aboutsummaryrefslogtreecommitdiffstats
path: root/security/openssh
diff options
context:
space:
mode:
authorgreen <green@FreeBSD.org>2000-11-14 12:51:10 +0800
committergreen <green@FreeBSD.org>2000-11-14 12:51:10 +0800
commit23c4703be59c053e5f53e431645f6e7ef7150331 (patch)
treeae446491e6245fef09c234b8de327291f4a24906 /security/openssh
parente87d917fedd4c3f5ce1a4cb6d85a986dd01358c5 (diff)
downloadfreebsd-ports-gnome-23c4703be59c053e5f53e431645f6e7ef7150331.tar.gz
freebsd-ports-gnome-23c4703be59c053e5f53e431645f6e7ef7150331.tar.zst
freebsd-ports-gnome-23c4703be59c053e5f53e431645f6e7ef7150331.zip
Add the security fix for inability to actually deny ssh-agent or X11
forwarding requests.
Diffstat (limited to 'security/openssh')
-rw-r--r--security/openssh/files/patch-ap50
1 files changed, 50 insertions, 0 deletions
diff --git a/security/openssh/files/patch-ap b/security/openssh/files/patch-ap
new file mode 100644
index 000000000000..a5d51a23cafd
--- /dev/null
+++ b/security/openssh/files/patch-ap
@@ -0,0 +1,50 @@
+Index: clientloop.c
+===================================================================
+RCS file: /usr2/ncvs/src/crypto/openssh/clientloop.c,v
+retrieving revision 1.1.1.3
+diff -u -r1.1.1.3 clientloop.c
+--- clientloop.c 2000/09/10 08:29:25 1.1.1.3
++++ clientloop.c 2000/11/14 03:15:02
+@@ -75,6 +75,8 @@
+ #include "buffer.h"
+ #include "bufaux.h"
+
++extern Options options;
++
+ /* Flag indicating that stdin should be redirected from /dev/null. */
+ extern int stdin_null_flag;
+
+@@ -793,7 +795,6 @@
+ int
+ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
+ {
+- extern Options options;
+ double start_time, total_time;
+ int len;
+ char buf[100];
+@@ -1036,7 +1037,7 @@
+ debug("client_input_channel_open: ctype %s rchan %d win %d max %d",
+ ctype, rchan, rwindow, rmaxpack);
+
+- if (strcmp(ctype, "x11") == 0) {
++ if (strcmp(ctype, "x11") == 0 && options.forward_x11) {
+ int sock;
+ char *originator;
+ int originator_port;
+@@ -1108,11 +1109,14 @@
+ dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
+ dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
+ dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
+- dispatch_set(SSH_SMSG_AGENT_OPEN, &auth_input_open_request);
+ dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status);
+ dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data);
+ dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data);
+- dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open);
++
++ dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ?
++ &auth_input_open_request : NULL);
++ dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ?
++ &x11_input_open : NULL);
+ }
+ void
+ client_init_dispatch_15()