nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-02-04 14:12:24 +00:00
Code Issues Projects Releases Wiki Activity

Fix bugtraq 1949: server could open an agent forwarding channel even

Browse Source 
if agent forwarding had not been negotiated on, and more
particularly even if it had been deliberately disabled by the user.

[originally from svn r814]
This commit is contained in:
Simon Tatham 2000-12-02 11:43:25 +00:00
parent b9c07ac266
commit 6bdd92be5f
1 changed files with 32 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
ssh.c
View File

@ -237,6 +237,7 @@ static Socket s = NULL;
static unsigned char session_key[32]; static unsigned char session_key[32];
static int ssh1_compressing; static int ssh1_compressing;
static int ssh_agentfwd_enabled;
static const struct ssh_cipher *cipher = NULL; static const struct ssh_cipher *cipher = NULL;
static const struct ssh_cipher *cscipher = NULL; static const struct ssh_cipher *cscipher = NULL;
static const struct ssh_cipher *sccipher = NULL; static const struct ssh_cipher *sccipher = NULL;
@ -1024,6 +1025,7 @@ static int do_ssh_init(unsigned char c) {
break; break;
} }
ssh_agentfwd_enabled = FALSE;
rdpkt2_state.incoming_sequence = 0; rdpkt2_state.incoming_sequence = 0;
*vsp = 0; *vsp = 0;
@ -1732,8 +1734,10 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) {
crReturnV; crReturnV;
} else if (pktin.type == SSH1_SMSG_FAILURE) { } else if (pktin.type == SSH1_SMSG_FAILURE) {
logevent("Agent forwarding refused"); logevent("Agent forwarding refused");
} else } else {
logevent("Agent forwarding enabled"); logevent("Agent forwarding enabled");
ssh_agentfwd_enabled = TRUE;
}
} }
if (!cfg.nopty) { if (!cfg.nopty) {
@ -1797,9 +1801,17 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) {
} else if (pktin.type == SSH1_SMSG_AGENT_OPEN) { } else if (pktin.type == SSH1_SMSG_AGENT_OPEN) {
/* Remote side is trying to open a channel to talk to our /* Remote side is trying to open a channel to talk to our
* agent. Give them back a local channel number. */ * agent. Give them back a local channel number. */
unsigned i = 1; unsigned i;
struct ssh_channel *c; struct ssh_channel *c;
enum234 e; enum234 e;
/* Refuse if agent forwarding is disabled. */
if (!ssh_agentfwd_enabled) {
send_packet(SSH1_MSG_CHANNEL_OPEN_FAILURE,
PKT_INT, GET_32BIT(pktin.body),
PKT_END);
} else {
i = 1;
for (c = first234(ssh_channels, &e); c; c = next234(&e)) { for (c = first234(ssh_channels, &e); c; c = next234(&e)) {
if (c->localid > i) if (c->localid > i)
break; /* found a free number */ break; /* found a free number */
@ -1809,12 +1821,13 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) {
c->remoteid = GET_32BIT(pktin.body); c->remoteid = GET_32BIT(pktin.body);
c->localid = i; c->localid = i;
c->closes = 0; c->closes = 0;
c->type = SSH1_SMSG_AGENT_OPEN; /* identify channel type */ c->type = SSH1_SMSG_AGENT_OPEN;/* identify channel type */
c->u.a.lensofar = 0; c->u.a.lensofar = 0;
add234(ssh_channels, c); add234(ssh_channels, c);
send_packet(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION, send_packet(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
PKT_INT, c->remoteid, PKT_INT, c->localid, PKT_INT, c->remoteid, PKT_INT, c->localid,
PKT_END); PKT_END);
}
} else if (pktin.type == SSH1_MSG_CHANNEL_CLOSE || } else if (pktin.type == SSH1_MSG_CHANNEL_CLOSE ||
pktin.type == SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION) { pktin.type == SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION) {
/* Remote side closes a channel. */ /* Remote side closes a channel. */