summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@cvs.openbsd.org>2019-11-27 05:38:44 +0000
committerDarren Tucker <dtucker@cvs.openbsd.org>2019-11-27 05:38:44 +0000
commit0d5c86f0b878c1a172e54fad1961e802bee99f09 (patch)
treeee4cace85bdc2fd75e09f6d140b73f80e99cda51 /usr.bin
parentf5f8ec536cc431cfa71e59d093a157227797d790 (diff)
Revert previous commit. The channels code still uses int in many places
for channel ids so the INT_MAX check still makes sense.
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/serverloop.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c
index 1e558c651a8..956083b2337 100644
--- a/usr.bin/ssh/serverloop.c
+++ b/usr.bin/ssh/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.217 2019/11/27 03:34:04 dtucker Exp $ */
+/* $OpenBSD: serverloop.c,v 1.218 2019/11/27 05:38:43 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -665,7 +665,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
char *ctype = NULL;
const char *errmsg = NULL;
int r, reason = SSH2_OPEN_CONNECT_FAILED;
- u_int32_t rchan = 0, rmaxpack = 0, rwindow = 0;
+ u_int rchan = 0, rmaxpack = 0, rwindow = 0;
if ((r = sshpkt_get_cstring(ssh, &ctype, NULL)) != 0 ||
(r = sshpkt_get_u32(ssh, &rchan)) != 0 ||
@@ -673,9 +673,11 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
(r = sshpkt_get_u32(ssh, &rmaxpack)) != 0)
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
debug("%s: ctype %s rchan %u win %u max %u", __func__,
- ctype, (u_int)rchan, (u_int)rwindow, (u_int)rmaxpack);
+ ctype, rchan, rwindow, rmaxpack);
- if (strcmp(ctype, "session") == 0) {
+ if (rchan > INT_MAX) {
+ error("%s: invalid remote channel ID", __func__);
+ } else if (strcmp(ctype, "session") == 0) {
c = server_request_session(ssh);
} else if (strcmp(ctype, "direct-tcpip") == 0) {
c = server_request_direct_tcpip(ssh, &reason, &errmsg);
@@ -686,7 +688,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
}
if (c != NULL) {
debug("%s: confirm %s", __func__, ctype);
- c->remote_id = rchan;
+ c->remote_id = (int)rchan;
c->have_remote_id = 1;
c->remote_window = rwindow;
c->remote_maxpacket = rmaxpack;