xrdp-next/xrdp-0.9.1-CVE-2017-6967.patch

90 lines
2.9 KiB
Diff
Raw Normal View History

2017-03-21 08:12:27 +00:00
From 44129acd210c803fc8bbcfaf1b0db05e5bb4034f Mon Sep 17 00:00:00 2001
From: Jay Sorg <jay.sorg@gmail.com>
Date: Thu, 16 Mar 2017 20:36:50 -0700
Subject: [PATCH 08/10] sesman: call auth_start_session, auth_stop_session,
auth_end only from main process
---
sesman/scp_v0.c | 5 ++++-
sesman/scp_v1.c | 5 ++++-
sesman/session.c | 7 ++++---
3 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/sesman/scp_v0.c b/sesman/scp_v0.c
index a1c919e..2780196 100644
--- a/sesman/scp_v0.c
+++ b/sesman/scp_v0.c
@@ -42,6 +42,10 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
int errorcode = 0;
data = auth_userpass(s->username, s->password, &errorcode);
+ if (data != NULL)
+ {
+ auth_start_session(data, display);
+ }
if (s->type == SCP_GW_AUTHENTICATION)
{
@@ -155,5 +159,4 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
{
scp_v0s_deny_connection(c);
}
- auth_end(data);
}
diff --git a/sesman/scp_v1.c b/sesman/scp_v1.c
index f865271..509a9a0 100644
--- a/sesman/scp_v1.c
+++ b/sesman/scp_v1.c
@@ -56,6 +56,10 @@ scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
data = auth_userpass(s->username, s->password,NULL);
/*LOG_DBG("user: %s\npass: %s", s->username, s->password);*/
+ if (data != NULL)
+ {
+ auth_start_session(data, display);
+ }
while ((!data) && ((retries == 0) || (current_try > 0)))
{
@@ -201,7 +205,6 @@ scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
}
/* cleanup */
- auth_end(data);
g_free(slist);
}
diff --git a/sesman/session.c b/sesman/session.c
index d13a3d0..775795b 100644
--- a/sesman/session.c
+++ b/sesman/session.c
@@ -497,7 +497,6 @@ session_start_fork(tbus data, tui8 type, struct SCP_CONNECTION *c,
g_getpid());
}
#endif
- auth_start_session(data, display);
wmpid = g_fork(); /* parent becomes X,
child forks wm, and waits, todo */
if (wmpid == -1)
@@ -785,8 +784,6 @@ session_start_fork(tbus data, tui8 type, struct SCP_CONNECTION *c,
g_waitpid(wmpid);
log_message(LOG_LEVEL_ALWAYS, "window manager pid(%d) did "
"exit, cleaning up session", wmpid);
- auth_stop_session(data);
- auth_end(data);
g_sigterm(xpid);
g_sigterm(wmpid);
g_sigterm(cspid);
@@ -917,6 +914,10 @@ session_kill(int pid)
if (tmp->item->pid == pid)
{
+
+ auth_stop_session(tmp->item->data);
+ auth_end(tmp->item->data);
+
/* deleting the session */
log_message(LOG_LEVEL_INFO, "++ terminated session: username %s, display :%d.0, session_pid %d, ip %s", tmp->item->name, tmp->item->display, tmp->item->pid, tmp->item->client_ip);
g_free(tmp->item);