diff options
| author | Brian Feldman <green@FreeBSD.org> | 2000-11-14 04:51:10 +0000 |
|---|---|---|
| committer | Brian Feldman <green@FreeBSD.org> | 2000-11-14 04:51:10 +0000 |
| commit | 287b0cc0f06fdf058b77ecac50e17bfd63d42636 (patch) | |
| tree | 54d0e78d300d0b60c51adea7b0929238b6a91693 /security | |
| parent | Change "math" to "${PERL_ARCH}" so these will work for perl version < 5.6.0. (diff) | |
Add the security fix for inability to actually deny ssh-agent or X11
forwarding requests.
Notes
Notes:
svn path=/head/; revision=35126
Diffstat (limited to 'security')
| -rw-r--r-- | security/openssh/files/patch-ap | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/security/openssh/files/patch-ap b/security/openssh/files/patch-ap new file mode 100644 index 000000000000..a5d51a23cafd --- /dev/null +++ b/security/openssh/files/patch-ap @@ -0,0 +1,50 @@ +Index: clientloop.c +=================================================================== +RCS file: /usr2/ncvs/src/crypto/openssh/clientloop.c,v +retrieving revision 1.1.1.3 +diff -u -r1.1.1.3 clientloop.c +--- clientloop.c 2000/09/10 08:29:25 1.1.1.3 ++++ clientloop.c 2000/11/14 03:15:02 +@@ -75,6 +75,8 @@ + #include "buffer.h" + #include "bufaux.h" + ++extern Options options; ++ + /* Flag indicating that stdin should be redirected from /dev/null. */ + extern int stdin_null_flag; + +@@ -793,7 +795,6 @@ + int + client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) + { +- extern Options options; + double start_time, total_time; + int len; + char buf[100]; +@@ -1036,7 +1037,7 @@ + debug("client_input_channel_open: ctype %s rchan %d win %d max %d", + ctype, rchan, rwindow, rmaxpack); + +- if (strcmp(ctype, "x11") == 0) { ++ if (strcmp(ctype, "x11") == 0 && options.forward_x11) { + int sock; + char *originator; + int originator_port; +@@ -1108,11 +1109,14 @@ + dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation); + dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); + dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open); +- dispatch_set(SSH_SMSG_AGENT_OPEN, &auth_input_open_request); + dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status); + dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data); + dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data); +- dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open); ++ ++ dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ? ++ &auth_input_open_request : NULL); ++ dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ? ++ &x11_input_open : NULL); + } + void + client_init_dispatch_15() |