openssh/openssh-7.2p2-IPv6_X_forwarding.patch
Petr Cerny 6c861e0b33 Accepting request 433779 from home:pcerny:factory
- remaining patches that were still missing
  since the update to 7.2p2 (FATE#319675):
  [openssh-7.2p2-disable_openssl_abi_check.patch]
- fix forwarding with IPv6 addresses in DISPLAY (bnc#847710)
  [openssh-7.2p2-IPv6_X_forwarding.patch]
- ignore PAM environment when using login
  (bsc#975865, CVE-2015-8325)
  [openssh-7.2p2-ignore_PAM_with_UseLogin.patch]
- limit accepted password length (prevents possible DoS)
  (bsc#992533, CVE-2016-6515)
  [openssh-7.2p2-limit_password_length.patch]
- Prevent user enumeration through the timing of password
  processing (bsc#989363, CVE-2016-6210)
  [openssh-7.2p2-prevent_timing_user_enumeration.patch]
- Add auditing for PRNG re-seeding
  [openssh-7.2p2-audit_seed_prng.patch]

OBS-URL: https://build.opensuse.org/request/show/433779
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=113
2016-10-07 15:57:29 +00:00

73 lines
2.3 KiB
Diff

# HG changeset patch
# Parent 8c4cb20b9633595de68131224b2d434e8dc41e17
Correctly parse DISPLAY variable for cases where it contains an IPv6 address
(which should - but not always is - in (square) brackets).
bnc#847710 - https://bugzilla.novell.com/show_bug.cgi?id=847710
diff --git a/openssh-7.2p2/channels.c b/openssh-7.2p2/channels.c
--- a/openssh-7.2p2/channels.c
+++ b/openssh-7.2p2/channels.c
@@ -4049,18 +4049,19 @@ x11_connect_display(void)
/* OK, we now have a connection to the display. */
return sock;
}
#endif
/*
* Check if it is a unix domain socket. Unix domain displays are in
* one of the following formats: unix:d[.s], :d[.s], ::d[.s]
*/
+ cp = strrchr(display, ':');
if (strncmp(display, "unix:", 5) == 0 ||
- display[0] == ':') {
+ (display[0] == ':' && ((cp - display) < 2)) ) {
/* Connect to the unix domain socket. */
if (sscanf(strrchr(display, ':') + 1, "%u", &display_number) != 1) {
error("Could not parse display number from DISPLAY: %.100s",
display);
return -1;
}
/* Create a socket. */
sock = connect_local_xsocket(display_number);
@@ -4068,30 +4069,39 @@ x11_connect_display(void)
return -1;
/* OK, we now have a connection to the display. */
return sock;
}
/*
* Connect to an inet socket. The DISPLAY value is supposedly
* hostname:d[.s], where hostname may also be numeric IP address.
+ * Note that IPv6 numberic addresses contain colons (e.g. ::1:0)
*/
strlcpy(buf, display, sizeof(buf));
- cp = strchr(buf, ':');
+ cp = strrchr(buf, ':');
if (!cp) {
error("Could not find ':' in DISPLAY: %.100s", display);
return -1;
}
*cp = 0;
/* buf now contains the host name. But first we parse the display number. */
if (sscanf(cp + 1, "%u", &display_number) != 1) {
error("Could not parse display number from DISPLAY: %.100s",
display);
return -1;
}
+
+ /* Remove brackets surrounding IPv6 addresses if there are any. */
+ if (buf[0] == '[' && (cp = strchr(buf, ']'))) {
+ *cp = 0;
+ cp = buf + 1;
+ } else {
+ cp = buf;
+ }
/* Look up the host address */
memset(&hints, 0, sizeof(hints));
hints.ai_family = IPv4or6;
hints.ai_socktype = SOCK_STREAM;
snprintf(strport, sizeof strport, "%u", 6000 + display_number);
if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) {
error("%.100s: unknown host. (%s)", buf,