Mercurial > illumos > illumos-gate

changeset 3154:e5587862be29

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6490527 sshd dumps core when compiled with gcc 6493597 get rid of 'xauth: creating new authority file' message with 'ssh -X' 6494020 modifying a string literal in session_x11_req() coredumps sshd(1m) built with gcc
author jp161948
date Wed, 22 Nov 2006 09:57:47 -0800
parents 009bcec97912
children e810bcb04475
files usr/src/cmd/ssh/sshd/session.c
diffstat 1 files changed, 38 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/cmd/ssh/sshd/session.c	Wed Nov 22 08:04:27 2006 -0800
+++ b/usr/src/cmd/ssh/sshd/session.c	Wed Nov 22 09:57:47 2006 -0800
@@ -1038,7 +1038,8 @@
 static char **
 do_setup_env(Session *s, const char *shell)
 {
-	char buf[256], *path_maildir = _PATH_MAILDIR;
+	char buf[256];
+	char path_maildir[] = _PATH_MAILDIR;
 	u_int i, envsize, pm_len;
 	char **env;
 	struct passwd *pw = s->pw;
@@ -1850,8 +1851,8 @@
 static int
 session_x11_req(Session *s)
 {
-	int success;
-	char *xauthdir = "/tmp/ssh-xauth-XXXXXX";
+	int success, fd;
+	char xauthdir[] = "/tmp/ssh-xauth-XXXXXX";
 
 	s->single_connection = packet_get_char();
 	s->auth_proto = packet_get_string(NULL);
@@ -1872,23 +1873,47 @@
 	 * don't contend for one common file. The reason for this is that
 	 * xauth(1) locking doesn't work too well over network filesystems.
 	 *
-	 * If mkdtemp() fails then s->auth_file remains NULL which means that
-	 * we won't set XAUTHORITY variable in child's environment and
-	 * xauth(1) will use the default location for the authority file.
+	 * If mkdtemp() or open() fails then s->auth_file remains NULL which
+	 * means that we won't set XAUTHORITY variable in child's environment
+	 * and xauth(1) will use the default location for the authority file.
 	 */
 	if (success && mkdtemp(xauthdir) != NULL) {
 		s->auth_file = xmalloc(MAXPATHLEN);
 		snprintf(s->auth_file, MAXPATHLEN, "%s/xauthfile",
 		    xauthdir);
 		/*
-		 * add a cleanup function to remove the temporary
-		 * xauth file in case we call fatal() (e.g., the
-		 * connection gets closed).
+		 * we don't want that "creating new authority file" message to
+		 * be printed by xauth(1) so we must create that file
+		 * beforehand.
 		 */
-		fatal_add_cleanup(session_xauthfile_cleanup, (void *)s);
-	} else {
-		error("failed to create the temporary authority file, "
-		    "will use the default one");
+		if ((fd = open(s->auth_file, O_CREAT | O_EXCL | O_RDONLY,
+		    S_IRUSR | S_IWUSR)) == -1) {
+			error("failed to create the temporary X authority "
+			    "file %s: %.100s; will use the default one",
+			    s->auth_file, strerror(errno));
+			xfree(s->auth_file);
+			s->auth_file = NULL;
+			if (rmdir(xauthdir) == -1) {
+				error("cannot remove xauth directory %s: %.100s",
+				    xauthdir, strerror(errno));
+			}
+		} else {
+			close(fd);
+			debug("temporary X authority file %s created",
+			    s->auth_file);
+
+			/*
+			 * add a cleanup function to remove the temporary
+			 * xauth file in case we call fatal() (e.g., the
+			 * connection gets closed).
+			 */
+			fatal_add_cleanup(session_xauthfile_cleanup, (void *)s);
+		}
+	}
+	else {
+		error("failed to create a directory for the temporary X "
+		    "authority file: %.100s; will use the default xauth file",
+		    strerror(errno));
 	}
 
 	return success;