OpenSSH 2.9p2 / SSH3 vulnerability?
Lutz Jaenicke
Lutz.Jaenicke at aet.TU-Cottbus.DE
Wed Aug 22 01:55:24 EST 2001
On Tue, Aug 21, 2001 at 10:32:55AM -0500, mouring at etoh.eviladmin.org wrote:
> Can't say for sure.=) When ever I do I get corrected by Theo and Markus,
> but a release is 'Coming'... I know Markus would like a release before
> Sept.
>
> Unless Damien has any quarms I was going to call for people to
> start testing in the next day or so (if I can catch my breath from other
> projects).
That reminds me that the
"connection does not close with agent-forwarding on some platforms"
patch I posted quite some time ago still did not lead to any reponse
on the list. I tested it on HP-UX, people on other platforms with the
same problem should test and report about success, so that it will
hopefully be added to the release!
I will attach the same patch (worked out between Markus and me) again...
Lutz
--
Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
-------------- next part --------------
diff -r -u newsoft/openssh_cvs/channels.c n2/openssh/channels.c
--- newsoft/openssh_cvs/channels.c Thu Jul 19 18:03:32 2001
+++ n2/openssh/channels.c Wed Jul 25 18:09:44 2001
@@ -260,6 +260,7 @@
c->cb_fn = NULL;
c->cb_arg = NULL;
c->cb_event = 0;
+ c->force_drain = 0;
c->detach_user = NULL;
c->input_filter = NULL;
debug("channel %d: new [%s]", found, remote_name);
@@ -1031,6 +1032,7 @@
xfree(remote_ipaddr);
return;
}
+ nc->force_drain = 0;
if (compat20) {
packet_start(SSH2_MSG_CHANNEL_OPEN);
packet_put_cstring("x11");
@@ -1185,6 +1187,7 @@
xfree(name);
close(newsock);
}
+ nc->force_drain = 0;
if (compat20) {
packet_start(SSH2_MSG_CHANNEL_OPEN);
packet_put_cstring("auth-agent at openssh.com");
@@ -1781,6 +1784,13 @@
if (c == NULL)
packet_disconnect("Received ieof for nonexistent channel %d.", id);
chan_rcvd_ieof(c);
+
+ /* XXX force input close */
+ if (c->force_drain) {
+ debug2("channel %d: XXX FORCE input drain", c->self);
+ c->istate = CHAN_INPUT_WAIT_DRAIN;
+ }
+
}
void
@@ -2669,6 +2679,7 @@
close(sock);
} else {
c->remote_id = remote_id;
+ c->force_drain = 1;
}
}
if (c == NULL) {
@@ -2931,6 +2942,7 @@
close(sock);
} else {
c->remote_id = remote_id;
+ c->force_drain = 1;
}
}
if (c == NULL) {
diff -r -u newsoft/openssh_cvs/channels.h n2/openssh/channels.h
--- newsoft/openssh_cvs/channels.h Thu Jul 19 18:03:33 2001
+++ n2/openssh/channels.h Thu Jul 19 18:31:56 2001
@@ -77,6 +77,7 @@
int efd; /* extended fd */
int sock; /* sock fd */
int isatty; /* rfd is a tty */
+ int force_drain; /* force close on iEOF */
Buffer input; /* data read from socket, to be sent over
* encrypted connection */
Buffer output; /* data received over encrypted connection for
diff -r -u newsoft/openssh_cvs/clientloop.c n2/openssh/clientloop.c
--- newsoft/openssh_cvs/clientloop.c Thu Jul 19 18:03:33 2001
+++ n2/openssh/clientloop.c Thu Jul 19 19:24:27 2001
@@ -1111,6 +1111,7 @@
error("client_request_x11: channel_new failed");
close(sock);
}
+ c->force_drain = 1;
return c;
}
@@ -1136,6 +1137,7 @@
error("client_request_agent: channel_new failed");
close(sock);
}
+ c->force_drain = 1;
return c;
}
More information about the openssh-unix-dev
mailing list