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), 1173 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
1198 laddr, ssh_local_port(ssh)); 1174 laddr, ssh_local_port(ssh));
@@ -1334,7 +1310,7 @@ safely_chroot(const char *path, uid_t uid)
1334 char component[PATH_MAX]; 1310 char component[PATH_MAX];
1335 struct stat st; 1311 struct stat st;
1336 1312
1337 if (*path != '/') 1313 if (!path_absolute(path))
1338 fatal("chroot path does not begin at root"); 1314 fatal("chroot path does not begin at root");
1339 if (strlen(path) >= sizeof(component)) 1315 if (strlen(path) >= sizeof(component))
1340 fatal("chroot path too long"); 1316 fatal("chroot path too long");
@@ -1359,7 +1335,7 @@ safely_chroot(const char *path, uid_t uid)
1359 component, strerror(errno)); 1335 component, strerror(errno));
1360 if (st.st_uid != 0 || (st.st_mode & 022) != 0) 1336 if (st.st_uid != 0 || (st.st_mode & 022) != 0)
1361 fatal("bad ownership or modes for chroot " 1337 fatal("bad ownership or modes for chroot "
1362 "directory %s\"%s\"", 1338 "directory %s\"%s\"",
1363 cp == NULL ? "" : "component ", component); 1339 cp == NULL ? "" : "component ", component);
1364 if (!S_ISDIR(st.st_mode)) 1340 if (!S_ISDIR(st.st_mode))
1365 fatal("chroot path %s\"%s\" is not a directory", 1341 fatal("chroot path %s\"%s\" is not a directory",
@@ -1497,11 +1473,12 @@ child_close_fds(struct ssh *ssh)
1497 auth_sock = -1; 1473 auth_sock = -1;
1498 } 1474 }
1499 1475
1500 if (packet_get_connection_in() == packet_get_connection_out()) 1476 if (ssh_packet_get_connection_in(ssh) ==
1501 close(packet_get_connection_in()); 1477 ssh_packet_get_connection_out(ssh))
1478 close(ssh_packet_get_connection_in(ssh));
1502 else { 1479 else {
1503 close(packet_get_connection_in()); 1480 close(ssh_packet_get_connection_in(ssh));
1504 close(packet_get_connection_out()); 1481 close(ssh_packet_get_connection_out(ssh));
1505 } 1482 }
1506 /* 1483 /*
1507 * Close all descriptors related to channels. They will still remain 1484 * Close all descriptors related to channels. They will still remain
@@ -1535,15 +1512,16 @@ void
1535do_child(struct ssh *ssh, Session *s, const char *command) 1512do_child(struct ssh *ssh, Session *s, const char *command)
1536{ 1513{
1537 extern char **environ; 1514 extern char **environ;
1538 char **env; 1515 char **env, *argv[ARGV_MAX], remote_id[512];
1539 char *argv[ARGV_MAX];
1540 const char *shell, *shell0; 1516 const char *shell, *shell0;
1541 struct passwd *pw = s->pw; 1517 struct passwd *pw = s->pw;
1542 int r = 0; 1518 int r = 0;
1543 1519
1520 sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
1521
1544 /* remove hostkey from the child's memory */ 1522 /* remove hostkey from the child's memory */
1545 destroy_sensitive_data(); 1523 destroy_sensitive_data();
1546 packet_clear_keys(); 1524 ssh_packet_clear_keys(ssh);
1547 1525
1548 /* Force a password change */ 1526 /* Force a password change */
1549 if (s->authctxt->force_pwchange) { 1527 if (s->authctxt->force_pwchange) {
@@ -1663,6 +1641,8 @@ do_child(struct ssh *ssh, Session *s, const char *command)
1663 signal(SIGPIPE, SIG_DFL); 1641 signal(SIGPIPE, SIG_DFL);
1664 1642
1665 if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) { 1643 if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
1644 error("Connection from %s: refusing non-sftp session",
1645 remote_id);
1666 printf("This service allows sftp connections only.\n"); 1646 printf("This service allows sftp connections only.\n");
1667 fflush(NULL); 1647 fflush(NULL);
1668 exit(1); 1648 exit(1);
@@ -1905,11 +1885,14 @@ session_by_pid(pid_t pid)
1905static int 1885static int
1906session_window_change_req(struct ssh *ssh, Session *s) 1886session_window_change_req(struct ssh *ssh, Session *s)
1907{ 1887{
1908 s->col = packet_get_int(); 1888 int r;
1909 s->row = packet_get_int(); 1889
1910 s->xpixel = packet_get_int(); 1890 if ((r = sshpkt_get_u32(ssh, &s->col)) != 0 ||
