From 18b082955b77ecf775f36b8fc64e0a9262b583d9 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Mon, 5 Sep 2005 17:10:32 +0000 Subject: [PATCH] * ensure that we only handle open confirmation/failure for channels where it is expected --HG-- extra : convert_revision : acc1ba014aae08ecb3159282fe87defe67899a40 --- channel.h | 4 ++++ common-channel.c | 13 +++++++++++++ 2 files changed, 17 insertions(+) diff --git a/channel.h b/channel.h index 0f0fcc1..872bb25 100644 --- a/channel.h +++ b/channel.h @@ -81,6 +81,10 @@ struct Channel { int initconn; /* used for TCP forwarding, whether the channel has been fully initialised */ + int await_open; /* flag indicating whether we've sent an open request + for this channel (and are awaiting a confirmation + or failure). */ + const struct ChanType* type; }; diff --git a/common-channel.c b/common-channel.c index 12e7aa7..e71a7b7 100644 --- a/common-channel.c +++ b/common-channel.c @@ -147,6 +147,7 @@ struct Channel* newchannel(unsigned int remotechan, newchan->outfd = FD_UNINIT; newchan->errfd = FD_CLOSED; /* this isn't always set to start with */ newchan->initconn = 0; + newchan->await_open = 0; newchan->writebuf = cbuf_new(RECV_MAXWINDOW); newchan->extrabuf = NULL; /* The user code can set it up */ @@ -933,6 +934,8 @@ int send_msg_channel_open_init(int fd, const struct ChanType *type) { chan->infd = chan->outfd = fd; ses.maxfd = MAX(ses.maxfd, fd); + chan->await_open = 1; + /* now open the channel connection */ CHECKCLEARTOWRITE(); @@ -960,6 +963,11 @@ void recv_msg_channel_open_confirmation() { dropbear_exit("Unknown channel"); } + if (!channel->await_open) { + dropbear_exit("unexpected channel reply"); + } + channel->await_open = 0; + channel->remotechan = buf_getint(ses.payload); channel->transwindow = buf_getint(ses.payload); channel->transmaxpacket = buf_getint(ses.payload); @@ -990,6 +998,11 @@ void recv_msg_channel_open_failure() { dropbear_exit("Unknown channel"); } + if (!channel->await_open) { + dropbear_exit("unexpected channel reply"); + } + channel->await_open = 0; + removechannel(channel); } #endif /* USING_LISTENERS */