[Bug 3730] Integer overflow when adding 6000 and display_number
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Dec 4 22:40:38 AEDT 2024
https://bugzilla.mindrot.org/show_bug.cgi?id=3730
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--- Comment #3 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Damien Miller from comment #1)
> > The display_number variable is read from a string containing the
> > value of the DISPLAY environment variable
>
> That is not correct. This code is used to *set* the DISPLAY
> environment variable. The starting value comes from the sshd_config
> X11DisplayOffset configuration option.
There's both.
x11_create_display_inet() uses X11DisplayOffset as a starting point to
figure out what port sshd(8) should try to bind to, after which it sets
$DISPLAY on the server side to point to that. This is constrained by
MAX_DISPLAYS (1000), but it's got to fit inside a 16-bit port number.
So in theory the admin could set X11DisplayOffset higher than the
16-bit port number.
x11_connect_display() does parse $DISPLAY to figure out where ssh(1)
should send the forwarded connections to.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list