Apply the following changes, requested by snj in #1138: - Refuse ForwardX11Trusted=no connections attempted after ForwardX11Timeout expires. (CVE-2015-5352) - Fix TTY permissions to not be world-writable. (CVE-2015-6565)diff -r1.11.4.1 -r1.11.4.1.2.1 src/crypto/external/bsd/openssh/dist/channels.c
(martin)
--- src/crypto/external/bsd/openssh/dist/channels.c 2015/04/30 06:07:30 1.11.4.1
+++ src/crypto/external/bsd/openssh/dist/channels.c 2016/03/11 12:23:58 1.11.4.1.2.1
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: channels.c,v 1.11.4.1 2015/04/30 06:07:30 riz Exp $ */ | 1 | /* $NetBSD: channels.c,v 1.11.4.1.2.1 2016/03/11 12:23:58 martin Exp $ */ | |
2 | /* $OpenBSD: channels.c,v 1.341 2015/02/06 23:21:59 millert Exp $ */ | 2 | /* $OpenBSD: channels.c,v 1.341 2015/02/06 23:21:59 millert Exp $ */ | |
3 | /* | 3 | /* | |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | |
5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
6 | * All rights reserved | 6 | * All rights reserved | |
7 | * This file contains functions for generic socket connection forwarding. | 7 | * This file contains functions for generic socket connection forwarding. | |
8 | * There is also code for initiating connection forwarding for X11 connections, | 8 | * There is also code for initiating connection forwarding for X11 connections, | |
9 | * arbitrary tcp/ip connections, and the authentication agent connection. | 9 | * arbitrary tcp/ip connections, and the authentication agent connection. | |
10 | * | 10 | * | |
11 | * As far as I am concerned, the code I have written for this software | 11 | * As far as I am concerned, the code I have written for this software | |
12 | * can be used freely for any purpose. Any derived versions of this | 12 | * can be used freely for any purpose. Any derived versions of this | |
13 | * software must be clearly marked as such, and if the derived work is | 13 | * software must be clearly marked as such, and if the derived work is | |
14 | * incompatible with the protocol description in the RFC file, it must be | 14 | * incompatible with the protocol description in the RFC file, it must be | |
@@ -31,27 +31,27 @@ | @@ -31,27 +31,27 @@ | |||
31 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 31 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
32 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 32 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
33 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 33 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
34 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 34 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
35 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 35 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
36 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 36 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
37 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 37 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
38 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 38 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
39 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 39 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
40 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 40 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
41 | */ | 41 | */ | |
42 | 42 | |||
43 | #include "includes.h" | 43 | #include "includes.h" | |
44 | __RCSID("$NetBSD: channels.c,v 1.11.4.1 2015/04/30 06:07:30 riz Exp $"); | 44 | __RCSID("$NetBSD: channels.c,v 1.11.4.1.2.1 2016/03/11 12:23:58 martin Exp $"); | |
45 | #include <sys/param.h> | 45 | #include <sys/param.h> | |
46 | #include <sys/types.h> | 46 | #include <sys/types.h> | |
47 | #include <sys/param.h> /* MIN MAX */ | 47 | #include <sys/param.h> /* MIN MAX */ | |
48 | #include <sys/stat.h> | 48 | #include <sys/stat.h> | |
49 | #include <sys/ioctl.h> | 49 | #include <sys/ioctl.h> | |
50 | #include <sys/un.h> | 50 | #include <sys/un.h> | |
51 | #include <sys/socket.h> | 51 | #include <sys/socket.h> | |
52 | #include <sys/time.h> | 52 | #include <sys/time.h> | |
53 | #include <sys/queue.h> | 53 | #include <sys/queue.h> | |
54 | 54 | |||
55 | #include <netinet/in.h> | 55 | #include <netinet/in.h> | |
56 | #include <arpa/inet.h> | 56 | #include <arpa/inet.h> | |
57 | 57 | |||
