As far as I know this patch has no security implications -- I don't
believe that allowing sshd to use get_local_name() (in canohost.c) on
a connected socket to determine it's own fqdn will allow a malicious
client (or router or dns server) to make it come to the wrong
conclusion. But please let me know if you think I'm wrong.
Please also let me know if you're just not interested :-)
This patch is against openssh-SNAP-20031030, and was tested on Solaris
8.
Watch for broken lines.
diff -u -r src.old/auth-krb5.c src/auth-krb5.c
--- src.old/auth-krb5.c Thu Oct 30 15:02:45 2003
+++ src/auth-krb5.c Thu Oct 30 15:02:44 2003
@@ -34,6 +34,7 @@
#include "ssh1.h"
#include "packet.h"
#include "xmalloc.h"
+#include "canohost.h"
#include "log.h"
#include "servconf.h"
#include "uidswap.h"
@@ -71,12 +72,23 @@
#endif
krb5_error_code problem;
krb5_ccache ccache = NULL;
+ char localname[MAXHOSTNAMELEN];
+ char *socketname;
if (authctxt->pw == NULL)
return (0);
temporarily_use_uid(authctxt->pw);
+ socketname = get_local_name(packet_get_connection_in());
+ if (socketname) {
+ strlcpy(localname, socketname, MAXHOSTNAMELEN);
+ xfree(socketname);
+ } else if (gethostname(localname, MAXHOSTNAMELEN)) {
+ problem = -1;
+ goto out;
+ }
+
problem = krb5_init(authctxt);
if (problem)
goto out;
@@ -123,7 +135,7 @@
if (problem)
goto out;
- problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL,
+ problem = krb5_sname_to_principal(authctxt->krb5_ctx, localname, NULL,
KRB5_NT_SRV_HST, &server);
if (problem)
goto out;
diff -u -r src.old/gss-genr.c src/gss-genr.c
--- src.old/gss-genr.c Thu Oct 30 15:02:46 2003
+++ src/gss-genr.c Thu Oct 30 15:02:44 2003
@@ -30,6 +30,7 @@
#include "xmalloc.h"
#include "bufaux.h"
+#include "canohost.h"
#include "compat.h"
#include "log.h"
#include "monitor_wrap.h"
@@ -226,9 +227,18 @@
OM_uint32 status;
char lname[MAXHOSTNAMELEN];
gss_OID_set oidset;
+ char *pname;
gss_create_empty_oid_set(&status, &oidset);
gss_add_oid_set_member(&status, ctx->oid, &oidset);
+
+ pname = get_local_name(packet_get_connection_in());
+ if (pname) {
+ strlcpy(lname, pname, MAXHOSTNAMELEN);
+ xfree(pname);
+ } else if (gethostname(lname, MAXHOSTNAMELEN)) {
+ return (-1);
+ }
if (gethostname(lname, MAXHOSTNAMELEN))
return (-1);
diff -u -r src.old/session.c src/session.c
--- src.old/session.c Thu Oct 30 15:02:46 2003
+++ src/session.c Thu Oct 30 15:02:44 2003
@@ -2060,6 +2060,7 @@
struct stat st;
char display[512], auth_display[512];
char hostname[MAXHOSTNAMELEN];
+ char *pname;
if (no_x11_forwarding_flag) {
packet_send_debug("X11 forwarding disabled in user configuration
file.");
@@ -2091,8 +2092,13 @@
}
/* Set up a suitable value for the DISPLAY variable. */
- if (gethostname(hostname, sizeof(hostname)) < 0)
+ pname = get_local_name(packet_get_connection_in());
+ if (pname) {
+ strlcpy(hostname, pname, sizeof(hostname));
+ xfree(pname);
+ } else if (gethostname(hostname, sizeof(hostname))) {
fatal("gethostname: %.100s", strerror(errno));
+ }
/*
* auth_display must be used as the displayname when the
* authorization entry is added with xauth(1). This will be