1911 s->ypixel = packet_get_int(); 1891 (r = sshpkt_get_u32(ssh, &s->row)) != 0 ||
1912 packet_check_eom(); 1892 (r = sshpkt_get_u32(ssh, &s->xpixel)) != 0 ||
1893 (r = sshpkt_get_u32(ssh, &s->ypixel)) != 0 ||
1894 (r = sshpkt_get_end(ssh)) != 0)
1895 sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
1913 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); 1896 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
1914 return 1; 1897 return 1;
1915} 1898}
@@ -1917,22 +1900,23 @@ session_window_change_req(struct ssh *ssh, Session *s)
1917static int 1900static int
1918session_pty_req(struct ssh *ssh, Session *s) 1901session_pty_req(struct ssh *ssh, Session *s)
1919{ 1902{
1920 u_int len; 1903 int r;
1921 1904
1922 if (!auth_opts->permit_pty_flag || !options.permit_tty) { 1905 if (!auth_opts->permit_pty_flag || !options.permit_tty) {
1923 debug("Allocating a pty not permitted for this connection."); 1906 debug("Allocating a pty not permitted for this connection.");
1924 return 0; 1907 return 0;
1925 } 1908 }
1926 if (s->ttyfd != -1) { 1909 if (s->ttyfd != -1) {
1927 packet_disconnect("Protocol error: you already have a pty."); 1910 ssh_packet_disconnect(ssh, "Protocol error: you already have a pty.");
1928 return 0; 1911 return 0;
1929 } 1912 }
1930 1913
1931 s->term = packet_get_string(&len); 1914 if ((r = sshpkt_get_cstring(ssh, &s->term, NULL)) != 0 ||
1932 s->col = packet_get_int(); 1915 (r = sshpkt_get_u32(ssh, &s->col)) != 0 ||
1933 s->row = packet_get_int(); 1916 (r = sshpkt_get_u32(ssh, &s->row)) != 0 ||
1934 s->xpixel = packet_get_int(); 1917 (r = sshpkt_get_u32(ssh, &s->xpixel)) != 0 ||
1935 s->ypixel = packet_get_int(); 1918 (r = sshpkt_get_u32(ssh, &s->ypixel)) != 0)
1919 sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
1936 1920
1937 if (strcmp(s->term, "") == 0) { 1921 if (strcmp(s->term, "") == 0) {
1938 free(s->term); 1922 free(s->term);
@@ -1954,13 +1938,15 @@ session_pty_req(struct ssh *ssh, Session *s)
1954 1938
1955 ssh_tty_parse_modes(ssh, s->ttyfd); 1939 ssh_tty_parse_modes(ssh, s->ttyfd);
1956 1940
1941 if ((r = sshpkt_get_end(ssh)) != 0)
1942 sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
1943
1957 if (!use_privsep) 1944 if (!use_privsep)
1958 pty_setowner(s->pw, s->tty); 1945 pty_setowner(s->pw, s->tty);
1959 1946
1960 /* Set window size from the packet. */ 1947 /* Set window size from the packet. */
1961 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); 1948 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
1962 1949
1963 packet_check_eom();
1964 session_proctitle(s); 1950 session_proctitle(s);
1965 return 1; 1951 return 1;
1966} 1952}
@@ -1969,13 +1955,13 @@ static int
1969session_subsystem_req(struct ssh *ssh, Session *s) 1955session_subsystem_req(struct ssh *ssh, Session *s)
1970{ 1956{
1971 struct stat st; 1957 struct stat st;
1972 u_int len; 1958 int r, success = 0;
1973 int success = 0;
1974 char *prog, *cmd; 1959 char *prog, *cmd;
1975 u_int i; 1960 u_int i;
1976 1961
1977 s->subsys = packet_get_string(&len); 1962 if ((r = sshpkt_get_cstring(ssh, &s->subsys, NULL)) != 0 ||
1978 packet_check_eom(); 1963 (r = sshpkt_get_end(ssh)) != 0)
1964 sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
1979 debug2("subsystem request for %.100s by user %s", s->subsys, 1965 debug2("subsystem request for %.100s by user %s", s->subsys,
1980 s->pw->pw_name); 1966 s->pw->pw_name);
1981 1967
@@ -2008,18 +1994,22 @@ session_subsystem_req(struct ssh *ssh, Session *s)
2008static int 1994static int
2009session_x11_req(struct ssh *ssh, Session *s) 1995session_x11_req(struct ssh *ssh, Session *s)
2010{ 1996{
2011 int success; 1997 int r, success;
1998 u_char single_connection = 0;
2012 1999
2013 if (s->auth_proto != NULL || s->auth_data != NULL) { 2000 if (s->auth_proto != NULL || s->auth_data != NULL) {
2014 error("session_x11_req: session %d: " 2001 error("session_x11_req: session %d: "