@@ -153,26 +153,29 @@ static int all_opens_permitted = 0; | @@ -153,26 +153,29 @@ static int all_opens_permitted = 0; | |||
153 | /* Maximum number of fake X11 displays to try. */ | 153 | /* Maximum number of fake X11 displays to try. */ | |
154 | #define MAX_DISPLAYS 1000 | 154 | #define MAX_DISPLAYS 1000 | |
155 | 155 | |||
156 | /* Saved X11 local (client) display. */ | 156 | /* Saved X11 local (client) display. */ | |
157 | static char *x11_saved_display = NULL; | 157 | static char *x11_saved_display = NULL; | |
158 | 158 | |||
159 | /* Saved X11 authentication protocol name. */ | 159 | /* Saved X11 authentication protocol name. */ | |
160 | static char *x11_saved_proto = NULL; | 160 | static char *x11_saved_proto = NULL; | |
161 | 161 | |||
162 | /* Saved X11 authentication data. This is the real data. */ | 162 | /* Saved X11 authentication data. This is the real data. */ | |
163 | static char *x11_saved_data = NULL; | 163 | static char *x11_saved_data = NULL; | |
164 | static u_int x11_saved_data_len = 0; | 164 | static u_int x11_saved_data_len = 0; | |
165 | 165 | |||
166 | /* Deadline after which all X11 connections are refused */ | |||
167 | static u_int x11_refuse_time; | |||
168 | ||||
166 | /* | 169 | /* | |
167 | * Fake X11 authentication data. This is what the server will be sending us; | 170 | * Fake X11 authentication data. This is what the server will be sending us; | |
168 | * we should replace any occurrences of this by the real data. | 171 | * we should replace any occurrences of this by the real data. | |
169 | */ | 172 | */ | |
170 | static u_char *x11_fake_data = NULL; | 173 | static u_char *x11_fake_data = NULL; | |
171 | static u_int x11_fake_data_len; | 174 | static u_int x11_fake_data_len; | |
172 | 175 | |||
173 | 176 | |||
174 | /* -- agent forwarding */ | 177 | /* -- agent forwarding */ | |
175 | 178 | |||
176 | #define NUM_SOCKS 10 | 179 | #define NUM_SOCKS 10 | |
177 | 180 | |||
178 | /* AF_UNSPEC or AF_INET or AF_INET6 */ | 181 | /* AF_UNSPEC or AF_INET or AF_INET6 */ | |
@@ -928,26 +931,33 @@ channel_pre_output_draining(Channel *c, | @@ -928,26 +931,33 @@ channel_pre_output_draining(Channel *c, | |||
928 | * connection (when authentication spoofing is being done) remains in this | 931 | * connection (when authentication spoofing is being done) remains in this | |
929 | * state until the first packet has been completely read. The authentication | 932 | * state until the first packet has been completely read. The authentication | |
930 | * data in that packet is then substituted by the real data if it matches the | 933 | * data in that packet is then substituted by the real data if it matches the | |
931 | * fake data, and the channel is put into normal mode. | 934 | * fake data, and the channel is put into normal mode. | |
932 | * XXX All this happens at the client side. | 935 | * XXX All this happens at the client side. | |
933 | * Returns: 0 = need more data, -1 = wrong cookie, 1 = ok | 936 | * Returns: 0 = need more data, -1 = wrong cookie, 1 = ok | |
934 | */ | 937 | */ | |
935 | static int | 938 | static int | |
936 | x11_open_helper(Buffer *b) | 939 | x11_open_helper(Buffer *b) | |
937 | { | 940 | { | |
938 | u_char *ucp; | 941 | u_char *ucp; | |
939 | u_int proto_len, data_len; | 942 | u_int proto_len, data_len; | |
940 | 943 | |||
944 | /* Is this being called after the refusal deadline? */ | |||
945 | if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) { | |||
946 | verbose("Rejected X11 connection after ForwardX11Timeout " | |||
947 | "expired"); | |||
948 | return -1; | |||
949 | } | |||
950 | ||||
941 | /* Check if the fixed size part of the packet is in buffer. */ | 951 | /* Check if the fixed size part of the packet is in buffer. */ | |
942 | if (buffer_len(b) < 12) | 952 | if (buffer_len(b) < 12) | |
943 | return 0; | 953 | return 0; | |
944 | 954 | |||
945 | /* Parse the lengths of variable-length fields. */ | 955 | /* Parse the lengths of variable-length fields. */ | |
946 | ucp = buffer_ptr(b); | 956 | ucp = buffer_ptr(b); | |
947 | if (ucp[0] == 0x42) { /* Byte order MSB first. */ | 957 | if (ucp[0] == 0x42) { /* Byte order MSB first. */ | |
948 | proto_len = 256 * ucp[6] + ucp[7]; | 958 | proto_len = 256 * ucp[6] + ucp[7]; | |
949 | data_len = 256 * ucp[8] + ucp[9]; | 959 | data_len = 256 * ucp[8] + ucp[9]; | |
