[openssh] set a client's address right after a connection is set http://bugzilla.mindrot.org/show_bug.cgi?id=2
Petr Lautrbach
plautrba at fedoraproject.org
Mon Sep 8 08:06:29 UTC 2014
commit 0a3f4e122d4972b836fb4d199d1c6b416d0cada3
Author: Petr Lautrbach <plautrba at redhat.com>
Date: Mon Sep 1 17:35:01 2014 +0200
set a client's address right after a connection is set
http://bugzilla.mindrot.org/show_bug.cgi?id=2257
openssh-6.6p1-set_remote_ipaddr.patch | 87 +++++++++++++++++++++++++++++++++
openssh.spec | 4 ++
2 files changed, 91 insertions(+), 0 deletions(-)
---
diff --git a/openssh-6.6p1-set_remote_ipaddr.patch b/openssh-6.6p1-set_remote_ipaddr.patch
new file mode 100644
index 0000000..166e569
--- /dev/null
+++ b/openssh-6.6p1-set_remote_ipaddr.patch
@@ -0,0 +1,87 @@
+diff --git a/canohost.c b/canohost.c
+index 97ce58c..1f9320a 100644
+--- a/canohost.c
++++ b/canohost.c
+@@ -338,6 +338,21 @@ clear_cached_addr(void)
+ cached_port = -1;
+ }
+
++void set_remote_ipaddr(void) {
++ if (canonical_host_ip != NULL)
++ free(canonical_host_ip);
++
++ if (packet_connection_is_on_socket()) {
++ canonical_host_ip =
++ get_peer_ipaddr(packet_get_connection_in());
++ if (canonical_host_ip == NULL)
++ cleanup_exit(255);
++ } else {
++ /* If not on socket, return UNKNOWN. */
++ canonical_host_ip = xstrdup("UNKNOWN");
++ }
++}
++
+ /*
+ * Returns the IP-address of the remote host as a string. The returned
+ * string must not be freed.
+@@ -347,17 +362,9 @@ const char *
+ get_remote_ipaddr(void)
+ {
+ /* Check whether we have cached the ipaddr. */
+- if (canonical_host_ip == NULL) {
+- if (packet_connection_is_on_socket()) {
+- canonical_host_ip =
+- get_peer_ipaddr(packet_get_connection_in());
+- if (canonical_host_ip == NULL)
+- cleanup_exit(255);
+- } else {
+- /* If not on socket, return UNKNOWN. */
+- canonical_host_ip = xstrdup("UNKNOWN");
+- }
+- }
++ if (canonical_host_ip == NULL)
++ set_remote_ipaddr();
++
+ return canonical_host_ip;
+ }
+
+diff --git a/canohost.h b/canohost.h
+index 4c8636f..4079953 100644
+--- a/canohost.h
++++ b/canohost.h
+@@ -13,6 +13,7 @@
+ */
+
+ const char *get_canonical_hostname(int);
++void set_remote_ipaddr(void);
+ const char *get_remote_ipaddr(void);
+ const char *get_remote_name_or_ip(u_int, int);
+
+diff --git a/sshconnect.c b/sshconnect.c
+index e636f33..451a58b 100644
+--- a/sshconnect.c
++++ b/sshconnect.c
+@@ -62,6 +62,7 @@
+ #include "monitor_fdpass.h"
+ #include "ssh2.h"
+ #include "version.h"
++#include "canohost.h"
+
+ char *client_version_string = NULL;
+ char *server_version_string = NULL;
+@@ -170,6 +171,7 @@ ssh_proxy_fdpass_connect(const char *host, u_short port,
+
+ /* Set the connection file descriptors. */
+ packet_set_connection(sock, sock);
++ set_remote_ipaddr();
+
+ return 0;
+ }
+@@ -492,6 +494,7 @@ ssh_connect_direct(const char *host, struct addrinfo *aitop,
+
+ /* Set the connection. */
+ packet_set_connection(sock, sock);
++ set_remote_ipaddr();
+
+ return 0;
+ }
diff --git a/openssh.spec b/openssh.spec
index ac77cb4..c2abf44 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -191,6 +191,9 @@ Patch908: openssh-6.6p1-CVE-2014-2653.patch
Patch909: openssh-5618210618256bbf5f4f71b2887ff186fd451736.patch
# standardise on NI_MAXHOST for gethostname() string lengths (#1051490)
Patch910: openssh-6.6.1p1-NI_MAXHOST.patch
+# set a client's address right after a connection is set
+# http://bugzilla.mindrot.org/show_bug.cgi?id=2257
+Patch911: openssh-6.6p1-set_remote_ipaddr.patch
License: BSD
Group: Applications/Internet
@@ -395,6 +398,7 @@ popd
%patch908 -p1 -b .CVE-2014-2653
%patch909 -p1 -b .6.6.1
%patch910 -p1 -b .NI_MAXHOST
+%patch911 -p1 -b .set_remote_ipaddr
%patch200 -p1 -b .audit
%patch700 -p1 -b .fips
More information about the scm-commits
mailing list