2015 "x11 forwarding already active", s->self); 2002 "x11 forwarding already active", s->self);
2016 return 0; 2003 return 0;
2017 } 2004 }
2018 s->single_connection = packet_get_char(); 2005 if ((r = sshpkt_get_u8(ssh, &single_connection)) != 0 ||
2019 s->auth_proto = packet_get_string(NULL); 2006 (r = sshpkt_get_cstring(ssh, &s->auth_proto, NULL)) != 0 ||
2020 s->auth_data = packet_get_string(NULL); 2007 (r = sshpkt_get_cstring(ssh, &s->auth_data, NULL)) != 0 ||
2021 s->screen = packet_get_int(); 2008 (r = sshpkt_get_u32(ssh, &s->screen)) != 0 ||
2022 packet_check_eom(); 2009 (r = sshpkt_get_end(ssh)) != 0)
2010 sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
2011
2012 s->single_connection = single_connection;
2023 2013
2024 if (xauth_valid_string(s->auth_proto) && 2014 if (xauth_valid_string(s->auth_proto) &&
2025 xauth_valid_string(s->auth_data)) 2015 xauth_valid_string(s->auth_data))
@@ -2040,17 +2030,24 @@ session_x11_req(struct ssh *ssh, Session *s)
2040static int 2030static int
2041session_shell_req(struct ssh *ssh, Session *s) 2031session_shell_req(struct ssh *ssh, Session *s)
2042{ 2032{
2043 packet_check_eom(); 2033 int r;
2034
2035 if ((r = sshpkt_get_end(ssh)) != 0)
2036 sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
2044 return do_exec(ssh, s, NULL) == 0; 2037 return do_exec(ssh, s, NULL) == 0;
2045} 2038}
2046 2039
2047static int 2040static int
2048session_exec_req(struct ssh *ssh, Session *s) 2041session_exec_req(struct ssh *ssh, Session *s)
2049{ 2042{
2050 u_int len, success; 2043 u_int success;
2044 int r;
2045 char *command = NULL;
2046
2047 if ((r = sshpkt_get_cstring(ssh, &command, NULL)) != 0 ||
2048 (r = sshpkt_get_end(ssh)) != 0)
2049 sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
2051 2050
2052 char *command = packet_get_string(&len);
2053 packet_check_eom();
2054 success = do_exec(ssh, s, command) == 0; 2051 success = do_exec(ssh, s, command) == 0;
2055 free(command); 2052 free(command);
2056 return success; 2053 return success;
@@ -2059,9 +2056,11 @@ session_exec_req(struct ssh *ssh, Session *s)
2059static int 2056static int
2060session_break_req(struct ssh *ssh, Session *s) 2057session_break_req(struct ssh *ssh, Session *s)
2061{ 2058{
2059 int r;
2062 2060
2063 packet_get_int(); /* ignored */ 2061 if ((r = sshpkt_get_u32(ssh, NULL)) != 0 || /* ignore */
2064 packet_check_eom(); 2062 (r = sshpkt_get_end(ssh)) != 0)
2063 sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
2065 2064
2066 if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0) 2065 if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0)
2067 return 0; 2066 return 0;
@@ -2072,11 +2071,13 @@ static int
2072session_env_req(struct ssh *ssh, Session *s) 2071session_env_req(struct ssh *ssh, Session *s)
2073{ 2072{
2074 char *name, *val; 2073 char *name, *val;
2075 u_int name_len, val_len, i; 2074 u_int i;
2075 int r;
2076 2076
2077 name = packet_get_cstring(&name_len); 2077 if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0 ||
2078 val = packet_get_cstring(&val_len); 2078 (r = sshpkt_get_cstring(ssh, &val, NULL)) != 0 ||
2079 packet_check_eom(); 2079 (r = sshpkt_get_end(ssh)) != 0)
2080 sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
2080 2081
2081 /* Don't set too many environment variables */ 2082 /* Don't set too many environment variables */
2082 if (s->num_env > 128) { 2083 if (s->num_env > 128) {
@@ -2179,8 +2180,10 @@ static int
2179session_auth_agent_req(struct ssh *ssh, Session *s) 2180session_auth_agent_req(struct ssh *ssh, Session *s)
2180{ 2181{
2181 static int called = 0; 2182 static int called = 0;
2183 int r;
2182 2184
2183 packet_check_eom(); 2185 if ((r = sshpkt_get_end(ssh)) != 0)
2186 sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
2184 if (!auth_opts->permit_agent_forwarding_flag || 2187 if (!auth_opts->permit_agent_forwarding_flag ||
