diff options
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 24 |
1 files changed, 19 insertions, 5 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshd.c,v 1.480 2016/12/09 03:04:29 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.485 2017/03/15 03:52:30 deraadt Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -362,14 +362,14 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) | |||
| 362 | { | 362 | { |
| 363 | u_int i; | 363 | u_int i; |
| 364 | int remote_major, remote_minor; | 364 | int remote_major, remote_minor; |
| 365 | char *s, *newline = "\n"; | 365 | char *s; |
| 366 | char buf[256]; /* Must not be larger than remote_version. */ | 366 | char buf[256]; /* Must not be larger than remote_version. */ |
| 367 | char remote_version[256]; /* Must be at least as big as buf. */ | 367 | char remote_version[256]; /* Must be at least as big as buf. */ |
| 368 | 368 | ||
| 369 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", | 369 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", |
| 370 | PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, | 370 | PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, |
| 371 | *options.version_addendum == '\0' ? "" : " ", | 371 | *options.version_addendum == '\0' ? "" : " ", |
| 372 | options.version_addendum, newline); | 372 | options.version_addendum); |
| 373 | 373 | ||
| 374 | /* Send our protocol version identification. */ | 374 | /* Send our protocol version identification. */ |
| 375 | if (atomicio(vwrite, sock_out, server_version_string, | 375 | if (atomicio(vwrite, sock_out, server_version_string, |
| @@ -1046,6 +1046,11 @@ server_listen(void) | |||
| 1046 | close(listen_sock); | 1046 | close(listen_sock); |
| 1047 | continue; | 1047 | continue; |
| 1048 | } | 1048 | } |
| 1049 | if (fcntl(listen_sock, F_SETFD, FD_CLOEXEC) == -1) { | ||
| 1050 | verbose("socket: CLOEXEC: %s", strerror(errno)); | ||
| 1051 | close(listen_sock); | ||
| 1052 | continue; | ||
| 1053 | } | ||
| 1049 | /* | 1054 | /* |
| 1050 | * Set socket options. | 1055 | * Set socket options. |
| 1051 | * Allow local port reuse in TIME_WAIT. | 1056 | * Allow local port reuse in TIME_WAIT. |
| @@ -1670,6 +1675,15 @@ main(int ac, char **av) | |||
| 1670 | continue; | 1675 | continue; |
| 1671 | key = key_load_private(options.host_key_files[i], "", NULL); | 1676 | key = key_load_private(options.host_key_files[i], "", NULL); |
| 1672 | pubkey = key_load_public(options.host_key_files[i], NULL); | 1677 | pubkey = key_load_public(options.host_key_files[i], NULL); |
| 1678 | |||
| 1679 | if ((pubkey != NULL && pubkey->type == KEY_RSA1) || | ||
| 1680 | (key != NULL && key->type == KEY_RSA1)) { | ||
| 1681 | verbose("Ignoring RSA1 key %s", | ||
| 1682 | options.host_key_files[i]); | ||
| 1683 | key_free(key); | ||
| 1684 | key_free(pubkey); | ||
| 1685 | continue; | ||
| 1686 | } | ||
| 1673 | if (pubkey == NULL && key != NULL) | 1687 | if (pubkey == NULL && key != NULL) |
| 1674 | pubkey = key_demote(key); | 1688 | pubkey = key_demote(key); |
| 1675 | sensitive_data.host_keys[i] = key; | 1689 | sensitive_data.host_keys[i] = key; |
| @@ -2154,7 +2168,7 @@ do_ssh2_kex(void) | |||
| 2154 | 2168 | ||
| 2155 | if (options.rekey_limit || options.rekey_interval) | 2169 | if (options.rekey_limit || options.rekey_interval) |
| 2156 | packet_set_rekey_limits(options.rekey_limit, | 2170 | packet_set_rekey_limits(options.rekey_limit, |
| 2157 | (time_t)options.rekey_interval); | 2171 | options.rekey_interval); |
| 2158 | 2172 | ||
| 2159 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( | 2173 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( |
| 2160 | list_hostkey_types()); | 2174 | list_hostkey_types()); |