From 5f5cd746f357a87637a6a91605a44e1ed9a6dab1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 3 Apr 2008 08:43:57 +1100 Subject: [PATCH] - markus@cvs.openbsd.org 2008/04/02 15:36:51 [channels.c] avoid possible hijacking of x11-forwarded connections (back out 1.183) CVE-2008-1483; ok djm@ --- ChangeLog | 9 ++++++++- channels.c | 5 +---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index b26116e65..8e116c9f9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20080403 + - (djm) OpenBSD CVS sync: + - markus@cvs.openbsd.org 2008/04/02 15:36:51 + [channels.c] + avoid possible hijacking of x11-forwarded connections (back out 1.183) + CVE-2008-1483; ok djm@ + 20080327 - (dtucker) Cache selinux status earlier so we know if it's enabled after a chroot. Allows ChrootDirectory to work with selinux support compiled in @@ -3825,4 +3832,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4897 2008/03/27 06:53:09 djm Exp $ +$Id: ChangeLog,v 1.4898 2008/04/02 21:43:57 djm Exp $ diff --git a/channels.c b/channels.c index c766cc275..b6bd901f0 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.272 2008/01/19 23:02:40 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.273 2008/04/02 21:36:51 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2906,9 +2906,6 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, debug2("bind port %d: %.100s", port, strerror(errno)); close(sock); - if (ai->ai_next) - continue; - for (n = 0; n < num_socks; n++) { close(socks[n]); }