diff options
Diffstat (limited to 'crypto/openssh/ssh-agent.c')
| -rw-r--r-- | crypto/openssh/ssh-agent.c | 60 |
1 files changed, 36 insertions, 24 deletions
diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c index ac16bae40aa5..cca720ee2717 100644 --- a/crypto/openssh/ssh-agent.c +++ b/crypto/openssh/ssh-agent.c @@ -34,8 +34,8 @@ */ #include "includes.h" -#include "openbsd-compat/fake-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.97 2002/06/24 14:55:38 markus Exp $"); +#include "openbsd-compat/sys-queue.h" +RCSID("$OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $"); #include <openssl/evp.h> #include <openssl/md5.h> @@ -107,6 +107,17 @@ char *__progname; #endif static void +close_socket(SocketEntry *e) +{ + close(e->fd); + e->fd = -1; + e->type = AUTH_UNUSED; + buffer_free(&e->input); + buffer_free(&e->output); + buffer_free(&e->request); +} + +static void idtab_init(void) { int i; @@ -617,13 +628,7 @@ process_message(SocketEntry *e) cp = buffer_ptr(&e->input); msg_len = GET_32BIT(cp); if (msg_len > 256 * 1024) { - shutdown(e->fd, SHUT_RDWR); - close(e->fd); - e->fd = -1; - e->type = AUTH_UNUSED; - buffer_free(&e->input); - buffer_free(&e->output); - buffer_free(&e->request); + close_socket(e); return; } if (buffer_len(&e->input) < msg_len + 4) @@ -805,6 +810,8 @@ after_select(fd_set *readset, fd_set *writeset) char buf[1024]; int len, sock; u_int i; + uid_t euid; + gid_t egid; for (i = 0; i < sockets_alloc; i++) switch (sockets[i].type) { @@ -820,6 +827,19 @@ after_select(fd_set *readset, fd_set *writeset) strerror(errno)); break; } + if (getpeereid(sock, &euid, &egid) < 0) { + error("getpeereid %d failed: %s", + sock, strerror(errno)); + close(sock); + break; + } + if ((euid != 0) && (getuid() != euid)) { + error("uid mismatch: " + "peer euid %u != uid %u", + (u_int) euid, (u_int) getuid()); + close(sock); + break; + } new_socket(AUTH_CONNECTION, sock); } break; @@ -836,13 +856,7 @@ after_select(fd_set *readset, fd_set *writeset) break; } while (1); if (len <= 0) { - shutdown(sockets[i].fd, SHUT_RDWR); - close(sockets[i].fd); - sockets[i].fd = -1; - sockets[i].type = AUTH_UNUSED; - buffer_free(&sockets[i].input); - buffer_free(&sockets[i].output); - buffer_free(&sockets[i].request); + close_socket(&sockets[i]); break; } buffer_consume(&sockets[i].output, len); @@ -856,13 +870,7 @@ after_select(fd_set *readset, fd_set *writeset) break; } while (1); if (len <= 0) { - shutdown(sockets[i].fd, SHUT_RDWR); - close(sockets[i].fd); - sockets[i].fd = -1; - sockets[i].type = AUTH_UNUSED; - buffer_free(&sockets[i].input); - buffer_free(&sockets[i].output); - buffer_free(&sockets[i].request); + close_socket(&sockets[i]); break; } buffer_append(&sockets[i].input, buf, len); @@ -943,6 +951,10 @@ main(int ac, char **av) pid_t pid; char pidstrbuf[1 + 3 * sizeof pid]; + /* drop */ + setegid(getgid()); + setgid(getgid()); + SSLeay_add_all_algorithms(); __progname = get_progname(av[0]); @@ -1052,7 +1064,7 @@ main(int ac, char **av) #ifdef HAVE_CYGWIN umask(prev_mask); #endif - if (listen(sock, 5) < 0) { + if (listen(sock, 128) < 0) { perror("listen"); cleanup_exit(1); } |