upstream: Allow ssh_config ForwardX11Timeout=0 to disable the

timeout and allow X11 connections in untrusted mode indefinitely. ok dtucker@ OpenBSD-Commit-ID: ea1ceed3f540b48e5803f933e59a03b20db10c69
2018-09-21 12:46:22 +00:00 · 2018-09-21 12:46:22 +00:00 · b5e412a899
parent cb24d9fcc9
commit b5e412a899
2 changed files with 33 additions and 16 deletions
--- a/clientloop.c
+++ b/clientloop.c
@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.317 2018/07/11 18:53:29 markus Exp $ */
+/* $OpenBSD: clientloop.c,v 1.318 2018/09/21 12:46:22 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -279,7 +279,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
    const char *xauth_path, u_int trusted, u_int timeout,
    char **_proto, char **_data)
 {
-	char cmd[1024], line[512], xdisplay[512];
+	char *cmd, line[512], xdisplay[512];
 	char xauthfile[PATH_MAX], xauthdir[PATH_MAX];
 	static char proto[512], data[512];
 	FILE *f;
@ -343,19 +343,30 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
 				return -1;
 			}
-			if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK)
+			if (timeout == 0) {
-				x11_timeout_real = UINT_MAX;
+				/* auth doesn't time out */
-			else
+				xasprintf(&cmd, "%s -f %s generate %s %s "
-				x11_timeout_real = timeout + X11_TIMEOUT_SLACK;
+				    "untrusted 2>%s",
 			if ((r = snprintf(cmd, sizeof(cmd),
 			    "%s -f %s generate %s " SSH_X11_PROTO
 			    " untrusted timeout %u 2>" _PATH_DEVNULL,
 				    xauth_path, xauthfile, display,
-			    x11_timeout_real)) < 0 ||
+				    SSH_X11_PROTO, _PATH_DEVNULL);
-			    (size_t)r >= sizeof(cmd))
+			} else {
-				fatal("%s: cmd too long", __func__);
+				/* Add some slack to requested expiry */
 				if (timeout < UINT_MAX - X11_TIMEOUT_SLACK)
 					x11_timeout_real = timeout +
 					    X11_TIMEOUT_SLACK;
 				else {
 					/* Don't overflow on long timeouts */
 					x11_timeout_real = UINT_MAX;
 				}
 				xasprintf(&cmd, "%s -f %s generate %s %s "
 				    "untrusted timeout %u 2>%s",
 				    xauth_path, xauthfile, display,
 				    SSH_X11_PROTO, x11_timeout_real,
 				    _PATH_DEVNULL);
 			}
 			debug2("%s: %s", __func__, cmd);
-			if (x11_refuse_time == 0) {
+
 			if (timeout != 0 && x11_refuse_time == 0) {
 				now = monotime() + 1;
 				if (UINT_MAX - timeout < now)
 					x11_refuse_time = UINT_MAX;
@ -366,6 +377,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
 			}
 			if (system(cmd) == 0)
 				generated = 1;
 			free(cmd);
 		}
 		/*
@ -374,7 +386,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
 		 * above.
 		 */
 		if (trusted || generated) {
-			snprintf(cmd, sizeof(cmd),
+			xasprintf(&cmd,
 			    "%s %s%s list %s 2>" _PATH_DEVNULL,
 			    xauth_path,
 			    generated ? "-f " : "" ,
@ -387,6 +399,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
 				got_data = 1;
 			if (f)
 				pclose(f);
 			free(cmd);
 		}
 	}
--- a/ssh_config.5
+++ b/ssh_config.5
@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.284 2018/09/21 03:11:36 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.285 2018/09/21 12:46:22 djm Exp $
 .Dd $Mdocdate: September 21 2018 $
 .Dt SSH_CONFIG 5
 .Os
@ -686,6 +686,10 @@ section of
 X11 connections received by
 .Xr ssh 1
 after this time will be refused.
 Setting
 .Cm ForwardX11Timeout
 to zero will disable the timeout and permit X11 forwarding for the life
 of the connection.
 The default is to disable untrusted X11 forwarding after twenty minutes has
 elapsed.
 .It Cm ForwardX11Trusted