Bugzilla – Attachment 1540 Details for
Bug 1380
incorrect check for strlen(fwd->connect_host) in parse_forward()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
revised revised patch
hoststrlen.diff (text/plain), 6.06 KB, created by
Damien Miller
on 2008-07-04 16:48:52 AEST
(
hide
)
Description:
revised revised patch
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2008-07-04 16:48:52 AEST
Size:
6.06 KB
patch
obsolete
>Index: Makefile.inc >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/Makefile.inc,v >retrieving revision 1.32 >diff -u -p -r1.32 Makefile.inc >--- Makefile.inc 28 Jun 2008 14:04:30 -0000 1.32 >+++ Makefile.inc 4 Jul 2008 06:47:00 -0000 >@@ -27,3 +27,7 @@ DPADD+= ${.CURDIR}/../lib/${__ob > LDADD+= -L${.CURDIR}/../lib -lssh > DPADD+= ${.CURDIR}/../lib/libssh.a > .endif >+ >+CFLAGS+=${PIEFLAG} >+LDADD+=${PIEFLAG} >+ >Index: auth-options.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/auth-options.c,v >retrieving revision 1.43 >diff -u -p -r1.43 auth-options.c >--- auth-options.c 10 Jun 2008 23:06:19 -0000 1.43 >+++ auth-options.c 4 Jul 2008 06:47:00 -0000 >@@ -19,6 +19,7 @@ > #include <stdio.h> > #include <stdarg.h> > >+#include "ssh.h" > #include "xmalloc.h" > #include "match.h" > #include "log.h" >Index: auth1.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/auth1.c,v >retrieving revision 1.72 >diff -u -p -r1.72 auth1.c >--- auth1.c 8 May 2008 12:02:23 -0000 1.72 >+++ auth1.c 4 Jul 2008 06:47:00 -0000 >@@ -18,9 +18,10 @@ > #include <unistd.h> > #include <pwd.h> > >+#include "ssh.h" >+#include "ssh1.h" > #include "xmalloc.h" > #include "rsa.h" >-#include "ssh1.h" > #include "packet.h" > #include "buffer.h" > #include "log.h" >Index: channels.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/channels.c,v >retrieving revision 1.282 >diff -u -p -r1.282 channels.c >--- channels.c 16 Jun 2008 13:22:53 -0000 1.282 >+++ channels.c 4 Jul 2008 06:47:00 -0000 >@@ -2557,7 +2557,6 @@ channel_setup_remote_fwd_listener(const > * Initiate forwarding of connections to port "port" on remote host through > * the secure channel to host:port from local side. > */ >- > int > channel_request_remote_forwarding(const char *listen_host, u_short listen_port, > const char *host_to_connect, u_short port_to_connect) >@@ -2567,6 +2566,12 @@ channel_request_remote_forwarding(const > /* Record locally that connection to this host/port is permitted. */ > if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) > fatal("channel_request_remote_forwarding: too many forwards"); >+ >+ if (listen_host != NULL && >+ strlen(listen_host) > SSH_CHANNEL_PATH_LEN - 1) { >+ error("Listen address too long."); >+ return -1; >+ } > > /* Send the forward request to the remote side. */ > if (compat20) { >Index: channels.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/channels.h,v >retrieving revision 1.96 >diff -u -p -r1.96 channels.h >--- channels.h 15 Jun 2008 20:06:26 -0000 1.96 >+++ channels.h 4 Jul 2008 06:47:00 -0000 >@@ -55,7 +55,7 @@ > #define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */ > #define SSH_CHANNEL_MAX_TYPE 15 > >-#define SSH_CHANNEL_PATH_LEN 256 >+#define SSH_CHANNEL_PATH_LEN SSH_MAX_DOMAIN_LEN > > struct Channel; > typedef struct Channel Channel; >Index: gss-serv.