diff options
Diffstat (limited to 'ssh-agent.c')
| -rw-r--r-- | ssh-agent.c | 60 |
1 files changed, 36 insertions, 24 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index ac16bae40..cca720ee2 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
| @@ -34,8 +34,8 @@ | |||
| 34 | */ | 34 | */ |
| 35 | 35 | ||
| 36 | #include "includes.h" | 36 | #include "includes.h" |
| 37 | #include "openbsd-compat/fake-queue.h" | 37 | #include "openbsd-compat/sys-queue.h" |
| 38 | RCSID("$OpenBSD: ssh-agent.c,v 1.97 2002/06/24 14:55:38 markus Exp $"); | 38 | RCSID("$OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $"); |
| 39 | 39 | ||
| 40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
| 41 | #include <openssl/md5.h> | 41 | #include <openssl/md5.h> |
| @@ -107,6 +107,17 @@ char *__progname; | |||
| 107 | #endif | 107 | #endif |
| 108 | 108 | ||
| 109 | static void | 109 | static void |
| 110 | close_socket(SocketEntry *e) | ||
| 111 | { | ||
| 112 | close(e->fd); | ||
| 113 | e->fd = -1; | ||
| 114 | e->type = AUTH_UNUSED; | ||
| 115 | buffer_free(&e->input); | ||
| 116 | buffer_free(&e->output); | ||
| 117 | buffer_free(&e->request); | ||
| 118 | } | ||
| 119 | |||
| 120 | static void | ||
| 110 | idtab_init(void) | 121 | idtab_init(void) |
| 111 | { | 122 | { |
| 112 | int i; | 123 | int i; |
| @@ -617,13 +628,7 @@ process_message(SocketEntry *e) | |||
| 617 | cp = buffer_ptr(&e->input); | 628 | cp = buffer_ptr(&e->input); |
| 618 | msg_len = GET_32BIT(cp); | 629 | msg_len = GET_32BIT(cp); |
| 619 | if (msg_len > 256 * 1024) { | 630 | if (msg_len > 256 * 1024) { |
| 620 | shutdown(e->fd, SHUT_RDWR); | 631 | close_socket(e); |
| 621 | close(e->fd); | ||
| 622 | e->fd = -1; | ||
| 623 | e->type = AUTH_UNUSED; | ||
| 624 | buffer_free(&e->input); | ||
| 625 | buffer_free(&e->output); | ||
| 626 | buffer_free(&e->request); | ||
| 627 | return; | 632 | return; |
| 628 | } | 633 | } |
| 629 | if (buffer_len(&e->input) < msg_len + 4) | 634 | if (buffer_len(&e->input) < msg_len + 4) |
| @@ -805,6 +810,8 @@ after_select(fd_set *readset, fd_set *writeset) | |||
| 805 | char buf[1024]; | 810 | char buf[1024]; |
| 806 | int len, sock; | 811 | int len, sock; |
| 807 | u_int i; | 812 | u_int i; |
| 813 | uid_t euid; | ||
| 814 | gid_t egid; | ||
| 808 | 815 | ||
| 809 | for (i = 0; i < sockets_alloc; i++) | 816 | for (i = 0; i < sockets_alloc; i++) |
| 810 | switch (sockets[i].type) { | 817 | switch (sockets[i].type) { |
| @@ -820,6 +827,19 @@ after_select(fd_set *readset, fd_set *writeset) | |||
| 820 | strerror(errno)); | 827 | strerror(errno)); |
| 821 | break; | 828 | break; |
| 822 | } | 829 | } |
| 830 | if (getpeereid(sock, &euid, &egid) < 0) { | ||
| 831 | error("getpeereid %d failed: %s", | ||
| 832 | sock, strerror(errno)); | ||
| 833 | close(sock); | ||
| 834 | break; | ||
| 835 | } | ||
| 836 | if ((euid != 0) && (getuid() != euid)) { | ||
| 837 | error("uid mismatch: " | ||
| 838 | "peer euid %u != uid %u", | ||
| 839 | (u_int) euid, (u_int) getuid()); | ||
| 840 | close(sock); | ||
| 841 | break; | ||
| 842 | } | ||
| 823 | new_socket(AUTH_CONNECTION, sock); | 843 | new_socket(AUTH_CONNECTION, sock); |
| 824 | } | 844 | } |
| 825 | break; | 845 | break; |
| @@ -836,13 +856,7 @@ after_select(fd_set *readset, fd_set *writeset) | |||
| 836 | break; | 856 | break; |
| 837 | } while (1); | 857 | } while (1); |
| 838 | if (len <= 0) { | 858 | if (len <= 0) { |
| 839 | shutdown(sockets[i].fd, SHUT_RDWR); | 859 | close_socket(&sockets[i]); |
| 840 | close(sockets[i].fd); | ||
| 841 | sockets[i].fd = -1; | ||
| 842 | sockets[i].type = AUTH_UNUSED; | ||
| 843 | buffer_free(&sockets[i].input); | ||
| 844 | buffer_free(&sockets[i].output); | ||
| 845 | buffer_free(&sockets[i].request); | ||
| 846 | break; | 860 | break; |
| 847 | } | 861 | } |
| 848 | buffer_consume(&sockets[i].output, len); | 862 | buffer_consume(&sockets[i].output, len); |
| @@ -856,13 +870,7 @@ after_select(fd_set *readset, fd_set *writeset) | |||
| 856 | break; | 870 | break; |
| 857 | } while (1); | 871 | } while (1); |
| 858 | if (len <= 0) { | 872 | if (len <= 0) { |
| 859 | shutdown(sockets[i].fd, SHUT_RDWR); | 873 | close_socket(&sockets[i]); |
| 860 | close(sockets[i].fd); | ||
| 861 | sockets[i].fd = -1; | ||
| 862 | sockets[i].type = AUTH_UNUSED; | ||
| 863 | buffer_free(&sockets[i].input); | ||
| 864 | buffer_free(&sockets[i].output); | ||
| 865 | buffer_free(&sockets[i].request); | ||
| 866 | break; | 874 | break; |
| 867 | } | 875 | } |
| 868 | buffer_append(&sockets[i].input, buf, len); | 876 | buffer_append(&sockets[i].input, buf, len); |
| @@ -943,6 +951,10 @@ main(int ac, char **av) | |||
| 943 | pid_t pid; | 951 | pid_t pid; |
| 944 | char pidstrbuf[1 + 3 * sizeof pid]; | 952 | char pidstrbuf[1 + 3 * sizeof pid]; |
| 945 | 953 | ||
| 954 | /* drop */ | ||
| 955 | setegid(getgid()); | ||
| 956 | setgid(getgid()); | ||
| 957 | |||
| 946 | SSLeay_add_all_algorithms(); | 958 | SSLeay_add_all_algorithms(); |
| 947 | 959 | ||
| 948 | __progname = get_progname(av[0]); | 960 | __progname = get_progname(av[0]); |
| @@ -1052,7 +1064,7 @@ main(int ac, char **av) | |||
| 1052 | #ifdef HAVE_CYGWIN | 1064 | #ifdef HAVE_CYGWIN |
| 1053 | umask(prev_mask); | 1065 | umask(prev_mask); |
| 1054 | #endif | 1066 | #endif |
| 1055 | if (listen(sock, 5) < 0) { | 1067 | if (listen(sock, 128) < 0) { |
| 1056 | perror("listen"); | 1068 | perror("listen"); |
| 1057 | cleanup_exit(1); | 1069 | cleanup_exit(1); |
| 1058 | } | 1070 | } |