950 | } else if (ucp[0] == 0x6c) { /* Byte order LSB first. */ | 960 | } else if (ucp[0] == 0x6c) { /* Byte order LSB first. */ | |
951 | proto_len = ucp[6] + 256 * ucp[7]; | 961 | proto_len = ucp[6] + 256 * ucp[7]; | |
952 | data_len = ucp[8] + 256 * ucp[9]; | 962 | data_len = ucp[8] + 256 * ucp[9]; | |
953 | } else { | 963 | } else { | |
@@ -1499,26 +1509,32 @@ port_open_helper(Channel *c, const char | @@ -1499,26 +1509,32 @@ port_open_helper(Channel *c, const char | |||
1499 | static void | 1509 | static void | |
1500 | channel_set_reuseaddr(int fd) | 1510 | channel_set_reuseaddr(int fd) | |
1501 | { | 1511 | { | |
1502 | int on = 1; | 1512 | int on = 1; | |
1503 | 1513 | |||
1504 | /* | 1514 | /* | |
1505 | * Set socket options. | 1515 | * Set socket options. | |
1506 | * Allow local port reuse in TIME_WAIT. | 1516 | * Allow local port reuse in TIME_WAIT. | |
1507 | */ | 1517 | */ | |
1508 | if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) | 1518 | if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) | |
1509 | error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno)); | 1519 | error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno)); | |
1510 | } | 1520 | } | |
1511 | 1521 | |||
1522 | void | |||
1523 | channel_set_x11_refuse_time(u_int refuse_time) | |||
1524 | { | |||
1525 | x11_refuse_time = refuse_time; | |||
1526 | } | |||
1527 | ||||
1512 | /* | 1528 | /* | |
1513 | * This socket is listening for connections to a forwarded TCP/IP port. | 1529 | * This socket is listening for connections to a forwarded TCP/IP port. | |
1514 | */ | 1530 | */ | |
1515 | /* ARGSUSED */ | 1531 | /* ARGSUSED */ | |
1516 | static void | 1532 | static void | |
1517 | channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset) | 1533 | channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset) | |
1518 | { | 1534 | { | |
1519 | Channel *nc; | 1535 | Channel *nc; | |
1520 | struct sockaddr_storage addr; | 1536 | struct sockaddr_storage addr; | |
1521 | int newsock, nextstate; | 1537 | int newsock, nextstate; | |
1522 | socklen_t addrlen; | 1538 | socklen_t addrlen; | |
1523 | const char *rtype; | 1539 | const char *rtype; | |
1524 | 1540 |
--- src/crypto/external/bsd/openssh/dist/channels.h 2015/04/30 06:07:30 1.8.4.1
+++ src/crypto/external/bsd/openssh/dist/channels.h 2016/03/11 12:23:58 1.8.4.1.2.1
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: channels.h,v 1.8.4.1 2015/04/30 06:07:30 riz Exp $ */ | 1 | /* $NetBSD: channels.h,v 1.8.4.1.2.1 2016/03/11 12:23:58 martin Exp $ */ | |
2 | /* $OpenBSD: channels.h,v 1.116 2015/01/19 20:07:45 markus Exp $ */ | 2 | /* $OpenBSD: channels.h,v 1.116 2015/01/19 20:07:45 markus Exp $ */ | |
3 | 3 | |||
4 | /* | 4 | /* | |
5 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 5 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | |
6 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 6 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
7 | * All rights reserved | 7 | * All rights reserved | |
8 | * | 8 | * | |
9 | * As far as I am concerned, the code I have written for this software | 9 | * As far as I am concerned, the code I have written for this software | |
10 | * can be used freely for any purpose. Any derived versions of this | 10 | * can be used freely for any purpose. Any derived versions of this | |
11 | * software must be clearly marked as such, and if the derived work is | 11 | * software must be clearly marked as such, and if the derived work is | |
12 | * incompatible with the protocol description in the RFC file, it must be | 12 | * incompatible with the protocol description in the RFC file, it must be | |
13 | * called by a name other than "ssh" or "Secure Shell". | 13 | * called by a name other than "ssh" or "Secure Shell". | |
14 | */ | 14 | */ | |
@@ -277,26 +277,27 @@ Channel *channel_connect_stdio_fwd(const | @@ -277,26 +277,27 @@ Channel *channel_connect_stdio_fwd(const | |||
277 | Channel *channel_connect_by_listen_address(const char *, u_short, | 277 | Channel *channel_connect_by_listen_address(const char *, u_short, | |
278 | const char *, char *); | 278 | const char *, char *); | |
279 | Channel *channel_connect_by_listen_path(const char *, const char *, const char *); | 279 | Channel *channel_connect_by_listen_path(const char *, const char *, const char *); | |