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/gss-serv.c,v >retrieving revision 1.22 >diff -u -p -r1.22 gss-serv.c >--- gss-serv.c 8 May 2008 12:02:23 -0000 1.22 >+++ gss-serv.c 4 Jul 2008 06:47:00 -0000 >@@ -32,6 +32,7 @@ > > #include <string.h> > >+#include "ssh.h" > #include "xmalloc.h" > #include "buffer.h" > #include "key.h" >Index: nchan.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/nchan.c,v >retrieving revision 1.60 >diff -u -p -r1.60 nchan.c >--- nchan.c 30 Jun 2008 12:16:02 -0000 1.60 >+++ nchan.c 4 Jul 2008 06:47:00 -0000 >@@ -31,6 +31,7 @@ > #include <string.h> > #include <stdarg.h> > >+#include "ssh.h" > #include "ssh1.h" > #include "ssh2.h" > #include "buffer.h" >Index: packet.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/packet.c,v >retrieving revision 1.155 >diff -u -p -r1.155 packet.c >--- packet.c 13 Jun 2008 09:44:36 -0000 1.155 >+++ packet.c 4 Jul 2008 06:47:00 -0000 >@@ -55,6 +55,9 @@ > #include <unistd.h> > #include <signal.h> > >+#include "ssh.h" >+#include "ssh1.h" >+#include "ssh2.h" > #include "xmalloc.h" > #include "buffer.h" > #include "packet.h" >@@ -63,8 +66,6 @@ > #include "deattack.h" > #include "channels.h" > #include "compat.h" >-#include "ssh1.h" >-#include "ssh2.h" > #include "cipher.h" > #include "key.h" > #include "kex.h" >Index: readconf.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/readconf.c,v >retrieving revision 1.167 >diff -u -p -r1.167 readconf.c >--- readconf.c 26 Jun 2008 11:46:31 -0000 1.167 >+++ readconf.c 4 Jul 2008 06:47:01 -0000 >@@ -734,7 +734,7 @@ parse_int: > fwd.connect_host = "socks"; > fwd.listen_host = hpdelim(&arg); > if (fwd.listen_host == NULL || >- strlen(fwd.listen_host) >= NI_MAXHOST) >+ strlen(fwd.listen_host) >= SSH_MAX_DOMAIN_LEN) > fatal("%.200s line %d: Bad forwarding specification.", > filename, linenum); > if (arg) { >@@ -1263,7 +1263,7 @@ parse_forward(Forward *fwd, const char * > goto fail_free; > > if (fwd->connect_host != NULL && >- strlen(fwd->connect_host) >= NI_MAXHOST) >+ strlen(fwd->connect_host) >= SSH_MAX_DOMAIN_LEN) > goto fail_free; > > return (i); >Index: serverloop.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/serverloop.c,v >retrieving revision 1.153 >diff -u -p -r1.153 serverloop.c >--- serverloop.c 30 Jun 2008 12:15:39 -0000 1.153 >+++ serverloop.c 4 Jul 2008 06:47:01 -0000 >@@ -53,6 +53,7 @@ > #include <unistd.h> > #include <stdarg.h> > >+#include "ssh.h" > #include "xmalloc.h" > #include "packet.h" > #include "buffer.h" >Index: ssh.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh.h,v >retrieving revision 1.78 >diff -u -p -r1.78 ssh.h >--- ssh.h 3 Aug 2006 03:34:42 -0000 1.78 >+++ ssh.h 4 Jul 2008 06:47:01 -0000 >@@ -98,3 +98,7 @@ > > /* Listen backlog for sshd, ssh-agent and forwarding sockets */ > #define SSH_LISTEN_BACKLOG 128 >+ >+/* Maximum length of hostnames allowed in forwarding specifications */ >+#define SSH_MAX_DOMAIN_LEN 256 /* RFC2181 255 octets + \0 */ >+
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1540">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1380
:
1367
|
1539
|
1540
|
1591