diff --git a/clientloop.c b/clientloop.c index ad35cb7ba..8d312cdaa 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.317 2018/07/11 18:53:29 markus Exp $ */ +/* $OpenBSD: clientloop.c,v 1.318 2018/09/21 12:46:22 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -279,7 +279,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display, const char *xauth_path, u_int trusted, u_int timeout, char **_proto, char **_data) { - char cmd[1024], line[512], xdisplay[512]; + char *cmd, line[512], xdisplay[512]; char xauthfile[PATH_MAX], xauthdir[PATH_MAX]; static char proto[512], data[512]; FILE *f; @@ -343,19 +343,30 @@ client_x11_get_proto(struct ssh *ssh, const char *display, return -1; } - if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK) - x11_timeout_real = UINT_MAX; - else - x11_timeout_real = timeout + X11_TIMEOUT_SLACK; - if ((r = snprintf(cmd, sizeof(cmd), - "%s -f %s generate %s " SSH_X11_PROTO - " untrusted timeout %u 2>" _PATH_DEVNULL, - xauth_path, xauthfile, display, - x11_timeout_real)) < 0 || - (size_t)r >= sizeof(cmd)) - fatal("%s: cmd too long", __func__); + if (timeout == 0) { + /* auth doesn't time out */ + xasprintf(&cmd, "%s -f %s generate %s %s " + "untrusted 2>%s", + xauth_path, xauthfile, display, + SSH_X11_PROTO, _PATH_DEVNULL); + } else { + /* Add some slack to requested expiry */ + if (timeout < UINT_MAX - X11_TIMEOUT_SLACK) + x11_timeout_real = timeout + + X11_TIMEOUT_SLACK; + else { + /* Don't overflow on long timeouts */ + x11_timeout_real = UINT_MAX; + } + xasprintf(&cmd, "%s -f %s generate %s %s " + "untrusted timeout %u 2>%s", + xauth_path, xauthfile, display, + SSH_X11_PROTO, x11_timeout_real, + _PATH_DEVNULL); + } debug2("%s: %s", __func__, cmd); - if (x11_refuse_time == 0) { + + if (timeout != 0 && x11_refuse_time == 0) { now = monotime() + 1; if (UINT_MAX - timeout < now) x11_refuse_time = UINT_MAX; @@ -366,6 +377,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display, } if (system(cmd) == 0) generated = 1; + free(cmd); } /* @@ -374,7 +386,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display, * above. */ if (trusted || generated) { - snprintf(cmd, sizeof(cmd), + xasprintf(&cmd, "%s %s%s list %s 2>" _PATH_DEVNULL, xauth_path, generated ? "-f " : "" , @@ -387,6 +399,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display, got_data = 1; if (f) pclose(f); + free(cmd); } } diff --git a/ssh_config.5 b/ssh_config.5 index 2df1165f1..27136dbd6 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.284 2018/09/21 03:11:36 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.285 2018/09/21 12:46:22 djm Exp $ .Dd $Mdocdate: September 21 2018 $ .Dt SSH_CONFIG 5 .Os @@ -686,6 +686,10 @@ section of X11 connections received by .Xr ssh 1 after this time will be refused. +Setting +.Cm ForwardX11Timeout +to zero will disable the timeout and permit X11 forwarding for the life +of the connection. The default is to disable untrusted X11 forwarding after twenty minutes has elapsed. .It Cm ForwardX11Trusted