280 | int channel_request_remote_forwarding(struct Forward *); | 280 | int channel_request_remote_forwarding(struct Forward *); | |
281 | int channel_setup_local_fwd_listener(struct Forward *, struct ForwardOptions *); | 281 | int channel_setup_local_fwd_listener(struct Forward *, struct ForwardOptions *); | |
282 | int channel_request_rforward_cancel(struct Forward *); | 282 | int channel_request_rforward_cancel(struct Forward *); | |
283 | int channel_setup_remote_fwd_listener(struct Forward *, int *, struct ForwardOptions *); | 283 | int channel_setup_remote_fwd_listener(struct Forward *, int *, struct ForwardOptions *); | |
284 | int channel_cancel_rport_listener(struct Forward *); | 284 | int channel_cancel_rport_listener(struct Forward *); | |
285 | int channel_cancel_lport_listener(struct Forward *, int, struct ForwardOptions *); | 285 | int channel_cancel_lport_listener(struct Forward *, int, struct ForwardOptions *); | |
286 | int permitopen_port(const char *); | 286 | int permitopen_port(const char *); | |
287 | 287 | |||
288 | /* x11 forwarding */ | 288 | /* x11 forwarding */ | |
289 | 289 | |||
290 | void channel_set_x11_refuse_time(u_int); | |||
290 | int x11_connect_display(void); | 291 | int x11_connect_display(void); | |
291 | int x11_create_display_inet(int, int, int, u_int *, int **); | 292 | int x11_create_display_inet(int, int, int, u_int *, int **); | |
292 | int x11_input_open(int, u_int32_t, void *); | 293 | int x11_input_open(int, u_int32_t, void *); | |
293 | void x11_request_forwarding_with_spoofing(int, const char *, const char *, | 294 | void x11_request_forwarding_with_spoofing(int, const char *, const char *, | |
294 | const char *, int); | 295 | const char *, int); | |
295 | int deny_input_open(int, u_int32_t, void *); | 296 | int deny_input_open(int, u_int32_t, void *); | |
296 | 297 | |||
297 | /* agent forwarding */ | 298 | /* agent forwarding */ | |
298 | 299 | |||
299 | void auth_request_forwarding(void); | 300 | void auth_request_forwarding(void); | |
300 | 301 | |||
301 | /* channel close */ | 302 | /* channel close */ | |
302 | 303 |
--- src/crypto/external/bsd/openssh/dist/clientloop.c 2015/04/30 06:07:30 1.10.4.1
+++ src/crypto/external/bsd/openssh/dist/clientloop.c 2016/03/11 12:23:58 1.10.4.1.2.1
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: clientloop.c,v 1.10.4.1 2015/04/30 06:07:30 riz Exp $ */ | 1 | /* $NetBSD: clientloop.c,v 1.10.4.1.2.1 2016/03/11 12:23:58 martin Exp $ */ | |
2 | /* $OpenBSD: clientloop.c,v 1.272 2015/02/25 19:54:02 djm Exp $ */ | 2 | /* $OpenBSD: clientloop.c,v 1.272 2015/02/25 19:54:02 djm Exp $ */ | |
3 | /* | 3 | /* | |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | |
5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
6 | * All rights reserved | 6 | * All rights reserved | |
7 | * The main loop for the interactive session (client side). | 7 | * The main loop for the interactive session (client side). | |
8 | * | 8 | * | |
9 | * As far as I am concerned, the code I have written for this software | 9 | * As far as I am concerned, the code I have written for this software | |
10 | * can be used freely for any purpose. Any derived versions of this | 10 | * can be used freely for any purpose. Any derived versions of this | |
11 | * software must be clearly marked as such, and if the derived work is | 11 | * software must be clearly marked as such, and if the derived work is | |
12 | * incompatible with the protocol description in the RFC file, it must be | 12 | * incompatible with the protocol description in the RFC file, it must be | |
13 | * called by a name other than "ssh" or "Secure Shell". | 13 | * called by a name other than "ssh" or "Secure Shell". | |
14 | * | 14 | * | |
@@ -51,27 +51,27 @@ | @@ -51,27 +51,27 @@ | |||
51 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 51 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
52 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 52 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
53 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 53 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
54 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 54 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
55 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 55 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
