diff options
author | djm@openbsd.org <djm@openbsd.org> | 2016-01-13 23:04:47 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-01-14 10:06:01 +1100 |
commit | ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c (patch) | |
tree | 008ac3334471370857e32b48893cb6f07d28e987 /mux.c | |
parent | 9a728cc918fad67c8a9a71201088b1e150340ba4 (diff) | |
download | openssh-git-ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c.tar.gz |
upstream commit
eliminate fallback from untrusted X11 forwarding to trusted
forwarding when the X server disables the SECURITY extension; Reported by
Thomas Hoger; ok deraadt@
Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
Diffstat (limited to 'mux.c')
-rw-r--r-- | mux.c | 22 |
1 files changed, 12 insertions, 10 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.57 2015/12/26 07:46:03 semarie Exp $ */ +/* $OpenBSD: mux.c,v 1.58 2016/01/13 23:04:47 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> * @@ -1354,16 +1354,18 @@ mux_session_confirm(int id, int success, void *arg) char *proto, *data; /* Get reasonable local authentication information. */ - client_x11_get_proto(display, options.xauth_location, + if (client_x11_get_proto(display, options.xauth_location, options.forward_x11_trusted, options.forward_x11_timeout, - &proto, &data); - /* Request forwarding with authentication spoofing. */ - debug("Requesting X11 forwarding with authentication " - "spoofing."); - x11_request_forwarding_with_spoofing(id, display, proto, - data, 1); - client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN); - /* XXX exit_on_forward_failure */ + &proto, &data) == 0) { + /* Request forwarding with authentication spoofing. */ + debug("Requesting X11 forwarding with authentication " + "spoofing."); + x11_request_forwarding_with_spoofing(id, display, proto, + data, 1); + /* XXX exit_on_forward_failure */ + client_expect_confirm(id, "X11 forwarding", + CONFIRM_WARN); + } } if (cctx->want_agent_fwd && options.forward_agent) { |