summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordtucker@openbsd.org <dtucker@openbsd.org>2024-12-05 07:49:26 +0100
committerDarren Tucker <dtucker@dtucker.net>2024-12-05 09:13:45 +0100
commitd0ac63d0f8b5f778d5fd326701ef4489bc27635e (patch)
tree966c2c7936f505041d8c8d85656b5949f7ad4438
parentupstream: Prevent integer overflow in x11 port handling. These are (diff)
downloadopenssh-d0ac63d0f8b5f778d5fd326701ef4489bc27635e.tar.xz
openssh-d0ac63d0f8b5f778d5fd326701ef4489bc27635e.zip
upstream: De-magic the x11 base port number into a define. ok djm@
OpenBSD-Commit-ID: 23b85ca9d222cb739b9c33ee5e4d6ac9fdeecbfa
-rw-r--r--channels.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/channels.c b/channels.c
index 1a95301e7..bfe2e3b2d 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.441 2024/12/05 06:47:00 dtucker Exp $ */
+/* $OpenBSD: channels.c,v 1.442 2024/12/05 06:49:26 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -94,6 +94,8 @@
#define NUM_SOCKS 10
/* -- X11 forwarding */
+/* X11 port for display :0 */
+#define X11_BASE_PORT 6000
/* Maximum number of fake X11 displays to try. */
#define MAX_DISPLAYS 1000
@@ -5004,13 +5006,13 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset,
int gaierr, n, num_socks = 0, socks[NUM_SOCKS];
if (chanids == NULL || x11_display_offset < 0 ||
- x11_display_offset > UINT16_MAX - 6000 - MAX_DISPLAYS)
+ x11_display_offset > UINT16_MAX - X11_BASE_PORT - MAX_DISPLAYS)
return -1;
for (display_number = x11_display_offset;
display_number < MAX_DISPLAYS;
display_number++) {
- port = 6000 + display_number;
+ port = X11_BASE_PORT + display_number;
memset(&hints, 0, sizeof(hints));
hints.ai_family = ssh->chanctxt->IPv4or6;
hints.ai_flags = x11_use_localhost ? 0: AI_PASSIVE;
@@ -5227,7 +5229,7 @@ x11_connect_display(struct ssh *ssh)
* display number.
*/
if (sscanf(cp + 1, "%u", &display_number) != 1 ||
- display_number > UINT16_MAX - 6000) {
+ display_number > UINT16_MAX - X11_BASE_PORT) {
error("Could not parse display number from DISPLAY: %.100s",
display);
return -1;
@@ -5237,7 +5239,7 @@ x11_connect_display(struct ssh *ssh)
memset(&hints, 0, sizeof(hints));
hints.ai_family = ssh->chanctxt->IPv4or6;
hints.ai_socktype = SOCK_STREAM;
- snprintf(strport, sizeof strport, "%u", 6000 + display_number);
+ snprintf(strport, sizeof strport, "%u", X11_BASE_PORT + display_number);
if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) {
error("%.100s: unknown host. (%s)", buf,
ssh_gai_strerror(gaierr));
@@ -5253,7 +5255,7 @@ x11_connect_display(struct ssh *ssh)
/* Connect it to the display. */
if (connect(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
debug2("connect %.100s port %u: %.100s", buf,
- 6000 + display_number, strerror(errno));
+ X11_BASE_PORT + display_number, strerror(errno));
close(sock);
continue;
}
@@ -5263,7 +5265,7 @@ x11_connect_display(struct ssh *ssh)
freeaddrinfo(aitop);
if (!ai) {
error("connect %.100s port %u: %.100s", buf,
- 6000 + display_number, strerror(errno));
+ X11_BASE_PORT + display_number, strerror(errno));
return -1;
}
set_nodelay(sock);