Attachment 930 Details for Bug 1054 – Close accept/getpeername race

[patch] Close accept/getpeername race

racefix.diff (text/plain), 3.45 KB, created by Damien Miller on 2005-06-17 12:52:46 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Damien Miller

Created: 2005-06-17 12:52:46 AEST

Size: 3.45 KB

patch

obsolete

>revision 1.43
>date: 2005/06/16 08:00:00;  author: markus;  state: Exp;  lines: +2 -2
>don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm
>=============================================================================
>
>Index: canohost.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/canohost.c,v
>retrieving revision 1.42
>retrieving revision 1.43
>diff -u -p -u -r1.42 -r1.43
>--- canohost.c	18 Feb 2005 03:05:53 -0000	1.42
>+++ canohost.c	16 Jun 2005 08:00:00 -0000	1.43
>@@ -12,7 +12,7 @@
>  */
> 
> #include "includes.h"
>-RCSID("$OpenBSD: canohost.c,v 1.42 2005/02/18 03:05:53 djm Exp $");
>+RCSID("$OpenBSD: canohost.c,v 1.43 2005/06/16 08:00:00 markus Exp $");
> 
> #include "packet.h"
> #include "xmalloc.h"
>@@ -307,7 +307,7 @@ get_sock_port(int sock, int local)
> 	} else {
> 		if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) {
> 			debug("getpeername failed: %.100s", strerror(errno));
>-			cleanup_exit(255);
>+			return -1;
> 		}
> 	}
> 	/* Return port number. */
>revision 1.216
>date: 2005/06/16 08:00:00;  author: markus;  state: Exp;  lines: +3 -3
>don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm
>=============================================================================
>
>Index: channels.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/channels.c,v
>retrieving revision 1.215
>retrieving revision 1.216
>diff -u -p -u -r1.215 -r1.216
>--- channels.c	16 Jun 2005 03:38:36 -0000	1.215
>+++ channels.c	16 Jun 2005 08:00:00 -0000	1.216
>@@ -39,7 +39,7 @@
>  */
> 
> #include "includes.h"
>-RCSID("$OpenBSD: channels.c,v 1.215 2005/06/16 03:38:36 djm Exp $");
>+RCSID("$OpenBSD: channels.c,v 1.216 2005/06/16 08:00:00 markus Exp $");
> 
> #include "ssh.h"
> #include "ssh1.h"
>@@ -1177,7 +1177,7 @@ port_open_helper(Channel *c, char *rtype
> 	int direct;
> 	char buf[1024];
> 	char *remote_ipaddr = get_peer_ipaddr(c->sock);
>-	u_short remote_port = get_peer_port(c->sock);
>+	int remote_port = get_peer_port(c->sock);
> 
> 	direct = (strcmp(rtype, "direct-tcpip") == 0);
> 
>@@ -1207,7 +1207,7 @@ port_open_helper(Channel *c, char *rtype
> 		}
> 		/* originator host and port */
> 		packet_put_cstring(remote_ipaddr);
>-		packet_put_int(remote_port);
>+		packet_put_int((u_int)remote_port);
> 		packet_send();
> 	} else {
> 		packet_start(SSH_MSG_PORT_OPEN);
>revision 1.310
>date: 2005/06/16 08:00:00;  author: markus;  state: Exp;  lines: +5 -2
>don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm
>=============================================================================
>
>Index: sshd.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/sshd.c,v
>retrieving revision 1.309
>retrieving revision 1.310
>diff -u -p -u -r1.309 -r1.310
>--- sshd.c	6 Apr 2005 09:43:59 -0000	1.309
>+++ sshd.c	16 Jun 2005 08:00:00 -0000	1.310
>@@ -42,7 +42,7 @@
>  */
> 
> #include "includes.h"
>-RCSID("$OpenBSD: sshd.c,v 1.309 2005/04/06 09:43:59 djm Exp $");
>+RCSID("$OpenBSD: sshd.c,v 1.310 2005/06/16 08:00:00 markus Exp $");
> 
> #include <openssl/dh.h>
> #include <openssl/bn.h>
>@@ -1556,7 +1556,10 @@ main(int ac, char **av)
> 	    setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0)
> 		error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
> 
>-	remote_port = get_remote_port();
>+	if ((remote_port = get_remote_port()) < 0) {
>+		debug("get_remote_port failed");
>+		cleanup_exit(255);
>+	}
> 	remote_ip = get_remote_ipaddr();
> 
> #ifdef LIBWRAP

Actions: View | Diff

Attachments on bug 1054: 930