2185 !options.allow_agent_forwarding) { 2188 !options.allow_agent_forwarding) {
2186 debug("%s: agent forwarding disabled", __func__); 2189 debug("%s: agent forwarding disabled", __func__);
@@ -2370,6 +2373,7 @@ static void
2370session_exit_message(struct ssh *ssh, Session *s, int status) 2373session_exit_message(struct ssh *ssh, Session *s, int status)
2371{ 2374{
2372 Channel *c; 2375 Channel *c;
2376 int r;
2373 2377
2374 if ((c = channel_lookup(ssh, s->chanid)) == NULL) 2378 if ((c = channel_lookup(ssh, s->chanid)) == NULL)
2375 fatal("%s: session %d: no channel %d", 2379 fatal("%s: session %d: no channel %d",
@@ -2379,22 +2383,23 @@ session_exit_message(struct ssh *ssh, Session *s, int status)
2379 2383
2380 if (WIFEXITED(status)) { 2384 if (WIFEXITED(status)) {
2381 channel_request_start(ssh, s->chanid, "exit-status", 0); 2385 channel_request_start(ssh, s->chanid, "exit-status", 0);
2382 packet_put_int(WEXITSTATUS(status)); 2386 if ((r = sshpkt_put_u32(ssh, WEXITSTATUS(status))) != 0 ||
2383 packet_send(); 2387 (r = sshpkt_send(ssh)) != 0)
2388 sshpkt_fatal(ssh, r, "%s: exit reply", __func__);
2384 } else if (WIFSIGNALED(status)) { 2389 } else if (WIFSIGNALED(status)) {
2385 channel_request_start(ssh, s->chanid, "exit-signal", 0); 2390 channel_request_start(ssh, s->chanid, "exit-signal", 0);
2386 packet_put_cstring(sig2name(WTERMSIG(status))); 2391#ifndef WCOREDUMP
2387#ifdef WCOREDUMP 2392# define WCOREDUMP(x) (0)
2388 packet_put_char(WCOREDUMP(status)? 1 : 0); 2393#endif
2389#else /* WCOREDUMP */ 2394 if ((r = sshpkt_put_cstring(ssh, sig2name(WTERMSIG(status)))) != 0 ||
2390 packet_put_char(0); 2395 (r = sshpkt_put_u8(ssh, WCOREDUMP(status)? 1 : 0)) != 0 ||
2391#endif /* WCOREDUMP */ 2396 (r = sshpkt_put_cstring(ssh, "")) != 0 ||
2392 packet_put_cstring(""); 2397 (r = sshpkt_put_cstring(ssh, "")) != 0 ||
2393 packet_put_cstring(""); 2398 (r = sshpkt_send(ssh)) != 0)
2394 packet_send(); 2399 sshpkt_fatal(ssh, r, "%s: exit reply", __func__);
2395 } else { 2400 } else {
2396 /* Some weird exit cause. Just exit. */ 2401 /* Some weird exit cause. Just exit. */
2397 packet_disconnect("wait returned status %04x.", status); 2402 ssh_packet_disconnect(ssh, "wait returned status %04x.", status);
2398 } 2403 }
2399 2404
2400 /* disconnect channel */ 2405 /* disconnect channel */
@@ -2565,7 +2570,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
2565 u_int i; 2570 u_int i;
2566 2571
2567 if (!auth_opts->permit_x11_forwarding_flag) { 2572 if (!auth_opts->permit_x11_forwarding_flag) {
2568 packet_send_debug("X11 forwarding disabled by key options."); 2573 ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
2569 return 0; 2574 return 0;
2570 } 2575 }
2571 if (!options.x11_forwarding) { 2576 if (!options.x11_forwarding) {
@@ -2574,7 +2579,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
2574 } 2579 }
2575 if (options.xauth_location == NULL || 2580 if (options.xauth_location == NULL ||
2576 (stat(options.xauth_location, &st) == -1)) { 2581 (stat(options.xauth_location, &st) == -1)) {
2577 packet_send_debug("No xauth program; cannot forward X11."); 2582 ssh_packet_send_debug(ssh, "No xauth program; cannot forward X11.");
2578 return 0; 2583 return 0;
2579 } 2584 }
2580 if (s->display != NULL) { 2585 if (s->display != NULL) {
@@ -2615,7 +2620,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
2615 he = gethostbyname(hostname); 2620 he = gethostbyname(hostname);
2616 if (he == NULL) { 2621 if (he == NULL) {
2617 error("Can't get IP address for X11 DISPLAY."); 2622 error("Can't get IP address for X11 DISPLAY.");
2618 packet_send_debug("Can't get IP address for X11 DISPLAY."); 2623 ssh_packet_send_debug(ssh, "Can't get IP address for X11 DISPLAY.");
2619 return 0; 2624 return 0;
2620 } 2625 }
2621 memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr)); 2626 memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));