56 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 56 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
57 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 57 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
58 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 58 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
59 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 59 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
60 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 60 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
61 | */ | 61 | */ | |
62 | 62 | |||
63 | #include "includes.h" | 63 | #include "includes.h" | |
64 | __RCSID("$NetBSD: clientloop.c,v 1.10.4.1 2015/04/30 06:07:30 riz Exp $"); | 64 | __RCSID("$NetBSD: clientloop.c,v 1.10.4.1.2.1 2016/03/11 12:23:58 martin Exp $"); | |
65 | 65 | |||
66 | #include <sys/param.h> /* MIN MAX */ | 66 | #include <sys/param.h> /* MIN MAX */ | |
67 | #include <sys/types.h> | 67 | #include <sys/types.h> | |
68 | #include <sys/ioctl.h> | 68 | #include <sys/ioctl.h> | |
69 | #include <sys/stat.h> | 69 | #include <sys/stat.h> | |
70 | #include <sys/socket.h> | 70 | #include <sys/socket.h> | |
71 | #include <sys/time.h> | 71 | #include <sys/time.h> | |
72 | #include <sys/queue.h> | 72 | #include <sys/queue.h> | |
73 | 73 | |||
74 | #include <ctype.h> | 74 | #include <ctype.h> | |
75 | #include <errno.h> | 75 | #include <errno.h> | |
76 | #include <paths.h> | 76 | #include <paths.h> | |
77 | #include <signal.h> | 77 | #include <signal.h> | |
@@ -149,27 +149,27 @@ volatile sig_atomic_t quit_pending; /* S | @@ -149,27 +149,27 @@ volatile sig_atomic_t quit_pending; /* S | |||
149 | static int escape_char1; /* Escape character. (proto1 only) */ | 149 | static int escape_char1; /* Escape character. (proto1 only) */ | |
150 | static int escape_pending1; /* Last character was an escape (proto1 only) */ | 150 | static int escape_pending1; /* Last character was an escape (proto1 only) */ | |
151 | static int last_was_cr; /* Last character was a newline. */ | 151 | static int last_was_cr; /* Last character was a newline. */ | |
152 | static int exit_status; /* Used to store the command exit status. */ | 152 | static int exit_status; /* Used to store the command exit status. */ | |
153 | static int stdin_eof; /* EOF has been encountered on stderr. */ | 153 | static int stdin_eof; /* EOF has been encountered on stderr. */ | |
154 | static Buffer stdin_buffer; /* Buffer for stdin data. */ | 154 | static Buffer stdin_buffer; /* Buffer for stdin data. */ | |
155 | static Buffer stdout_buffer; /* Buffer for stdout data. */ | 155 | static Buffer stdout_buffer; /* Buffer for stdout data. */ | |
156 | static Buffer stderr_buffer; /* Buffer for stderr data. */ | 156 | static Buffer stderr_buffer; /* Buffer for stderr data. */ | |
157 | static u_int buffer_high; /* Soft max buffer size. */ | 157 | static u_int buffer_high; /* Soft max buffer size. */ | |
158 | static int connection_in; /* Connection to server (input). */ | 158 | static int connection_in; /* Connection to server (input). */ | |
159 | static int connection_out; /* Connection to server (output). */ | 159 | static int connection_out; /* Connection to server (output). */ | |
160 | static int need_rekeying; /* Set to non-zero if rekeying is requested. */ | 160 | static int need_rekeying; /* Set to non-zero if rekeying is requested. */ | |
161 | static int session_closed; /* In SSH2: login session closed. */ | 161 | static int session_closed; /* In SSH2: login session closed. */ | |
162 | static int x11_refuse_time; /* If >0, refuse x11 opens after this time. */ | 162 | static u_int x11_refuse_time; /* If >0, refuse x11 opens after this time. */ | |
163 | 163 | |||
164 | static void client_init_dispatch(void); | 164 | static void client_init_dispatch(void); | |
165 | int session_ident = -1; | 165 | int session_ident = -1; | |
166 | 166 | |||
167 | int session_resumed = 0; | 167 | int session_resumed = 0; | |
168 | 168 | |||
169 | /* Track escape per proto2 channel */ | 169 | /* Track escape per proto2 channel */ | |
170 | struct escape_filter_ctx { | 170 | struct escape_filter_ctx { | |
171 | int escape_pending; | 171 | int escape_pending; | |
172 | int escape_char; | 172 | int escape_char; | |
173 | }; | 173 | }; | |
