From 279b0fa809e30e3a007bbc4b2adb1ccbd4d4a87a Mon Sep 17 00:00:00 2001
From: des <des@FreeBSD.org>
Date: Tue, 29 Oct 2002 10:16:02 +0000
Subject: Resolve conflicts.

---
 crypto/openssh/sshd.c | 93 +++++++++++++++++++++++++++------------------------
 1 file changed, 50 insertions(+), 43 deletions(-)

(limited to 'crypto/openssh/sshd.c')

diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c
index a181878..4a8e4cc 100644
--- a/crypto/openssh/sshd.c
+++ b/crypto/openssh/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.260 2002/09/27 10:42:09 mickey Exp $");
 RCSID("$FreeBSD$");
 
 #include <openssl/dh.h>
@@ -304,11 +304,8 @@ grace_alarm_handler(int sig)
 {
 	/* XXX no idea how fix this signal handler */
 
-	/* Close the connection. */
-	packet_close();
-
 	/* Log error and exit. */
-	fatal("Timeout before authentication for %s.", get_remote_ipaddr());
+	fatal("Timeout before authentication for %s", get_remote_ipaddr());
 }
 
 /*
@@ -321,7 +318,7 @@ grace_alarm_handler(int sig)
 static void
 generate_ephemeral_server_key(void)
 {
-	u_int32_t rand = 0;
+	u_int32_t rnd = 0;
 	int i;
 
 	verbose("Generating %s%d bit RSA key.",
@@ -334,9 +331,9 @@ generate_ephemeral_server_key(void)
 
 	for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
 		if (i % 4 == 0)
-			rand = arc4random();
-		sensitive_data.ssh1_cookie[i] = rand & 0xff;
-		rand >>= 8;
+			rnd = arc4random();
+		sensitive_data.ssh1_cookie[i] = rnd & 0xff;
+		rnd >>= 8;
 	}
 	arc4random_stir();
 }
@@ -428,6 +425,12 @@ sshd_exchange_identification(int sock_in, int sock_out)
 
 	compat_datafellows(remote_version);
 
+	if (datafellows & SSH_BUG_PROBE) {
+		log("probed from %s with %s.  Don't panic.",
+		    get_remote_ipaddr(), client_version_string);
+		fatal_cleanup();
+	}
+
 	if (datafellows & SSH_BUG_SCANNER) {
 		log("scanned from %s with %s.  Don't panic.",
 		    get_remote_ipaddr(), client_version_string);
@@ -530,8 +533,8 @@ demote_sensitive_data(void)
 static void
 privsep_preauth_child(void)
 {
-	u_int32_t rand[256];
-	gid_t gidset[2];
+	u_int32_t rnd[256];
+	gid_t gidset[1];
 	struct passwd *pw;
 	int i;
 
@@ -539,8 +542,8 @@ privsep_preauth_child(void)
 	privsep_challenge_enable();
 
 	for (i = 0; i < 256; i++)
-		rand[i] = arc4random();
-	RAND_seed(rand, sizeof(rand));
+		rnd[i] = arc4random();
+	RAND_seed(rnd, sizeof(rnd));
 
 	/* Demote the private keys to public keys. */
 	demote_sensitive_data();
@@ -551,7 +554,7 @@ privsep_preauth_child(void)
 	memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
 	endpwent();
 
-	/* Change our root directory*/
+	/* Change our root directory */
 	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
 		fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
 		    strerror(errno));
@@ -574,7 +577,7 @@ privsep_preauth_child(void)
 #endif
 }
 
-static Authctxt*
+static Authctxt *
 privsep_preauth(void)
 {
 	Authctxt *authctxt = NULL;
@@ -590,6 +593,8 @@ privsep_preauth(void)
 	if (pid == -1) {
 		fatal("fork of unprivileged child failed");
 	} else if (pid != 0) {
+		fatal_remove_cleanup((void (*) (void *)) packet_close, NULL);
+
 		debug2("Network child is on pid %ld", (long)pid);
 
 		close(pmonitor->m_recvfd);
@@ -603,6 +608,10 @@ privsep_preauth(void)
 		while (waitpid(pid, &status, 0) < 0)
 			if (errno != EINTR)
 				break;
+
+		/* Reinstall, since the child has finished */
+		fatal_add_cleanup((void (*) (void *)) packet_close, NULL);
+
 		return (authctxt);
 	} else {
 		/* child */
@@ -625,7 +634,7 @@ privsep_postauth(Authctxt *authctxt)
 	/* XXX - Remote port forwarding */
 	x_authctxt = authctxt;
 
