search for: channel_lookup

...tand the code of openssh in detail - hence my question here. Out of curiosity I was looking at the patch for CVE-2002-0083 and tried to understand what the actual problem is, but failed: --- channels_old.c?? ?Mon Mar? 4 02:07:06 2002 +++ channels.c?? ?Mon Mar? 4 02:07:16 2002 @@ -151,7 +151,7 @@ ?channel_lookup(int id) ?{ ??? ?Channel *c; -?? ?if (id < 0 || id > channels_alloc) { +?? ?if (id < 0 || id >= channels_alloc) { ??? ??? ?log("channel_lookup: %d: bad id", id); ??? ??? ?return NULL; ??? ?} What does that mean? If id is less than 0 (are we talking about the unix uid?) or id...

Hi All, I am not sure if this is the same thing as the hang on exit bug, so sorry if this is a duplication of previous stuff. Essetntially I am experiencing ssh hangs with about .5% - 1% of my connections. I am running 2.9p2, on Solaris 7. I actually have empirical data on the hangings, as I wrote a script to create these connections in an endless loop, setting an alarm so I could recover

...is going to be a fix for this problem or how to make it work correctly? Here's an example of what I see when I run a remote xterm, and then close it immediately: polycut:~> ssh -n mahler xterm <I immediately hit CTRL-d on the xterm and the the following error in the original shell> channel_lookup: 0: bad id: channel free client_input_channel_req: channel 0: unknown channel <I hit CTRL-c to get control of the original shell> ^CKilled by signal 2. polycut:~> Thanks, Ed Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082 Systems Programmer III, Network and S...

...). Anyone experienced that? Matteo. -------------- next part -------------- asterisk*CLI> sip debug SIP Debugging Enabled -- Accepting unauthenticated call from 213.140.14.155, requested format = 4, actual format = 2 -- Executing AGI("IAX2[guest@213.140.14.155:4569]/2", "channel_lookup.agi") in new stack -- Launched AGI Script /var/lib/asterisk/agi-bin/channel_lookup.agi -- AGI Script channel_lookup.agi completed, returning 0 -- Executing Dial("IAX2[guest@213.140.14.155:4569]/2", "Sip/233|30|m") in new stack We're at 192.168.1.203 port 139...

..._listening ? "no longer listening" : "still listening"); /* Fork into background. */ pid = fork(); if (pid < 0) { error("fork: %.100s", strerror(errno)); return; } if (pid != 0) { /* This is the parent. */ /* The parent just exits. */ exit(0); } c = channel_lookup(session_ident); if (c == NULL) error("couldn't lookup session channel"); /* The child continues serving connections. */ /* fake EOF on stdin */ if (compat20) { buffer_append(&stdin_buffer, "\004", 1); } else if (!stdin_eof) { /* * Sending SSH_CMSG_EOF alon...

...ision 1.170 retrieving revision 1.171 diff -u -r1.170 -r1.171 --- channels.c 27 Feb 2002 21:23:13 -0000 1.170 +++ channels.c 4 Mar 2002 19:37:58 -0000 1.171 @@ -146,7 +146,7 @@ { Channel *c; - if (id < 0 || id > channels_alloc) { + if (id < 0 || id >= channels_alloc) { log("channel_lookup: %d: bad id", id); return NULL; }

...ision 1.170 retrieving revision 1.171 diff -u -r1.170 -r1.171 --- channels.c 27 Feb 2002 21:23:13 -0000 1.170 +++ channels.c 4 Mar 2002 19:37:58 -0000 1.171 @@ -146,7 +146,7 @@ { Channel *c; - if (id < 0 || id > channels_alloc) { + if (id < 0 || id >= channels_alloc) { log("channel_lookup: %d: bad id", id); return NULL; }

...ision 1.170 retrieving revision 1.171 diff -u -r1.170 -r1.171 --- channels.c 27 Feb 2002 21:23:13 -0000 1.170 +++ channels.c 4 Mar 2002 19:37:58 -0000 1.171 @@ -146,7 +146,7 @@ { Channel *c; - if (id < 0 || id > channels_alloc) { + if (id < 0 || id >= channels_alloc) { log("channel_lookup: %d: bad id", id); return NULL; }

...ision 1.170 retrieving revision 1.171 diff -u -r1.170 -r1.171 --- channels.c 27 Feb 2002 21:23:13 -0000 1.170 +++ channels.c 4 Mar 2002 19:37:58 -0000 1.171 @@ -146,7 +146,7 @@ { Channel *c; - if (id < 0 || id > channels_alloc) { + if (id < 0 || id >= channels_alloc) { log("channel_lookup: %d: bad id", id); return NULL; }

..."no longer listening" : "still listening"); + + /* Fork into background. */ + pid = fork(); + if (pid < 0) { + error("fork: %.100s", strerror(errno)); + return; + } + if (pid != 0) { /* This is the parent. */ + /* The parent just exits. */ + exit(0); + } + + c = channel_lookup(session_ident); + if (c == NULL) + error("couldn't lookup session channel"); + + /* The child continues serving connections. */ + /* fake EOF on stdin */ + if (compat20) { + buffer_append(&stdin_buffer, "\004", 1); + } else if (!stdin_eof) { + /* + * Sending SSH_CMS...