174 | 174 | |||
175 | /* Context for channel confirmation replies */ | 175 | /* Context for channel confirmation replies */ | |
@@ -284,40 +284,41 @@ client_x11_display_valid(const char *dis | @@ -284,40 +284,41 @@ client_x11_display_valid(const char *dis | |||
284 | size_t i, dlen; | 284 | size_t i, dlen; | |
285 | 285 | |||
286 | dlen = strlen(display); | 286 | dlen = strlen(display); | |
287 | for (i = 0; i < dlen; i++) { | 287 | for (i = 0; i < dlen; i++) { | |
288 | if (!isalnum((u_char)display[i]) && | 288 | if (!isalnum((u_char)display[i]) && | |
289 | strchr(SSH_X11_VALID_DISPLAY_CHARS, display[i]) == NULL) { | 289 | strchr(SSH_X11_VALID_DISPLAY_CHARS, display[i]) == NULL) { | |
290 | debug("Invalid character '%c' in DISPLAY", display[i]); | 290 | debug("Invalid character '%c' in DISPLAY", display[i]); | |
291 | return 0; | 291 | return 0; | |
292 | } | 292 | } | |
293 | } | 293 | } | |
294 | return 1; | 294 | return 1; | |
295 | } | 295 | } | |
296 | 296 | |||
297 | #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" | 297 | #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" | |
298 | #define X11_TIMEOUT_SLACK 60 | |||
298 | void | 299 | void | |
299 | client_x11_get_proto(const char *display, const char *xauth_path, | 300 | client_x11_get_proto(const char *display, const char *xauth_path, | |
300 | u_int trusted, u_int timeout, char **_proto, char **_data) | 301 | u_int trusted, u_int timeout, char **_proto, char **_data) | |
301 | { | 302 | { | |
302 | char cmd[1024]; | 303 | char cmd[1024]; | |
303 | char line[512]; | 304 | char line[512]; | |
304 | char xdisplay[512]; | 305 | char xdisplay[512]; | |
305 | static char proto[512], data[512]; | 306 | static char proto[512], data[512]; | |
306 | FILE *f; | 307 | FILE *f; | |
307 | int got_data = 0, generated = 0, do_unlink = 0, i; | 308 | int got_data = 0, generated = 0, do_unlink = 0, i; | |
308 | char *xauthdir, *xauthfile; | 309 | char *xauthdir, *xauthfile; | |
309 | struct stat st; | 310 | struct stat st; | |
310 | u_int now; | 311 | u_int now, x11_timeout_real; | |
311 | 312 | |||
312 | xauthdir = xauthfile = NULL; | 313 | xauthdir = xauthfile = NULL; | |
313 | *_proto = proto; | 314 | *_proto = proto; | |
314 | *_data = data; | 315 | *_data = data; | |
315 | proto[0] = data[0] = '\0'; | 316 | proto[0] = data[0] = '\0'; | |
316 | 317 | |||
317 | if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) { | 318 | if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) { | |
318 | debug("No xauth program."); | 319 | debug("No xauth program."); | |
319 | } else if (!client_x11_display_valid(display)) { | 320 | } else if (!client_x11_display_valid(display)) { | |
320 | logit("DISPLAY '%s' invalid, falling back to fake xauth data", | 321 | logit("DISPLAY '%s' invalid, falling back to fake xauth data", | |
321 | display); | 322 | display); | |
322 | } else { | 323 | } else { | |
323 | if (display == NULL) { | 324 | if (display == NULL) { | |
@@ -330,44 +331,56 @@ client_x11_get_proto(const char *display | @@ -330,44 +331,56 @@ client_x11_get_proto(const char *display | |||
330 | * just try "xauth list unix:displaynum.screennum". | 331 | * just try "xauth list unix:displaynum.screennum". | |
331 | * XXX: "localhost" match to determine FamilyLocal | 332 | * XXX: "localhost" match to determine FamilyLocal | |
332 | * is not perfect. | 333 | * is not perfect. | |
333 | */ | 334 | */ | |
334 | if (strncmp(display, "localhost:", 10) == 0) { | 335 | if (strncmp(display, "localhost:", 10) == 0) { | |
335 | snprintf(xdisplay, sizeof(xdisplay), "unix:%s", | 336 | snprintf(xdisplay, sizeof(xdisplay), "unix:%s", | |
336 | display + 10); | 337 | display + 10); | |
337 | display = xdisplay; | 338 | display = xdisplay; | |
338 | } | 339 | } | |
339 | if (trusted == 0) { | 340 | if (trusted == 0) { | |
340 | xauthdir = xmalloc(PATH_MAX); | 341 | xauthdir = xmalloc(PATH_MAX); | |
341 | xauthfile = xmalloc(PATH_MAX); | 342 | xauthfile = xmalloc(PATH_MAX); | |
342 | mktemp_proto(xauthdir, PATH_MAX); | 343 | mktemp_proto(xauthdir, PATH_MAX); | |
344 | /* | |||
345 | * The authentication cookie should briefly outlive | |||
346 | * ssh's willingness to forward X11 connections to | |||
347 | * avoid nasty fail-open behaviour in the X server. | |||
348 | */ | |||
349 | if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK) | |||
