diff options
| author | Damien Miller <djm@mindrot.org> | 1999-12-09 10:31:37 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 1999-12-09 10:31:37 +1100 |
| commit | 50945fa861f9b17d0cf88ec7998847bcf1c5eda6 (patch) | |
| tree | 58757427a77d5775b9aebc7f4a5cb6cf9019da2f /sshd.c | |
| parent | bf1c9b2012fadab02392126bece5d21e9ddffda6 (diff) | |
| download | openssh-git-50945fa861f9b17d0cf88ec7998847bcf1c5eda6.tar.gz | |
- OpenBSD CVS updates:
- [readpass.c]
avoid stdio; based on work by markus, millert, and I
- [sshd.c]
make sure the client selects a supported cipher
- [sshd.c]
fix sighup handling. accept would just restart and daemon handled
sighup only after the next connection was accepted. use poll on
listen sock now.
- [sshd.c]
make that a fatal
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 23 |
1 files changed, 20 insertions, 3 deletions
@@ -11,7 +11,9 @@ */ #include "includes.h" -RCSID("$Id: sshd.c,v 1.36 1999/12/08 23:16:55 damien Exp $"); +RCSID("$Id: sshd.c,v 1.37 1999/12/08 23:31:37 damien Exp $"); + +#include <poll.h> #include "xmalloc.h" #include "rsa.h" @@ -419,6 +421,7 @@ main(int ac, char **av) int opt, aux, sock_in, sock_out, newsock, i, pid, on = 1; int remote_major, remote_minor; int silentrsa = 0; + struct pollfd fds; struct sockaddr_in sin; char buf[100]; /* Must not be larger than remote_version. */ char remote_version[100]; /* Must be at least as big as buf. */ @@ -688,7 +691,18 @@ main(int ac, char **av) for (;;) { if (received_sighup) sighup_restart(); - /* Wait in accept until there is a connection. */ + /* Wait in poll until there is a connection. */ + memset(&fds, 0, sizeof(fds)); + fds.fd = listen_sock; + fds.events = POLLIN; + if (poll(&fds, 1, -1) == -1) { + if (errno == EINTR) + continue; + fatal("poll: %.100s", strerror(errno)); + /*NOTREACHED*/ + } + if (fds.revents == 0) + continue; aux = sizeof(sin); newsock = accept(listen_sock, (struct sockaddr *) & sin, &aux); if (received_sighup) @@ -1026,9 +1040,12 @@ do_connection() /* Read clients reply (cipher type and session key). */ packet_read_expect(&plen, SSH_CMSG_SESSION_KEY); - /* Get cipher type. */ + /* Get cipher type and check whether we accept this. */ cipher_type = packet_get_char(); + if (!(cipher_mask() & (1 << cipher_type))) + packet_disconnect("Warning: client selects unsupported cipher."); + /* Get check bytes from the packet. These must match those we sent earlier with the public key packet. */ for (i = 0; i < 8; i++) |