openssh/openssh-7.2p2-hostname_changes_when_forwarding_X.patch

# HG changeset patch
# Parent  f7ba2081f120bd1e44dbe68737c898f078725aab
# -- uset do be called '-xauthlocalhostname'
handle hostname changes when forwarding X

bnc#98627

diff --git a/openssh-7.2p2/session.c b/openssh-7.2p2/session.c
--- a/openssh-7.2p2/session.c
+++ b/openssh-7.2p2/session.c
@@ -1154,17 +1154,17 @@ copy_environment(char **source, char ***
 		debug3("Copy environment: %s=%s", var_name, var_val);
 		child_set_env(env, envsize, var_name, var_val);
 
 		free(var_name);
 	}
 }
 
 static char **
-do_setup_env(Session *s, const char *shell)
+do_setup_env(Session *s, const char *shell, int *env_size)
 {
 	char buf[256];
 	u_int i, envsize;
 	char **env, *laddr;
 	struct passwd *pw = s->pw;
 #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
 	char *path = NULL;
 #endif
@@ -1341,25 +1341,27 @@ do_setup_env(Session *s, const char *she
 		read_environment_file(&env, &envsize, buf);
 	}
 	if (debug_flag) {
 		/* dump the environment */
 		fprintf(stderr, "Environment:\n");
 		for (i = 0; env[i]; i++)
 			fprintf(stderr, "  %.200s\n", env[i]);
 	}
+
+	*env_size = envsize;
 	return env;
 }
 
 /*
  * Run $HOME/.ssh/rc, /etc/ssh/sshrc, or xauth (whichever is found
  * first in this order).
  */
 static void
-do_rc_files(Session *s, const char *shell)
+do_rc_files(Session *s, const char *shell, char **env, int *env_size)
 {
 	FILE *f = NULL;
 	char cmd[1024];
 	int do_xauth;
 	struct stat st;
 
 	do_xauth =
 	    s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
@@ -1404,22 +1406,30 @@ do_rc_files(Session *s, const char *shel
 			    "%.500s add %.100s %.100s %.100s\n",
 			    options.xauth_location, s->auth_display,
 			    s->auth_proto, s->auth_data);
 		}
 		snprintf(cmd, sizeof cmd, "%s -q -",
 		    options.xauth_location);
 		f = popen(cmd, "w");
 		if (f) {
+			char hostname[MAXHOSTNAMELEN];
+		    
 			fprintf(f, "remove %s\n",
 			    s->auth_display);
 			fprintf(f, "add %s %s %s\n",
 			    s->auth_display, s->auth_proto,
 			    s->auth_data);
 			pclose(f);
+			if (gethostname(hostname,sizeof(hostname)) >= 0)
+			    child_set_env(&env,env_size,"XAUTHLOCALHOSTNAME",
+					  hostname);
+			else
+			    debug("Cannot set up XAUTHLOCALHOSTNAME %s\n",
+				  strerror(errno));
 		} else {
 			fprintf(stderr, "Could not run %s\n",
 			    cmd);
 		}
 	}
 }
 
 static void
@@ -1681,16 +1691,17 @@ child_close_fds(void)
  * ids, and executing the command or shell.
  */
 #define ARGV_MAX 10
 void
 do_child(Session *s, const char *command)
 {
 	extern char **environ;
 	char **env;
+	int env_size;
 	char *argv[ARGV_MAX];
 	const char *shell, *shell0, *hostname = NULL;
 	struct passwd *pw = s->pw;
 	int r = 0;
 
 	/* remove hostkey from the child's memory */
 	destroy_sensitive_data();
 
@@ -1747,17 +1758,17 @@ do_child(Session *s, const char *command
 	 * legal, and means /bin/sh.
 	 */
 	shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
 
 	/*
 	 * Make sure $SHELL points to the shell from the password file,
 	 * even if shell is overridden from login.conf
 	 */
-	env = do_setup_env(s, shell);
+	env = do_setup_env(s, shell, &env_size);
 
 #ifdef HAVE_LOGIN_CAP
 	shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
 #endif
 
 	/* we have to stash the hostname before we close our socket. */
 	if (options.use_login)
 		hostname = get_remote_name_or_ip(utmp_len,
@@ -1816,17 +1827,17 @@ do_child(Session *s, const char *command
 		}
 		if (r)
 			exit(1);
 	}
 
 	closefrom(STDERR_FILENO + 1);
 
 	if (!options.use_login)
-		do_rc_files(s, shell);
+		do_rc_files(s, shell, env, &env_size);
 
 	/* restore SIGPIPE for child */
 	signal(SIGPIPE, SIG_DFL);
 
 	if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
 		printf("This service allows sftp connections only.\n");
 		fflush(NULL);
 		exit(1);