diff options
Diffstat (limited to 'ssh-agent.c')
-rw-r--r-- | ssh-agent.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index 0bfef4dce..312f2269d 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -35,7 +35,7 @@ | |||
35 | 35 | ||
36 | #include "includes.h" | 36 | #include "includes.h" |
37 | #include "openbsd-compat/fake-queue.h" | 37 | #include "openbsd-compat/fake-queue.h" |
38 | RCSID("$OpenBSD: ssh-agent.c,v 1.102 2002/08/22 20:57:19 stevesk Exp $"); | 38 | RCSID("$OpenBSD: ssh-agent.c,v 1.103 2002/09/10 20:24:47 markus Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | #include <openssl/md5.h> | 41 | #include <openssl/md5.h> |
@@ -810,6 +810,8 @@ after_select(fd_set *readset, fd_set *writeset) | |||
810 | char buf[1024]; | 810 | char buf[1024]; |
811 | int len, sock; | 811 | int len, sock; |
812 | u_int i; | 812 | u_int i; |
813 | uid_t euid; | ||
814 | gid_t egid; | ||
813 | 815 | ||
814 | for (i = 0; i < sockets_alloc; i++) | 816 | for (i = 0; i < sockets_alloc; i++) |
815 | switch (sockets[i].type) { | 817 | switch (sockets[i].type) { |
@@ -825,6 +827,19 @@ after_select(fd_set *readset, fd_set *writeset) | |||
825 | strerror(errno)); | 827 | strerror(errno)); |
826 | break; | 828 | break; |
827 | } | 829 | } |
830 | if (getpeereid(sock, &euid, &egid) < 0) { | ||
831 | error("getpeereid %d failed: %s", | ||
832 | sock, strerror(errno)); | ||
833 | close(sock); | ||
834 | break; | ||
835 | } | ||
836 | if (getuid() != euid) { | ||
837 | error("uid mismatch: " | ||
838 | "peer euid %d != uid %d", | ||
839 | (int) euid, (int) getuid()); | ||
840 | close(sock); | ||
841 | break; | ||
842 | } | ||
828 | new_socket(AUTH_CONNECTION, sock); | 843 | new_socket(AUTH_CONNECTION, sock); |
829 | } | 844 | } |
830 | break; | 845 | break; |