openssh 5.0p1: Solaris - Failed to allocate internet-domain X11 display socket.

Ben Lindstrom mouring at eviladmin.org
Thu Jul 17 11:15:28 EST 2008 

Ermm...

Revision 1.273 / (download) - annotate - [select for diffs] , Wed Apr 2 
21:36:51 2008 UTC (3 months, 1 week ago) by markus
Branch: MAIN
Changes since 1.272: +1 -4 lines
Diff to previous 1.272 (colored)

avoid possible hijacking of x11-forwarded connections (back out 1.183)
CVE-2008-1483; ok djm@

--

Revision 1.183 / (download) - annotate - [select for diffs] , Tue Sep 17 
07:47:02 2002 UTC (5 years, 10 months ago) by itojun
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_2
Changes since 1.182: +5 -1 lines
Diff to previous 1.182 (colored)

don't quit while creating X11 listening socket.

http://mail-index.netbsd.org/current-users/2002/09/16/0005.html
got from portable.  markus ok

Removing it is the wrong solution... Not sure what the correct one, but I 
figured I'd post why it was removed.

- Ben




On Wed, 16 Jul 2008, Pieter Bowman wrote:

> On Solaris 10 (SPARC & x86), I'm seeing the following error:
>
> error: Failed to allocate internet-domain X11 display socket.
>
>
> I tracked this down to this code change between openssh 4.7p1 and
> 5.0p1:
>
> *** openssh-4.7p1/channels.c	Mon Jun 25 03:04:47 2007
> --- openssh-5.0p1/channels.c	Wed Apr  2 15:43:57 2008
> ***************
> *** 1,4 ****
> ! /* $OpenBSD: channels.c,v 1.270 2007/06/25 08:20:03 dtucker Exp $ */
>  /*
>   * Author: Tatu Ylonen <ylo at cs.hut.fi>
>   * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
> --- 1,4 ----
> ! /* $OpenBSD: channels.c,v 1.273 2008/04/02 21:36:51 markus Exp $ */
>  /*
>   * Author: Tatu Ylonen <ylo at cs.hut.fi>
>   * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
> ***************
> *** 2905,2913 ****
>  				debug2("bind port %d: %.100s", port, strerror(errno));
>  				close(sock);
>
> - 				if (ai->ai_next)
> - 					continue;
> -
>  				for (n = 0; n < num_socks; n++) {
>  					close(socks[n]);
>  				}
> --- 2906,2911 ----
>
>
> When those two lines are added back in, X11 forwarding is able to get
> a port bound.
>
> This is only the case on Solaris.  On Linux, *BSD, IRIX systems the
> current code works.
>
> Thanks for looking into this.
>
> Pieter
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>

More information about the openssh-unix-dev mailing list