From 08d4ca078763518ba377ac59a86a1580e6214c27 Mon Sep 17 00:00:00 2001 From: Ben Harris Date: Sun, 22 May 2016 22:57:25 +0100 Subject: [PATCH] More strictness in ssh_channel_msg(). Now it disconnects if the server sends SSH_MSG_CHANNEL_OPEN_CONFIRMATION or SSH_MSG_CHANNEL_OPEN_FAILURE for a channel that isn't half-open. Assertions in the SSH-2 handlers for these messages rely on this behaviour even though it's never been enforced before. --- ssh.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ssh.c b/ssh.c index eea17d01..e2b2d0e3 100644 --- a/ssh.c +++ b/ssh.c @@ -7986,10 +7986,12 @@ static struct ssh_channel *ssh_channel_msg(Ssh ssh, struct Packet *pktin) halfopen_ok = (pktin->type == SSH2_MSG_CHANNEL_OPEN_CONFIRMATION || pktin->type == SSH2_MSG_CHANNEL_OPEN_FAILURE); c = find234(ssh->channels, &localid, ssh_channelfind); - if (!c || (c->type != CHAN_SHARING && c->halfopen && !halfopen_ok)) { + if (!c || (c->type != CHAN_SHARING && (c->halfopen != halfopen_ok))) { char *buf = dupprintf("Received %s for %s channel %u", ssh_pkt_type(ssh, pktin->type), - c ? "half-open" : "nonexistent", localid); + !c ? "nonexistent" : + c->halfopen ? "half-open" : "open", + localid); ssh_disconnect(ssh, NULL, buf, SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE); sfree(buf); return NULL;