Bugzilla – Attachment 1704 Details for
Bug 1606
internal-sftp does not drop conections properly, it will hang
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
abort non-subsystem sessions to forced internal sftp-server
sftp-int-nohang.diff (text/plain), 2.00 KB, created by
Damien Miller
on 2009-10-23 12:19:31 AEDT
(
hide
)
Description:
abort non-subsystem sessions to forced internal sftp-server
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2009-10-23 12:19:31 AEDT
Size:
2.00 KB
patch
obsolete
>Index: session.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/session.c,v >retrieving revision 1.247 >diff -u -p -r1.247 session.c >--- session.c 6 Oct 2009 04:46:40 -0000 1.247 >+++ session.c 23 Oct 2009 01:02:11 -0000 >@@ -131,9 +131,10 @@ static int sessions_first_unused = -1; > static int sessions_nalloc = 0; > static Session *sessions = NULL; > >-#define SUBSYSTEM_NONE 0 >-#define SUBSYSTEM_EXT 1 >-#define SUBSYSTEM_INT_SFTP 2 >+#define SUBSYSTEM_NONE 0 >+#define SUBSYSTEM_EXT 1 >+#define SUBSYSTEM_INT_SFTP 2 >+#define SUBSYSTEM_INT_SFTP_ERROR 3 > > login_cap_t *lc; > >@@ -707,17 +708,19 @@ do_exec(Session *s, const char *command) > if (options.adm_forced_command) { > original_command = command; > command = options.adm_forced_command; >- if (IS_INTERNAL_SFTP(command)) >- s->is_subsystem = SUBSYSTEM_INT_SFTP; >- else if (s->is_subsystem) >+ if (IS_INTERNAL_SFTP(command)) { >+ s->is_subsystem = s->is_subsystem ? >+ SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; >+ } else if (s->is_subsystem) > s->is_subsystem = SUBSYSTEM_EXT; > debug("Forced command (config) '%.900s'", command); > } else if (forced_command) { > original_command = command; > command = forced_command; >- if (IS_INTERNAL_SFTP(command)) >- s->is_subsystem = SUBSYSTEM_INT_SFTP; >- else if (s->is_subsystem) >+ if (IS_INTERNAL_SFTP(command)) { >+ s->is_subsystem = s->is_subsystem ? >+ SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; >+ } else if (s->is_subsystem) > s->is_subsystem = SUBSYSTEM_EXT; > debug("Forced command (key option) '%.900s'", command); > } >@@ -1387,7 +1390,11 @@ do_child(Session *s, const char *command > /* restore SIGPIPE for child */ > signal(SIGPIPE, SIG_DFL); > >- if (s->is_subsystem == SUBSYSTEM_INT_SFTP) { >+ if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) { >+ printf("This service allows sftp connections only.\n"); >+ fflush(NULL); >+ exit(1); >+ } else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) { > extern int optind, optreset; > int i; > char *p, *args;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1704">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
dtucker
:
ok+
Actions:
View
|
Diff
Attachments on
bug 1606
:
1648
| 1704