diff options
author | green <green@FreeBSD.org> | 2000-11-14 04:51:10 +0000 |
---|---|---|
committer | green <green@FreeBSD.org> | 2000-11-14 04:51:10 +0000 |
commit | 23c4703be59c053e5f53e431645f6e7ef7150331 (patch) | |
tree | ae446491e6245fef09c234b8de327291f4a24906 /security | |
parent | e87d917fedd4c3f5ce1a4cb6d85a986dd01358c5 (diff) | |
download | FreeBSD-ports-23c4703be59c053e5f53e431645f6e7ef7150331.zip FreeBSD-ports-23c4703be59c053e5f53e431645f6e7ef7150331.tar.gz |
Add the security fix for inability to actually deny ssh-agent or X11
forwarding requests.
Diffstat (limited to 'security')
-rw-r--r-- | security/openssh/files/patch-ap | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/security/openssh/files/patch-ap b/security/openssh/files/patch-ap new file mode 100644 index 0000000..a5d51a2 --- /dev/null +++ b/security/openssh/files/patch-ap @@ -0,0 +1,50 @@ +Index: clientloop.c +=================================================================== +RCS file: /usr2/ncvs/src/crypto/openssh/clientloop.c,v +retrieving revision 1.1.1.3 +diff -u -r1.1.1.3 clientloop.c +--- clientloop.c 2000/09/10 08:29:25 1.1.1.3 ++++ clientloop.c 2000/11/14 03:15:02 +@@ -75,6 +75,8 @@ + #include "buffer.h" + #include "bufaux.h" + ++extern Options options; ++ + /* Flag indicating that stdin should be redirected from /dev/null. */ + extern int stdin_null_flag; + +@@ -793,7 +795,6 @@ + int + client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) + { +- extern Options options; + double start_time, total_time; + int len; + char buf[100]; +@@ -1036,7 +1037,7 @@ + debug("client_input_channel_open: ctype %s rchan %d win %d max %d", + ctype, rchan, rwindow, rmaxpack); + +- if (strcmp(ctype, "x11") == 0) { ++ if (strcmp(ctype, "x11") == 0 && options.forward_x11) { + int sock; + char *originator; + int originator_port; +@@ -1108,11 +1109,14 @@ + dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation); + dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); + dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open); +- dispatch_set(SSH_SMSG_AGENT_OPEN, &auth_input_open_request); + dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status); + dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data); + dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data); +- dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open); ++ ++ dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ? ++ &auth_input_open_request : NULL); ++ dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ? ++ &x11_input_open : NULL); + } + void + client_init_dispatch_15() |