From 50945fa861f9b17d0cf88ec7998847bcf1c5eda6 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Thu, 9 Dec 1999 10:31:37 +1100
Subject:  - OpenBSD CVS updates:    - [readpass.c]      avoid stdio; based on
 work by markus, millert, and I    - [sshd.c]      make sure the client
 selects a supported cipher    - [sshd.c]      fix sighup handling.  accept
 would just restart and daemon handled      sighup only after the next
 connection was accepted. use poll on      listen sock now.    - [sshd.c]     
 make that a fatal

---
 sshd.c | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

(limited to 'sshd.c')

diff --git a/sshd.c b/sshd.c
index 2ff8f45b4..55608c0a4 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,9 @@
  */
 
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.36 1999/12/08 23:16:55 damien Exp $");
+RCSID("$Id: sshd.c,v 1.37 1999/12/08 23:31:37 damien Exp $");
+
+#include <poll.h>
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -419,6 +421,7 @@ main(int ac, char **av)
 	int opt, aux, sock_in, sock_out, newsock, i, pid, on = 1;
 	int remote_major, remote_minor;
 	int silentrsa = 0;
+	struct pollfd fds;
 	struct sockaddr_in sin;
 	char buf[100];			/* Must not be larger than remote_version. */
 	char remote_version[100];	/* Must be at least as big as buf. */
@@ -688,7 +691,18 @@ main(int ac, char **av)
 		for (;;) {
 			if (received_sighup)
 				sighup_restart();
-			/* Wait in accept until there is a connection. */
+			/* Wait in poll until there is a connection. */
+			memset(&fds, 0, sizeof(fds));
+			fds.fd = listen_sock;
+			fds.events = POLLIN;
+			if (poll(&fds, 1, -1) == -1) {
+				if (errno == EINTR)
+					continue;
+				fatal("poll: %.100s", strerror(errno));
+				/*NOTREACHED*/
+			}
+			if (fds.revents == 0)
+				continue;
 			aux = sizeof(sin);
 			newsock = accept(listen_sock, (struct sockaddr *) & sin, &aux);
 			if (received_sighup)
@@ -1026,9 +1040,12 @@ do_connection()
 	/* Read clients reply (cipher type and session key). */
 	packet_read_expect(&plen, SSH_CMSG_SESSION_KEY);
 
-	/* Get cipher type. */
+	/* Get cipher type and check whether we accept this. */
 	cipher_type = packet_get_char();
 
+        if (!(cipher_mask() & (1 << cipher_type)))
+		packet_disconnect("Warning: client selects unsupported cipher.");
+
 	/* Get check bytes from the packet.  These must match those we
 	   sent earlier with the public key packet. */
 	for (i = 0; i < 8; i++)
-- 
cgit v1.2.3