- markus@cvs.openbsd.org 2008/04/02 15:36:51

[channels.c] avoid possible hijacking of x11-forwarded connections (back out 1.183) CVE-2008-1483; ok djm@
2008-04-03 08:43:57 +11:00 · 2008-04-03 08:43:57 +11:00 · 5f5cd746f3
parent 0abb232428
commit 5f5cd746f3
2 changed files with 9 additions and 5 deletions
--- a/9
+++ b/9
@ -1,3 +1,10 @@
+20080403
+ - (djm) OpenBSD CVS sync:
+   - markus@cvs.openbsd.org 2008/04/02 15:36:51
+     [channels.c]
+     avoid possible hijacking of x11-forwarded connections (back out 1.183)
+     CVE-2008-1483; ok djm@
+
 20080327
 - (dtucker) Cache selinux status earlier so we know if it's enabled after a
   chroot.  Allows ChrootDirectory to work with selinux support compiled in
@ -3825,4 +3832,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@

-$Id: ChangeLog,v 1.4897 2008/03/27 06:53:09 djm Exp $
+$Id: ChangeLog,v 1.4898 2008/04/02 21:43:57 djm Exp $
--- a/channels.c
+++ b/channels.c
@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.272 2008/01/19 23:02:40 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.273 2008/04/02 21:36:51 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -2906,9 +2906,6 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
 				debug2("bind port %d: %.100s", port, strerror(errno));
 				close(sock);

-				if (ai->ai_next)
-					continue;
-
 				for (n = 0; n < num_socks; n++) {
 					close(socks[n]);
 				}