Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 1ab6a51f9b258a6e844f1ee442c15aec7fcb6a72^! / . / clientloop.c
commit1ab6a51f9b258a6e844f1ee442c15aec7fcb6a72[log] [tgz]
authorDamien Miller <djm@mindrot.org>Sat Jun 26 10:02:24 2010 +1000
committerDamien Miller <djm@mindrot.org>Sat Jun 26 10:02:24 2010 +1000
tree708954349afa3ef3f1294934443d5773c1b6b53f
parent383ffe6c5f31d3ecd89caadc8aef1bc2b821d63a [diff] [blame]
   - djm@cvs.openbsd.org 2010/06/25 23:10:30
     [ssh.c]
     log the hostname and address that we connected to at LogLevel=verbose
     after authentication is successful to mitigate "phishing" attacks by
     servers with trusted keys that accept authentication silently and
     automatically before presenting fake password/passphrase prompts;
     "nice!" markus@

diff --git a/clientloop.c b/clientloop.c
index 76de372..5608bcc 100644
--- a/clientloop.c
+++ b/clientloop.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.220 2010/04/10 02:08:44 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.221 2010/06/25 23:15:36 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -155,11 +155,12 @@
 static Buffer stdin_buffer;	/* Buffer for stdin data. */
 static Buffer stdout_buffer;	/* Buffer for stdout data. */
 static Buffer stderr_buffer;	/* Buffer for stderr data. */
-static u_int buffer_high;/* Soft max buffer size. */
+static u_int buffer_high;	/* Soft max buffer size. */
 static int connection_in;	/* Connection to server (input). */
 static int connection_out;	/* Connection to server (output). */
 static int need_rekeying;	/* Set to non-zero if rekeying is requested. */
-static int session_closed = 0;	/* In SSH2: login session closed. */
+static int session_closed;	/* In SSH2: login session closed. */
+static int x11_refuse_time;	/* If >0, refuse x11 opens after this time. */
 
 static void client_init_dispatch(void);
 int	session_ident = -1;
@@ -254,7 +255,7 @@
 #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
 void
 client_x11_get_proto(const char *display, const char *xauth_path,
-    u_int trusted, char **_proto, char **_data)
+    u_int trusted, u_int timeout, char **_proto, char **_data)
 {
 	char cmd[1024];
 	char line[512];
@@ -264,6 +265,7 @@
 	int got_data = 0, generated = 0, do_unlink = 0, i;
 	char *xauthdir, *xauthfile;
 	struct stat st;
+	u_int now;
 
 	xauthdir = xauthfile = NULL;
 	*_proto = proto;
@@ -299,11 +301,18 @@
 				    xauthdir);
 				snprintf(cmd, sizeof(cmd),
 				    "%s -f %s generate %s " SSH_X11_PROTO
-				    " untrusted timeout 1200 2>" _PATH_DEVNULL,
-				    xauth_path, xauthfile, display);
+				    " untrusted timeout %u 2>" _PATH_DEVNULL,
+				    xauth_path, xauthfile, display, timeout);
 				debug2("x11_get_proto: %s", cmd);
 				if (system(cmd) == 0)
 					generated = 1;
+				if (x11_refuse_time == 0) {
+					now = time(NULL) + 1;
+					if (UINT_MAX - timeout < now)
+						x11_refuse_time = UINT_MAX;
+					else
+						x11_refuse_time = now + timeout;
+				}
 			}
 		}
 
@@ -1686,6 +1695,11 @@
 		    "malicious server.");
 		return NULL;
 	}
+	if (x11_refuse_time != 0 && time(NULL) >= x11_refuse_time) {
+		verbose("Rejected X11 connection after ForwardX11Timeout "
+		    "expired");
+		return NULL;
+	}
 	originator = packet_get_string(NULL);
 	if (datafellows & SSH_BUG_X11FWD) {
 		debug2("buggy server: x11 request w/o originator_port");