Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-3-0]: src/crypto/dist/ssh Pull up revisions:
details: https://anonhg.NetBSD.org/src/rev/02c12bb5ac62
branches: netbsd-3-0
changeset: 579478:02c12bb5ac62
user: jdc <jdc%NetBSD.org@localhost>
date: Tue Apr 08 21:48:26 2008 +0000
description:
Pull up revisions:
src/crypto/dist/ssh/channels.c 1.38
src/crypto/dist/ssh/auth-options.c 1.8
src/crypto/dist/ssh/auth-options.h 1.4
src/crypto/dist/ssh/session.c 1.46
src/crypto/dist/ssh/sshd.8 1.39
(requested by adrianp in ticket #1921).
Fix X11 forwarding information disclosure vulnerability in OpenSSH
(CVE-2008-1483).
Add no-user-rc option which disables execution of ~/.ssh/rc
(backport from OpenSSH 4.9)
diffstat:
crypto/dist/ssh/auth-options.c | 13 +++++++++++--
crypto/dist/ssh/auth-options.h | 3 ++-
crypto/dist/ssh/channels.c | 7 ++-----
crypto/dist/ssh/session.c | 7 ++++---
crypto/dist/ssh/sshd.8 | 5 ++++-
5 files changed, 23 insertions(+), 12 deletions(-)
diffs (140 lines):
diff -r b5861ada1c03 -r 02c12bb5ac62 crypto/dist/ssh/auth-options.c
--- a/crypto/dist/ssh/auth-options.c Tue Apr 08 21:35:31 2008 +0000
+++ b/crypto/dist/ssh/auth-options.c Tue Apr 08 21:48:26 2008 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-options.c,v 1.4 2005/02/13 05:57:26 christos Exp $ */
+/* $NetBSD: auth-options.c,v 1.4.4.1 2008/04/08 21:48:26 jdc Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -12,7 +12,7 @@
#include "includes.h"
RCSID("$OpenBSD: auth-options.c,v 1.28 2003/06/02 09:17:34 markus Exp $");
-__RCSID("$NetBSD: auth-options.c,v 1.4 2005/02/13 05:57:26 christos Exp $");
+__RCSID("$NetBSD: auth-options.c,v 1.4.4.1 2008/04/08 21:48:26 jdc Exp $");
#include "xmalloc.h"
#include "match.h"
@@ -30,6 +30,7 @@
int no_agent_forwarding_flag = 0;
int no_x11_forwarding_flag = 0;
int no_pty_flag = 0;
+int no_user_rc = 0;
/* "command=" option. */
char *forced_command = NULL;
@@ -46,6 +47,7 @@
no_port_forwarding_flag = 0;
no_pty_flag = 0;
no_x11_forwarding_flag = 0;
+ no_user_rc = 0;
while (custom_environment) {
struct envstring *ce = custom_environment;
custom_environment = ce->next;
@@ -105,6 +107,13 @@
opts += strlen(cp);
goto next_option;
}
+ cp = "no-user-rc";
+ if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+ auth_debug_add("User rc file execution disabled.");
+ no_user_rc = 1;
+ opts += strlen(cp);
+ goto next_option;
+ }
cp = "command=\"";
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
opts += strlen(cp);
diff -r b5861ada1c03 -r 02c12bb5ac62 crypto/dist/ssh/auth-options.h
--- a/crypto/dist/ssh/auth-options.h Tue Apr 08 21:35:31 2008 +0000
+++ b/crypto/dist/ssh/auth-options.h Tue Apr 08 21:48:26 2008 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-options.h,v 1.1.1.7 2002/10/01 13:39:55 itojun Exp $ */
+/* $NetBSD: auth-options.h,v 1.1.1.7.10.1 2008/04/08 21:48:26 jdc Exp $ */
/* $OpenBSD: auth-options.h,v 1.12 2002/07/21 18:34:43 stevesk Exp $ */
/*
@@ -27,6 +27,7 @@
extern int no_agent_forwarding_flag;
extern int no_x11_forwarding_flag;
extern int no_pty_flag;
+extern int no_user_rc;
extern char *forced_command;
extern struct envstring *custom_environment;
diff -r b5861ada1c03 -r 02c12bb5ac62 crypto/dist/ssh/channels.c
--- a/crypto/dist/ssh/channels.c Tue Apr 08 21:35:31 2008 +0000
+++ b/crypto/dist/ssh/channels.c Tue Apr 08 21:48:26 2008 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: channels.c,v 1.31 2005/02/13 05:57:26 christos Exp $ */
+/* $NetBSD: channels.c,v 1.31.4.1 2008/04/08 21:48:26 jdc Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -41,7 +41,7 @@
#include "includes.h"
RCSID("$OpenBSD: channels.c,v 1.209 2004/08/11 21:43:04 avsm Exp $");
-__RCSID("$NetBSD: channels.c,v 1.31 2005/02/13 05:57:26 christos Exp $");
+__RCSID("$NetBSD: channels.c,v 1.31.4.1 2008/04/08 21:48:26 jdc Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -2626,9 +2626,6 @@
debug2("bind port %d: %.100s", port, strerror(errno));
close(sock);
- if (ai->ai_next)
- continue;
-
for (n = 0; n < num_socks; n++) {
close(socks[n]);
}
diff -r b5861ada1c03 -r 02c12bb5ac62 crypto/dist/ssh/session.c
--- a/crypto/dist/ssh/session.c Tue Apr 08 21:35:31 2008 +0000
+++ b/crypto/dist/ssh/session.c Tue Apr 08 21:48:26 2008 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: session.c,v 1.39.4.1 2006/10/26 09:39:38 ghen Exp $ */
+/* $NetBSD: session.c,v 1.39.4.2 2008/04/08 21:48:26 jdc Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
* All rights reserved
@@ -35,7 +35,7 @@
#include "includes.h"
RCSID("$OpenBSD: session.c,v 1.180 2004/07/28 09:40:29 markus Exp $");
-__RCSID("$NetBSD: session.c,v 1.39.4.1 2006/10/26 09:39:38 ghen Exp $");
+__RCSID("$NetBSD: session.c,v 1.39.4.2 2008/04/08 21:48:26 jdc Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -1102,7 +1102,8 @@
s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
/* ignore _PATH_SSH_USER_RC for subsystems */
- if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
+ if (!s->is_subsystem && !no_user_rc &&
+ (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
if (debug_flag)
diff -r b5861ada1c03 -r 02c12bb5ac62 crypto/dist/ssh/sshd.8
--- a/crypto/dist/ssh/sshd.8 Tue Apr 08 21:35:31 2008 +0000
+++ b/crypto/dist/ssh/sshd.8 Tue Apr 08 21:48:26 2008 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: sshd.8,v 1.34 2005/02/13 05:57:27 christos Exp $
+.\" $NetBSD: sshd.8,v 1.34.4.1 2008/04/08 21:48:26 jdc Exp $
.\" -*- nroff -*-
.\"
.\" Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
@@ -486,6 +486,9 @@
authentication.
.It Cm no-pty
Prevents tty allocation (a request to allocate a pty will fail).
+.It Cm no-user-rc
+Disables execution of
+.Pa ~/.ssh/rc .
.It Cm permitopen="host:port"
Limit local
.Li ``ssh -L''
Home |
Main Index |
Thread Index |
Old Index