From 100d82038d69581b72d61ea79acb559a97322110 Mon Sep 17 00:00:00 2001 From: green Date: Tue, 14 Nov 2000 03:51:53 +0000 Subject: Import a security fix: the client would allow a server to use its ssh-agent or X11 forwarding even if it was disabled. This is the vendor fix provided, not an actual revision of clientloop.c. Submitted by: Markus Friedl via kris --- crypto/openssh/clientloop.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'crypto') diff --git a/crypto/openssh/clientloop.c b/crypto/openssh/clientloop.c index 4f5c39c..4a10b98 100644 --- a/crypto/openssh/clientloop.c +++ b/crypto/openssh/clientloop.c @@ -75,6 +75,8 @@ RCSID("$OpenBSD: clientloop.c,v 1.34 2000/09/07 20:40:30 markus Exp $"); #include "buffer.h" #include "bufaux.h" +extern Options options; + /* Flag indicating that stdin should be redirected from /dev/null. */ extern int stdin_null_flag; @@ -793,7 +795,6 @@ simple_escape_filter(Channel *c, char *buf, int len) int client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) { - extern Options options; double start_time, total_time; int len; char buf[100]; @@ -1036,7 +1037,7 @@ client_input_channel_open(int type, int plen) debug("client_input_channel_open: ctype %s rchan %d win %d max %d", ctype, rchan, rwindow, rmaxpack); - if (strcmp(ctype, "x11") == 0) { + if (strcmp(ctype, "x11") == 0 && options.forward_x11) { int sock; char *originator; int originator_port; @@ -1108,11 +1109,14 @@ client_init_dispatch_13() dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation); dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open); - dispatch_set(SSH_SMSG_AGENT_OPEN, &auth_input_open_request); dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status); dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data); dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data); - dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open); + + dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ? + &auth_input_open_request : NULL); + dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ? + &x11_input_open : NULL); } void client_init_dispatch_15() -- cgit v1.1