350 | x11_timeout_real = UINT_MAX; | |||
351 | else | |||
352 | x11_timeout_real = timeout + X11_TIMEOUT_SLACK; | |||
343 | if (mkdtemp(xauthdir) != NULL) { | 353 | if (mkdtemp(xauthdir) != NULL) { | |
344 | do_unlink = 1; | 354 | do_unlink = 1; | |
345 | snprintf(xauthfile, PATH_MAX, "%s/xauthfile", | 355 | snprintf(xauthfile, PATH_MAX, "%s/xauthfile", | |
346 | xauthdir); | 356 | xauthdir); | |
347 | snprintf(cmd, sizeof(cmd), | 357 | snprintf(cmd, sizeof(cmd), | |
348 | "%s -f %s generate %s " SSH_X11_PROTO | 358 | "%s -f %s generate %s " SSH_X11_PROTO | |
349 | " untrusted timeout %u 2>" _PATH_DEVNULL, | 359 | " untrusted timeout %u 2>" _PATH_DEVNULL, | |
350 | xauth_path, xauthfile, display, timeout); | 360 | xauth_path, xauthfile, display, | |
361 | x11_timeout_real); | |||
351 | debug2("x11_get_proto: %s", cmd); | 362 | debug2("x11_get_proto: %s", cmd); | |
352 | if (system(cmd) == 0) | |||
353 | generated = 1; | |||
354 | if (x11_refuse_time == 0) { | 363 | if (x11_refuse_time == 0) { | |
355 | now = monotime() + 1; | 364 | now = monotime() + 1; | |
356 | if (UINT_MAX - timeout < now) | 365 | if (UINT_MAX - timeout < now) | |
357 | x11_refuse_time = UINT_MAX; | 366 | x11_refuse_time = UINT_MAX; | |
358 | else | 367 | else | |
359 | x11_refuse_time = now + timeout; | 368 | x11_refuse_time = now + timeout; | |
369 | channel_set_x11_refuse_time( | |||
370 | x11_refuse_time); | |||
360 | } | 371 | } | |
372 | if (system(cmd) == 0) | |||
373 | generated = 1; | |||
361 | } | 374 | } | |
362 | } | 375 | } | |
363 | 376 | |||
364 | /* | 377 | /* | |
365 | * When in untrusted mode, we read the cookie only if it was | 378 | * When in untrusted mode, we read the cookie only if it was | |
366 | * successfully generated as an untrusted one in the step | 379 | * successfully generated as an untrusted one in the step | |
367 | * above. | 380 | * above. | |
368 | */ | 381 | */ | |
369 | if (trusted || generated) { | 382 | if (trusted || generated) { | |
370 | snprintf(cmd, sizeof(cmd), | 383 | snprintf(cmd, sizeof(cmd), | |
371 | "%s %s%s list %s 2>" _PATH_DEVNULL, | 384 | "%s %s%s list %s 2>" _PATH_DEVNULL, | |
372 | xauth_path, | 385 | xauth_path, | |
373 | generated ? "-f " : "" , | 386 | generated ? "-f " : "" , | |
@@ -1876,27 +1889,27 @@ static Channel * | @@ -1876,27 +1889,27 @@ static Channel * | |||
1876 | client_request_x11(const char *request_type, int rchan) | 1889 | client_request_x11(const char *request_type, int rchan) | |
1877 | { | 1890 | { | |
1878 | Channel *c = NULL; | 1891 | Channel *c = NULL; | |
1879 | char *originator; | 1892 | char *originator; | |
1880 | u_short originator_port; | 1893 | u_short originator_port; | |
1881 | int sock; | 1894 | int sock; | |
1882 | 1895 | |||
1883 | if (!options.forward_x11) { | 1896 | if (!options.forward_x11) { | |
1884 | error("Warning: ssh server tried X11 forwarding."); | 1897 | error("Warning: ssh server tried X11 forwarding."); | |
1885 | error("Warning: this is probably a break-in attempt by a " | 1898 | error("Warning: this is probably a break-in attempt by a " | |
1886 | "malicious server."); | 1899 | "malicious server."); | |
1887 | return NULL; | 1900 | return NULL; | |
1888 | } | 1901 | } | |
1889 | if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) { | 1902 | if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) { | |
1890 | verbose("Rejected X11 connection after ForwardX11Timeout " | 1903 | verbose("Rejected X11 connection after ForwardX11Timeout " | |
1891 | "expired"); | 1904 | "expired"); | |
1892 | return NULL; | 1905 | return NULL; | |
1893 | } | 1906 | } | |
1894 | originator = packet_get_string(NULL); | 1907 | originator = packet_get_string(NULL); | |
1895 | if (datafellows & SSH_BUG_X11FWD) { | 1908 | if (datafellows & SSH_BUG_X11FWD) { | |
1896 | debug2("buggy server: x11 request w/o originator_port"); | 1909 | debug2("buggy server: x11 request w/o originator_port"); | |
1897 | originator_port = 0; | 1910 | originator_port = 0; | |
1898 | } else { | 1911 | } else { | |
1899 | originator_port = packet_get_int(); | 1912 | originator_port = packet_get_int(); | |
1900 | } | 1913 | } | |
1901 | packet_check_eom(); | 1914 | packet_check_eom(); | |
1902 | /* XXX check permission */ | 1915 | /* XXX check permission */ |
--- src/crypto/external/bsd/openssh/dist/sshpty.c 2015/04/30 06:07:31 1.2.26.1
