[openssh] set a client's address right after a connection is set http://bugzilla.mindrot.org/show_bug.cgi?id=2

Mon Sep 8 08:06:29 UTC 2014

commit 0a3f4e122d4972b836fb4d199d1c6b416d0cada3
Author: Petr Lautrbach <plautrba at redhat.com>
Date:   Mon Sep 1 17:35:01 2014 +0200

    set a client's address right after a connection is set
    http://bugzilla.mindrot.org/show_bug.cgi?id=2257

 openssh-6.6p1-set_remote_ipaddr.patch |   87 +++++++++++++++++++++++++++++++++
 openssh.spec                          |    4 ++
 2 files changed, 91 insertions(+), 0 deletions(-)
---

diff --git a/openssh-6.6p1-set_remote_ipaddr.patch b/openssh-6.6p1-set_remote_ipaddr.patch
new file mode 100644
index 0000000..166e569
--- /dev/null
+++ b/openssh-6.6p1-set_remote_ipaddr.patch
@@ -0,0 +1,87 @@
+diff --git a/canohost.c b/canohost.c
+index 97ce58c..1f9320a 100644
+--- a/canohost.c
++++ b/canohost.c
+@@ -338,6 +338,21 @@ clear_cached_addr(void)
+ 	cached_port = -1;
+ }
+ 
++void set_remote_ipaddr(void) {
++	if (canonical_host_ip != NULL)
++		free(canonical_host_ip);
++
++	if (packet_connection_is_on_socket()) {
++		canonical_host_ip =
++		    get_peer_ipaddr(packet_get_connection_in());
++		if (canonical_host_ip == NULL)
++			cleanup_exit(255);
++	} else {
++		/* If not on socket, return UNKNOWN. */
++		canonical_host_ip = xstrdup("UNKNOWN");
++	}
++}
++
+ /*
+  * Returns the IP-address of the remote host as a string.  The returned
+  * string must not be freed.
+@@ -347,17 +362,9 @@ const char *
+ get_remote_ipaddr(void)
+ {
+ 	/* Check whether we have cached the ipaddr. */
+-	if (canonical_host_ip == NULL) {
+-		if (packet_connection_is_on_socket()) {
+-			canonical_host_ip =
+-			    get_peer_ipaddr(packet_get_connection_in());
+-			if (canonical_host_ip == NULL)
+-				cleanup_exit(255);
+-		} else {
+-			/* If not on socket, return UNKNOWN. */
+-			canonical_host_ip = xstrdup("UNKNOWN");
+-		}
+-	}
++	if (canonical_host_ip == NULL)
++		set_remote_ipaddr();
++
+ 	return canonical_host_ip;
+ }
+ 
+diff --git a/canohost.h b/canohost.h
+index 4c8636f..4079953 100644
+--- a/canohost.h
++++ b/canohost.h
+@@ -13,6 +13,7 @@
+  */
+ 
+ const char	*get_canonical_hostname(int);
++void		 set_remote_ipaddr(void);
+ const char	*get_remote_ipaddr(void);
+ const char	*get_remote_name_or_ip(u_int, int);
+ 
+diff --git a/sshconnect.c b/sshconnect.c
+index e636f33..451a58b 100644
+--- a/sshconnect.c
++++ b/sshconnect.c
+@@ -62,6 +62,7 @@
+ #include "monitor_fdpass.h"
+ #include "ssh2.h"
+ #include "version.h"
++#include "canohost.h"
+ 
+ char *client_version_string = NULL;
+ char *server_version_string = NULL;
+@@ -170,6 +171,7 @@ ssh_proxy_fdpass_connect(const char *host, u_short port,
+ 
+ 	/* Set the connection file descriptors. */
+ 	packet_set_connection(sock, sock);
++	set_remote_ipaddr();
+ 
+ 	return 0;
+ }
+@@ -492,6 +494,7 @@ ssh_connect_direct(const char *host, struct addrinfo *aitop,
+ 
+ 	/* Set the connection. */
+ 	packet_set_connection(sock, sock);
++	set_remote_ipaddr();
+ 
+ 	return 0;
+ }
diff --git a/openssh.spec b/openssh.spec
index ac77cb4..c2abf44 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -191,6 +191,9 @@ Patch908: openssh-6.6p1-CVE-2014-2653.patch
 Patch909: openssh-5618210618256bbf5f4f71b2887ff186fd451736.patch
 # standardise on NI_MAXHOST for gethostname() string lengths (#1051490)
 Patch910: openssh-6.6.1p1-NI_MAXHOST.patch
+# set a client's address right after a connection is set
+# http://bugzilla.mindrot.org/show_bug.cgi?id=2257
+Patch911: openssh-6.6p1-set_remote_ipaddr.patch
 
 License: BSD
 Group: Applications/Internet
@@ -395,6 +398,7 @@ popd
 %patch908 -p1 -b .CVE-2014-2653
 %patch909 -p1 -b .6.6.1
 %patch910 -p1 -b .NI_MAXHOST
+%patch911 -p1 -b .set_remote_ipaddr
 
 %patch200 -p1 -b .audit
 %patch700 -p1 -b .fips