...channel_connect_to(permitted_opens[i].host_to_connect, + permitted_opens[i].port_to_connect); + + if ( sock >= 0 ) { + newch = channel_new("forwarded-tcpip", SSH_CHANNEL_OPEN, + sock, sock, -1, 4*1024, 32*1024, 0, + xstrdup(client_address)); + c = channel_lookup( newch ); + } + return c; +} + /* * This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates * listening for the port, and sends back a success reply (or disconnect diff -u -r openssh-2.1.1p4/channels.h openssh-2.1.1p4-jhchanges/channels.h --- openssh-2.1.1p4/channels.h Thu Ju...

...* first. + */ + packet_start(SSH_CMSG_STDIN_DATA); + packet_put_string("\004", 1); + packet_send(); + /* Close stdin. */ + stdin_eof = 1; + if (buffer_len(&stdin_buffer) == 0) { + packet_start(SSH_CMSG_EOF); + packet_send(); + } + } + + if (!compat20) + return; + + c = channel_lookup(session_ident); + if (c == NULL) + error("couldn't lookup session channel"); + + if (detach) { + chan_wont_read(c); + chan_wont_write(c); + channel_close_fds(c); + fd = open(_PATH_DEVNULL, O_RDWR, 0); + if (fd < 0) + return; + (void) dup2(fd, STDIN_FILENO); + (void) dup2(...

I'd like a feature whereby ssh puts itself in the background after the first successful X11 (or other port) forwarding. The reason for this is simple: error handling. If the application fails to open the X display and exits, then the client can still exit with the application's exit code. But if the application opens the X display successfully, then it can just display any errors by

...type); /* non-blocking connect helpers */ static int connect_next(struct channel_connect *); static void channel_connect_ctx_free(struct channel_connect *); +static int connect_to_helper(const char *host, u_short port, struct channel_connect *cctx); /* -- channel core */ @@ -209,6 +210,7 @@ channel_lookup(int id) case SSH_CHANNEL_LARVAL: case SSH_CHANNEL_CONNECTING: case SSH_CHANNEL_DYNAMIC: + case SSH_CHANNEL_RDYNAMIC: case SSH_CHANNEL_OPENING: case SSH_CHANNEL_OPEN: case SSH_CHANNEL_INPUT_DRAINING: @@ -534,6 +536,7 @@ channel_still_open(void) case SSH_CHANNEL_CLOSED: case SSH_CHA...

...+ sock = channel_connect_to(permitted_opens[i].host_to_connect, + permitted_opens[i].port_to_connect); + + if ( sock >= 0 ) { + newch = channel_new("forwarded-tcpip", SSH_CHANNEL_OPEN, + sock, sock, -1, 4*1024, 32*1024, 0, + xstrdup(originator_address), 1); + c = channel_lookup( newch ); + } + /* client_input_channel_open calls xfree(request_type) Don't call it here */ + xfree(originator_address); + xfree(listen_address); + return c; } /* @@ -1595,7 +1785,11 @@ /* * Initiate forwarding, */ - channel_request_local_forwarding(port, hostname, host_port, gatew...

...nel_connect_to(permitted_opens[i].host_to_connect, + permitted_opens[i].port_to_connect); + + if ( sock >= 0 ) { + newch = channel_new("forwarded-tcpip", SSH_CHANNEL_OPEN, + sock, sock, -1, 4*1024, 32*1024, 0, + xstrdup(originator_address)); + c = channel_lookup( newch ); + } + /* client_input_channel_open calls xfree(request_type) Don't call it here */ + xfree(originator_address); + xfree(listen_address); + return c; +} + /* * This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates * listening for the port, and sends back a succ...

.../* ARGSUSED */ static void -mux_session_confirm(int id, void *arg) +mux_master_control_cleanup_cb(int cid, void *unused) { - struct mux_session_confirm_ctx *cctx = arg; - const char *display; - Channel *c; - int i; - - if (cctx == NULL) - fatal("%s: cctx == NULL", __func__); - if ((c = channel_lookup(id)) == NULL) - fatal("%s: no channel for id %d", __func__, id); - - display = getenv("DISPLAY"); - if (cctx->want_x_fwd && options.forward_x11 && display != NULL) { - char *proto, *data; - /* Get reasonable local authentication information. */ - client_x1...