tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-29 00:34:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream commit

Browse Source 
sanitise characters destined for xauth reported by
 github.com/tintinweb feedback and ok deraadt and markus

Upstream-ID: 18ad8d0d74cbd2ea3306a16595a306ee356aa261
This commit is contained in:
djm@openbsd.org 2016-03-10 11:47:57 +00:00 committed by Damien Miller
parent 732b463d37
commit 4b4bfb01cd
1 changed files with 31 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
session.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: session.c,v 1.281 2016/03/07 19:02:43 djm Exp $ */ /* $OpenBSD: session.c,v 1.282 2016/03/10 11:47:57 djm Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -46,6 +46,7 @@
#include <arpa/inet.h> #include <arpa/inet.h>
#include <ctype.h>
#include <errno.h> #include <errno.h>
#include <fcntl.h> #include <fcntl.h>
#include <grp.h> #include <grp.h>
@ -274,6 +275,21 @@ do_authenticated(Authctxt *authctxt)
do_cleanup(authctxt); do_cleanup(authctxt);
} }
/* Check untrusted xauth strings for metacharacters */
static int
xauth_valid_string(const char *s)
{
size_t i;
for (i = 0; s[i] != '\0'; i++) {
if (!isalnum((u_char)s[i]) &&
s[i] != '.' && s[i] != ':' && s[i] != '/' &&
s[i] != '-' && s[i] != '_')
return 0;
}
return 1;
}
/* /*
* Prepares for an interactive session. This is called after the user has * Prepares for an interactive session. This is called after the user has
* been successfully authenticated. During this message exchange, pseudo * been successfully authenticated. During this message exchange, pseudo
@ -347,7 +363,13 @@ do_authenticated1(Authctxt *authctxt)
s->screen = 0; s->screen = 0;
} }
packet_check_eom(); packet_check_eom();
success = session_setup_x11fwd(s); if (xauth_valid_string(s->auth_proto) &&
xauth_valid_string(s->auth_data))
success = session_setup_x11fwd(s);
else {
success = 0;
error("Invalid X11 forwarding data");
}
if (!success) { if (!success) {
free(s->auth_proto); free(s->auth_proto);
free(s->auth_data); free(s->auth_data);
@ -2184,7 +2206,13 @@ session_x11_req(Session *s)
s->screen = packet_get_int(); s->screen = packet_get_int();
packet_check_eom(); packet_check_eom();
success = session_setup_x11fwd(s); if (xauth_valid_string(s->auth_proto) &&
xauth_valid_string(s->auth_data))
success = session_setup_x11fwd(s);
else {
success = 0;
error("Invalid X11 forwarding data");
}
if (!success) { if (!success) {
free(s->auth_proto); free(s->auth_proto);
free(s->auth_data); free(s->auth_data);