-#ifdef BROKEN_FD_PASSING
+#ifdef DISABLE_FD_PASSING
 	if (1) {
 #else
 	if (authctxt->pw->pw_uid == 0 || options.use_login) {
@@ -650,6 +659,8 @@ privsep_postauth(Authctxt *authctxt)
 	if (pmonitor->m_pid == -1)
 		fatal("fork of unprivileged child failed");
 	else if (pmonitor->m_pid != 0) {
+		fatal_remove_cleanup((void (*) (void *)) packet_close, NULL);
+
 		debug2("User child is on pid %ld", (long)pmonitor->m_pid);
 		close(pmonitor->m_recvfd);
 		monitor_child_postauth(pmonitor);
@@ -802,7 +813,6 @@ main(int ac, char **av)
 	const char *remote_ip;
 	int remote_port;
 	FILE *f;
-	struct linger linger;
 	struct addrinfo *ai;
 	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
 	int listen_sock, maxfd;
@@ -907,6 +917,10 @@ main(int ac, char **av)
 			break;
 		case 'u':
 			utmp_len = atoi(optarg);
+			if (utmp_len > MAXHOSTNAMELEN) {
+				fprintf(stderr, "Invalid utmp length.\n");
+				exit(1);
+			}
 			break;
 		case 'o':
 			if (process_server_config_line(&options, optarg,
@@ -933,7 +947,7 @@ main(int ac, char **av)
 	    SYSLOG_FACILITY_AUTH : options.log_facility,
 	    !inetd_flag);
 
-#ifdef _CRAY
+#ifdef _UNICOS
 	/* Cray can define user privs drop all prives now!
 	 * Not needed on PRIV_SU systems!
 	 */
@@ -957,7 +971,8 @@ main(int ac, char **av)
 	debug("sshd version %.100s", SSH_VERSION);
 
 	/* load private host keys */
-	sensitive_data.host_keys = xmalloc(options.num_host_key_files*sizeof(Key*));
+	sensitive_data.host_keys = xmalloc(options.num_host_key_files *
+	    sizeof(Key *));
 	for (i = 0; i < options.num_host_key_files; i++)
 		sensitive_data.host_keys[i] = NULL;
 	sensitive_data.server_key = NULL;
@@ -1036,7 +1051,14 @@ main(int ac, char **av)
 		    (S_ISDIR(st.st_mode) == 0))
 			fatal("Missing privilege separation directory: %s",
 			    _PATH_PRIVSEP_CHROOT_DIR);
+
+#ifdef HAVE_CYGWIN
+		if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) &&
+		    (st.st_uid != getuid () ||
+		    (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
+#else
 		if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
+#endif
 			fatal("Bad owner or mode for %s",
 			    _PATH_PRIVSEP_CHROOT_DIR);
 	}
@@ -1136,17 +1158,12 @@ main(int ac, char **av)
 				continue;
 			}
 			/*
-			 * Set socket options.  We try to make the port
-			 * reusable and have it close as fast as possible
-			 * without waiting in unnecessary wait states on
-			 * close.
+			 * Set socket options.
+			 * Allow local port reuse in TIME_WAIT.
 			 */
-			setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR,
-			    &on, sizeof(on));
-			linger.l_onoff = 1;
-			linger.l_linger = 5;
-			setsockopt(listen_sock, SOL_SOCKET, SO_LINGER,
-			    &linger, sizeof(linger));
+			if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR,
+			    &on, sizeof(on)) == -1)
+				error("setsockopt SO_REUSEADDR: %s", strerror(errno));
 
 			debug("Bind to port %s on %s.", strport, ntop);
 
@@ -1395,16 +1412,6 @@ main(int ac, char **av)
 	signal(SIGCHLD, SIG_DFL);
 	signal(SIGINT, SIG_DFL);
 
-	/*
-	 * Set socket options for the connection.  We want the socket to
-	 * close as fast as possible without waiting for anything.  If the
-	 * connection is not a socket, these will do nothing.
-	 */
-	/* setsockopt(sock_in, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
-	linger.l_onoff = 1;
-	linger.l_linger = 5;
-	setsockopt(sock_in, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger));
-
 	/* Set keepalives if requested. */
 	if (options.keepalives &&
 	    setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on,
@@ -1592,7 +1599,7 @@ do_ssh1_kex(void)
 	u_char session_key[SSH_SESSION_KEY_LENGTH];
 	u_char cookie[8];
 	u_int cipher_type, auth_mask, protocol_flags;
-	u_int32_t rand = 0;
+	u_int32_t rnd = 0;
 
 	/*
 	 * Generate check bytes that the client must send back in the user
@@ -1605,9 +1612,9 @@ do_ssh1_kex(void)
 	 */
 	for (i = 0; i < 8; i++) {
 		if (i % 4 == 0)
-			rand = arc4random();
-		cookie[i] = rand & 0xff;
-		rand >>= 8;
+			rnd = arc4random();
+		cookie[i] = rnd & 0xff;
+		rnd >>= 8;
 	}
 
 	/*
-- 
cgit v1.1