From 0a3f4e122d4972b836fb4d199d1c6b416d0cada3 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 1 Sep 2014 17:35:01 +0200 Subject: [PATCH] set a client's address right after a connection is set http://bugzilla.mindrot.org/show_bug.cgi?id=2257 --- openssh-6.6p1-set_remote_ipaddr.patch | 87 +++++++++++++++++++++++++++ openssh.spec | 4 ++ 2 files changed, 91 insertions(+) create mode 100644 openssh-6.6p1-set_remote_ipaddr.patch diff --git a/openssh-6.6p1-set_remote_ipaddr.patch b/openssh-6.6p1-set_remote_ipaddr.patch new file mode 100644 index 0000000..166e569 --- /dev/null +++ b/openssh-6.6p1-set_remote_ipaddr.patch @@ -0,0 +1,87 @@ +diff --git a/canohost.c b/canohost.c +index 97ce58c..1f9320a 100644 +--- a/canohost.c ++++ b/canohost.c +@@ -338,6 +338,21 @@ clear_cached_addr(void) + cached_port = -1; + } + ++void set_remote_ipaddr(void) { ++ if (canonical_host_ip != NULL) ++ free(canonical_host_ip); ++ ++ if (packet_connection_is_on_socket()) { ++ canonical_host_ip = ++ get_peer_ipaddr(packet_get_connection_in()); ++ if (canonical_host_ip == NULL) ++ cleanup_exit(255); ++ } else { ++ /* If not on socket, return UNKNOWN. */ ++ canonical_host_ip = xstrdup("UNKNOWN"); ++ } ++} ++ + /* + * Returns the IP-address of the remote host as a string. The returned + * string must not be freed. +@@ -347,17 +362,9 @@ const char * + get_remote_ipaddr(void) + { + /* Check whether we have cached the ipaddr. */ +- if (canonical_host_ip == NULL) { +- if (packet_connection_is_on_socket()) { +- canonical_host_ip = +- get_peer_ipaddr(packet_get_connection_in()); +- if (canonical_host_ip == NULL) +- cleanup_exit(255); +- } else { +- /* If not on socket, return UNKNOWN. */ +- canonical_host_ip = xstrdup("UNKNOWN"); +- } +- } ++ if (canonical_host_ip == NULL) ++ set_remote_ipaddr(); ++ + return canonical_host_ip; + } + +diff --git a/canohost.h b/canohost.h +index 4c8636f..4079953 100644 +--- a/canohost.h ++++ b/canohost.h +@@ -13,6 +13,7 @@ + */ + + const char *get_canonical_hostname(int); ++void set_remote_ipaddr(void); + const char *get_remote_ipaddr(void); + const char *get_remote_name_or_ip(u_int, int); + +diff --git a/sshconnect.c b/sshconnect.c +index e636f33..451a58b 100644 +--- a/sshconnect.c ++++ b/sshconnect.c +@@ -62,6 +62,7 @@ + #include "monitor_fdpass.h" + #include "ssh2.h" + #include "version.h" ++#include "canohost.h" + + char *client_version_string = NULL; + char *server_version_string = NULL; +@@ -170,6 +171,7 @@ ssh_proxy_fdpass_connect(const char *host, u_short port, + + /* Set the connection file descriptors. */ + packet_set_connection(sock, sock); ++ set_remote_ipaddr(); + + return 0; + } +@@ -492,6 +494,7 @@ ssh_connect_direct(const char *host, struct addrinfo *aitop, + + /* Set the connection. */ + packet_set_connection(sock, sock); ++ set_remote_ipaddr(); + + return 0; + } diff --git a/openssh.spec b/openssh.spec index ac77cb4..c2abf44 100644 --- a/openssh.spec +++ b/openssh.spec @@ -191,6 +191,9 @@ Patch908: openssh-6.6p1-CVE-2014-2653.patch Patch909: openssh-5618210618256bbf5f4f71b2887ff186fd451736.patch # standardise on NI_MAXHOST for gethostname() string lengths (#1051490) Patch910: openssh-6.6.1p1-NI_MAXHOST.patch +# set a client's address right after a connection is set +# http://bugzilla.mindrot.org/show_bug.cgi?id=2257 +Patch911: openssh-6.6p1-set_remote_ipaddr.patch License: BSD Group: Applications/Internet @@ -395,6 +398,7 @@ popd %patch908 -p1 -b .CVE-2014-2653 %patch909 -p1 -b .6.6.1 %patch910 -p1 -b .NI_MAXHOST +%patch911 -p1 -b .set_remote_ipaddr %patch200 -p1 -b .audit %patch700 -p1 -b .fips