diff options
author | dtucker@openbsd.org <dtucker@openbsd.org> | 2024-12-05 07:49:26 +0100 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2024-12-05 09:13:45 +0100 |
commit | d0ac63d0f8b5f778d5fd326701ef4489bc27635e (patch) | |
tree | 966c2c7936f505041d8c8d85656b5949f7ad4438 | |
parent | upstream: Prevent integer overflow in x11 port handling. These are (diff) | |
download | openssh-d0ac63d0f8b5f778d5fd326701ef4489bc27635e.tar.xz openssh-d0ac63d0f8b5f778d5fd326701ef4489bc27635e.zip |
upstream: De-magic the x11 base port number into a define. ok djm@
OpenBSD-Commit-ID: 23b85ca9d222cb739b9c33ee5e4d6ac9fdeecbfa
-rw-r--r-- | channels.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/channels.c b/channels.c index 1a95301e7..bfe2e3b2d 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.441 2024/12/05 06:47:00 dtucker Exp $ */ +/* $OpenBSD: channels.c,v 1.442 2024/12/05 06:49:26 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -94,6 +94,8 @@ #define NUM_SOCKS 10 /* -- X11 forwarding */ +/* X11 port for display :0 */ +#define X11_BASE_PORT 6000 /* Maximum number of fake X11 displays to try. */ #define MAX_DISPLAYS 1000 @@ -5004,13 +5006,13 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset, int gaierr, n, num_socks = 0, socks[NUM_SOCKS]; if (chanids == NULL || x11_display_offset < 0 || - x11_display_offset > UINT16_MAX - 6000 - MAX_DISPLAYS) + x11_display_offset > UINT16_MAX - X11_BASE_PORT - MAX_DISPLAYS) return -1; for (display_number = x11_display_offset; display_number < MAX_DISPLAYS; display_number++) { - port = 6000 + display_number; + port = X11_BASE_PORT + display_number; memset(&hints, 0, sizeof(hints)); hints.ai_family = ssh->chanctxt->IPv4or6; hints.ai_flags = x11_use_localhost ? 0: AI_PASSIVE; @@ -5227,7 +5229,7 @@ x11_connect_display(struct ssh *ssh) * display number. */ if (sscanf(cp + 1, "%u", &display_number) != 1 || - display_number > UINT16_MAX - 6000) { + display_number > UINT16_MAX - X11_BASE_PORT) { error("Could not parse display number from DISPLAY: %.100s", display); return -1; @@ -5237,7 +5239,7 @@ x11_connect_display(struct ssh *ssh) memset(&hints, 0, sizeof(hints)); hints.ai_family = ssh->chanctxt->IPv4or6; hints.ai_socktype = SOCK_STREAM; - snprintf(strport, sizeof strport, "%u", 6000 + display_number); + snprintf(strport, sizeof strport, "%u", X11_BASE_PORT + display_number); if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) { error("%.100s: unknown host. (%s)", buf, ssh_gai_strerror(gaierr)); @@ -5253,7 +5255,7 @@ x11_connect_display(struct ssh *ssh) /* Connect it to the display. */ if (connect(sock, ai->ai_addr, ai->ai_addrlen) == -1) { debug2("connect %.100s port %u: %.100s", buf, - 6000 + display_number, strerror(errno)); + X11_BASE_PORT + display_number, strerror(errno)); close(sock); continue; } @@ -5263,7 +5265,7 @@ x11_connect_display(struct ssh *ssh) freeaddrinfo(aitop); if (!ai) { error("connect %.100s port %u: %.100s", buf, - 6000 + display_number, strerror(errno)); + X11_BASE_PORT + display_number, strerror(errno)); return -1; } set_nodelay(sock); |