+++ src/crypto/external/bsd/openssh/dist/sshpty.c 2016/03/11 12:23:58 1.2.26.1.2.1
@@ -1,30 +1,30 @@ | @@ -1,30 +1,30 @@ | |||
1 | /* $NetBSD: sshpty.c,v 1.2.26.1 2015/04/30 06:07:31 riz Exp $ */ | 1 | /* $NetBSD: sshpty.c,v 1.2.26.1.2.1 2016/03/11 12:23:58 martin Exp $ */ | |
2 | /* $OpenBSD: sshpty.c,v 1.29 2014/09/03 18:55:07 djm Exp $ */ | 2 | /* $OpenBSD: sshpty.c,v 1.29 2014/09/03 18:55:07 djm Exp $ */ | |
3 | /* | 3 | /* | |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | |
5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
6 | * All rights reserved | 6 | * All rights reserved | |
7 | * Allocating a pseudo-terminal, and making it the controlling tty. | 7 | * Allocating a pseudo-terminal, and making it the controlling tty. | |
8 | * | 8 | * | |
9 | * As far as I am concerned, the code I have written for this software | 9 | * As far as I am concerned, the code I have written for this software | |
10 | * can be used freely for any purpose. Any derived versions of this | 10 | * can be used freely for any purpose. Any derived versions of this | |
11 | * software must be clearly marked as such, and if the derived work is | 11 | * software must be clearly marked as such, and if the derived work is | |
12 | * incompatible with the protocol description in the RFC file, it must be | 12 | * incompatible with the protocol description in the RFC file, it must be | |
13 | * called by a name other than "ssh" or "Secure Shell". | 13 | * called by a name other than "ssh" or "Secure Shell". | |
14 | */ | 14 | */ | |
15 | 15 | |||
16 | #include "includes.h" | 16 | #include "includes.h" | |
17 | __RCSID("$NetBSD: sshpty.c,v 1.2.26.1 2015/04/30 06:07:31 riz Exp $"); | 17 | __RCSID("$NetBSD: sshpty.c,v 1.2.26.1.2.1 2016/03/11 12:23:58 martin Exp $"); | |
18 | #include <sys/types.h> | 18 | #include <sys/types.h> | |
19 | #include <sys/ioctl.h> | 19 | #include <sys/ioctl.h> | |
20 | #include <sys/stat.h> | 20 | #include <sys/stat.h> | |
21 | 21 | |||
22 | #include <errno.h> | 22 | #include <errno.h> | |
23 | #include <fcntl.h> | 23 | #include <fcntl.h> | |
24 | #include <grp.h> | 24 | #include <grp.h> | |
25 | #include <paths.h> | 25 | #include <paths.h> | |
26 | #include <pwd.h> | 26 | #include <pwd.h> | |
27 | #include <stdarg.h> | 27 | #include <stdarg.h> | |
28 | #include <string.h> | 28 | #include <string.h> | |
29 | #include <termios.h> | 29 | #include <termios.h> | |
30 | #include <unistd.h> | 30 | #include <unistd.h> | |
@@ -135,27 +135,27 @@ pty_change_window_size(int ptyfd, u_int | @@ -135,27 +135,27 @@ pty_change_window_size(int ptyfd, u_int | |||
135 | } | 135 | } | |
136 | 136 | |||
137 | void | 137 | void | |
138 | pty_setowner(struct passwd *pw, const char *tty) | 138 | pty_setowner(struct passwd *pw, const char *tty) | |
139 | { | 139 | { | |
140 | struct group *grp; | 140 | struct group *grp; | |
141 | gid_t gid; | 141 | gid_t gid; | |
142 | mode_t mode; | 142 | mode_t mode; | |
143 | struct stat st; | 143 | struct stat st; | |
144 | 144 | |||
145 | /* Determine the group to make the owner of the tty. */ | 145 | /* Determine the group to make the owner of the tty. */ | |
146 | grp = getgrnam("tty"); | 146 | grp = getgrnam("tty"); | |
147 | gid = (grp != NULL) ? grp->gr_gid : pw->pw_gid; | 147 | gid = (grp != NULL) ? grp->gr_gid : pw->pw_gid; | |
148 | mode = (grp != NULL) ? 0622 : 0600; | 148 | mode = (grp != NULL) ? 0620 : 0600; | |
149 | 149 | |||
150 | /* | 150 | /* | |
151 | * Change owner and mode of the tty as required. | 151 | * Change owner and mode of the tty as required. | |
152 | * Warn but continue if filesystem is read-only and the uids match/ | 152 | * Warn but continue if filesystem is read-only and the uids match/ | |
153 | * tty is owned by root. | 153 | * tty is owned by root. | |
154 | */ | 154 | */ | |
155 | if (stat(tty, &st)) | 155 | if (stat(tty, &st)) | |
156 | fatal("stat(%.100s) failed: %.100s", tty, | 156 | fatal("stat(%.100s) failed: %.100s", tty, | |
157 | strerror(errno)); | 157 | strerror(errno)); | |
158 | 158 | |||
159 | if (st.st_uid != pw->pw_uid || st.st_gid != gid) { | 159 | if (st.st_uid != pw->pw_uid || st.st_gid != gid) { | |
160 | if (chown(tty, pw->pw_uid, gid) < 0) { | 160 | if (chown(tty, pw->pw_uid, gid) < 0) { | |
161 | if (errno == EROFS && | 161 | if (errno == EROFS && |