]> andersk Git - openssh.git/blobdiff - clientloop.c
andersk / openssh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- pvalchev@cvs.openbsd.org 2007/06/07 19:41:46
[openssh.git] / clientloop.c
diff --git a/clientloop.c b/clientloop.c
index 538644c201dbfd48637bff6766abd7e3cb6756dd..7a61cb74d6931a6693c8684c2af062463c7bd77b 100644 (file)
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.180 2007/08/07 07:32:53 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.182 2007/09/04 03:21:03 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -290,19 +290,29 @@ client_x11_get_proto(const char *display, const char *xauth_path,
                                        generated = 1;
                        }
                }
-               snprintf(cmd, sizeof(cmd),
-                   "%s %s%s list %s 2>" _PATH_DEVNULL,
-                   xauth_path,
-                   generated ? "-f " : "" ,
-                   generated ? xauthfile : "",
-                   display);
-               debug2("x11_get_proto: %s", cmd);
-               f = popen(cmd, "r");
-               if (f && fgets(line, sizeof(line), f) &&
-                   sscanf(line, "%*s %511s %511s", proto, data) == 2)
-                       got_data = 1;
-               if (f)
-                       pclose(f);
+
+               /*
+                * When in untrusted mode, we read the cookie only if it was
+                * successfully generated as an untrusted one in the step
+                * above.
+                */
+               if (trusted || generated) {
+                       snprintf(cmd, sizeof(cmd),
+                           "%s %s%s list %s 2>" _PATH_DEVNULL,
+                           xauth_path,
+                           generated ? "-f " : "" ,
+                           generated ? xauthfile : "",
+                           display);
+                       debug2("x11_get_proto: %s", cmd);
+                       f = popen(cmd, "r");
+                       if (f && fgets(line, sizeof(line), f) &&
+                           sscanf(line, "%*s %511s %511s", proto, data) == 2)
+                               got_data = 1;
+                       if (f)
+                               pclose(f);
+               } else
+                       error("Warning: untrusted X11 forwarding setup failed: "
+                           "xauth key data not generated");
        }
 
        if (do_unlink) {
@@ -712,7 +722,7 @@ client_process_control(fd_set *readset)
        struct sockaddr_storage addr;
        struct confirm_ctx *cctx;
        char *cmd;
-       u_int i, len, env_len, command, flags;
+       u_int i, j, len, env_len, command, flags;
        uid_t euid;
        gid_t egid;
 
@@ -860,9 +870,22 @@ client_process_control(fd_set *readset)
        xfree(cmd);
 
        /* Gather fds from client */
-       new_fd[0] = mm_receive_fd(client_fd);
-       new_fd[1] = mm_receive_fd(client_fd);
-       new_fd[2] = mm_receive_fd(client_fd);
+       for(i = 0; i < 3; i++) {
+               if ((new_fd[i] = mm_receive_fd(client_fd)) == -1) {
+                       error("%s: failed to receive fd %d from slave",
+                           __func__, i);
+                       for (j = 0; j < i; j++)
+                               close(new_fd[j]);
+                       for (j = 0; j < env_len; j++)
+                               xfree(cctx->env[j]);
+                       if (env_len > 0)
+                               xfree(cctx->env);
+                       xfree(cctx->term);
+                       buffer_free(&cctx->cmd);
+                       xfree(cctx);
+                       return;
+               }
+       }
 
        debug2("%s: got fds stdin %d, stdout %d, stderr %d", __func__,
            new_fd[0], new_fd[1], new_fd[2]);
git-cvsimport mirror of OpenSSH
This page took 0.117308 seconds and 4 git commands to generate.