diff options
author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2016-01-19 18:55:44 +0000 |
---|---|---|
committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2016-01-19 18:55:44 +0000 |
commit | 557f75e54ae47df936c7de8fb97ec70c4180a5c0 (patch) | |
tree | b2a4ad7a06e845ba72a87d2beedfbbcbb7aeb5bb /crypto/openssh/channels.c | |
parent | 9860d96e8f9b50e480c47b68f957dc947620c62c (diff) | |
parent | b5a1b3a82df411cb95b6a850e9d9d90bc3d082f9 (diff) | |
download | src-557f75e54ae47df936c7de8fb97ec70c4180a5c0.tar.gz src-557f75e54ae47df936c7de8fb97ec70c4180a5c0.zip |
Upgrade to OpenSSH 6.9p1.
Notes
Notes:
svn path=/head/; revision=294336
Diffstat (limited to 'crypto/openssh/channels.c')
-rw-r--r-- | crypto/openssh/channels.c | 63 |
1 files changed, 43 insertions, 20 deletions
diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c index ca33e9a2986b..39bb77580598 100644 --- a/crypto/openssh/channels.c +++ b/crypto/openssh/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.341 2015/02/06 23:21:59 millert Exp $ */ +/* $OpenBSD: channels.c,v 1.347 2015/07/01 02:26:31 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -162,6 +162,9 @@ static char *x11_saved_proto = NULL; static char *x11_saved_data = NULL; static u_int x11_saved_data_len = 0; +/* Deadline after which all X11 connections are refused */ +static u_int x11_refuse_time; + /* * Fake X11 authentication data. This is what the server will be sending us; * we should replace any occurrences of this by the real data. @@ -307,7 +310,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, if (channels_alloc > 10000) fatal("channel_new: internal error: channels_alloc %d " "too big.", channels_alloc); - channels = xrealloc(channels, channels_alloc + 10, + channels = xreallocarray(channels, channels_alloc + 10, sizeof(Channel *)); channels_alloc += 10; debug2("channel: expanding %d", channels_alloc); @@ -913,6 +916,13 @@ x11_open_helper(Buffer *b) u_char *ucp; u_int proto_len, data_len; + /* Is this being called after the refusal deadline? */ + if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) { + verbose("Rejected X11 connection after ForwardX11Timeout " + "expired"); + return -1; + } + /* Check if the fixed size part of the packet is in buffer. */ if (buffer_len(b) < 12) return 0; @@ -1484,6 +1494,12 @@ channel_set_reuseaddr(int fd) error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno)); } +void +channel_set_x11_refuse_time(u_int refuse_time) +{ + x11_refuse_time = refuse_time; +} + /* * This socket is listening for connections to a forwarded TCP/IP port. */ @@ -2193,8 +2209,8 @@ channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp, /* perhaps check sz < nalloc/2 and shrink? */ if (*readsetp == NULL || sz > *nallocp) { - *readsetp = xrealloc(*readsetp, nfdset, sizeof(fd_mask)); - *writesetp = xrealloc(*writesetp, nfdset, sizeof(fd_mask)); + *readsetp = xreallocarray(*readsetp, nfdset, sizeof(fd_mask)); + *writesetp = xreallocarray(*writesetp, nfdset, sizeof(fd_mask)); *nallocp = sz; } *maxfdp = n; @@ -2271,7 +2287,7 @@ channel_output_poll(void) packet_put_int(c->remote_id); packet_put_string(data, dlen); packet_send(); - c->remote_window -= dlen + 4; + c->remote_window -= dlen; free(data); } continue; @@ -2642,7 +2658,7 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) { Channel *c; int id; - u_int adjust; + u_int adjust, tmp; if (!compat20) return 0; @@ -2658,7 +2674,10 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) adjust = packet_get_int(); packet_check_eom(); debug2("channel %d: rcvd adjust %u", id, adjust); - c->remote_window += adjust; + if ((tmp = c->remote_window + adjust) < c->remote_window) + fatal("channel %d: adjust %u overflows remote window %u", + id, adjust, c->remote_window); + c->remote_window = tmp; return 0; } @@ -2806,17 +2825,21 @@ channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd, char ntop[NI_MAXHOST], strport[NI_MAXSERV]; in_port_t *lport_p; - host = (type == SSH_CHANNEL_RPORT_LISTENER) ? - fwd->listen_host : fwd->connect_host; is_client = (type == SSH_CHANNEL_PORT_LISTENER); - if (host == NULL) { - error("No forward host name."); - return 0; - } - if (strlen(host) >= NI_MAXHOST) { - error("Forward host name too long."); - return 0; + if (is_client && fwd->connect_path != NULL) { + host = fwd->connect_path; + } else { + host = (type == SSH_CHANNEL_RPORT_LISTENER) ? + fwd->listen_host : fwd->connect_host; + if (host == NULL) { + error("No forward host name."); + return 0; + } + if (strlen(host) >= NI_MAXHOST) { + error("Forward host name too long."); + return 0; + } } /* Determine the bind address, cf. channel_fwd_bind_addr() comment */ @@ -3238,7 +3261,7 @@ channel_request_remote_forwarding(struct Forward *fwd) } if (success) { /* Record that connection to this host/port is permitted. */ - permitted_opens = xrealloc(permitted_opens, + permitted_opens = xreallocarray(permitted_opens, num_permitted_opens + 1, sizeof(*permitted_opens)); idx = num_permitted_opens++; if (fwd->connect_path != NULL) { @@ -3469,7 +3492,7 @@ channel_add_permitted_opens(char *host, int port) { debug("allow port forwarding to host %s port %d", host, port); - permitted_opens = xrealloc(permitted_opens, + permitted_opens = xreallocarray(permitted_opens, num_permitted_opens + 1, sizeof(*permitted_opens)); permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host); permitted_opens[num_permitted_opens].port_to_connect = port; @@ -3519,7 +3542,7 @@ channel_add_adm_permitted_opens(char *host, int port) { debug("config allows port forwarding to host %s port %d", host, port); - permitted_adm_opens = xrealloc(permitted_adm_opens, + permitted_adm_opens = xreallocarray(permitted_adm_opens, num_adm_permitted_opens + 1, sizeof(*permitted_adm_opens)); permitted_adm_opens[num_adm_permitted_opens].host_to_connect = xstrdup(host); @@ -3534,7 +3557,7 @@ void channel_disable_adm_local_opens(void) { channel_clear_adm_permitted_opens(); - permitted_adm_opens = xmalloc(sizeof(*permitted_adm_opens)); + permitted_adm_opens = xcalloc(sizeof(*permitted_adm_opens), 1); permitted_adm_opens[num_adm_permitted_opens].host_to_connect = NULL; num_adm_permitted_opens = 1; } |