Google Git
Sign in
chromium / apps / libapps / 44c32204f899316880777fb4df0f1f7d1a63a33d / . / ssh_client / openssh-7.5p1.patch
blob: 403186a220832043d0d8ca556f1053260b801dd9 [file] [log] [blame]
--- a/channels.h
+++ b/channels.h
@@ -172,9 +172,9 @@ struct Channel {
/* default window/packet sizes for tcp/x11-fwd-channel */
#define CHAN_SES_PACKET_DEFAULT (32*1024)
-#define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT)
+#define CHAN_SES_WINDOW_DEFAULT (4*CHAN_SES_PACKET_DEFAULT)
#define CHAN_TCP_PACKET_DEFAULT (32*1024)
-#define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT)
+#define CHAN_TCP_WINDOW_DEFAULT (4*CHAN_TCP_PACKET_DEFAULT)
#define CHAN_X11_PACKET_DEFAULT (16*1024)
#define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT)
--- a/ssh.c
+++ b/ssh.c
@@ -508,7 +508,7 @@ set_addrinfo_port(struct addrinfo *addrs, int port)
* Main program for the ssh client.
*/
int
-main(int ac, char **av)
+ssh_main(int ac, char **av, const char *subsystem)
{
struct ssh *ssh = NULL;
int i, r, opt, exit_status, use_syslog, direct, config_test = 0;
@@ -971,6 +971,21 @@
/* Initialize the command to execute on remote host. */
buffer_init(&command);
+ if (subsystem) {
+ /*
+ * Hijack the codeflow now that we're done parsing the command line.
+ * We want all the flags, but none of the command line. Unless they
+ * passed in -s themselves.
+ */
+ if (!subsystem_flag) {
+ subsystem_flag = 1;
+ av = xcalloc(2, sizeof(*av));
+ av[0] = subsystem;
+ av[1] = NULL;
+ ac = 1;
+ }
+ }
+
/*
* Save the command to execute on the remote host in a buffer. There
* is no limit on the length of the command, except by the maximum
--- a/umac.c
+++ b/umac.c
@@ -1179,7 +1179,7 @@ struct umac_ctx {
uhash_ctx hash; /* Hash function for message compression */
pdf_ctx pdf; /* PDF for hashed output */
void *free_ptr; /* Address to free this struct via */
-} umac_ctx;
+};
/* ---------------------------------------------------------------------- */
--- a/authfd.c
+++ b/authfd.c
@@ -89,7 +89,10 @@ ssh_get_authentication_socket(int *fdp)
{
const char *authsocket;
int sock, oerrno;
- struct sockaddr_un sunaddr;
+ struct sockaddr_in sunaddr;
+
+ /* Magic value. Keep in sync with //ssh_client/src/file_system.cc */
+ static const int kSshAgentFakeIP = 0x7F010203;
if (fdp != NULL)
*fdp = -1;
@@ -99,10 +102,10 @@ ssh_get_authentication_socket(int *fdp)
return SSH_ERR_AGENT_NOT_PRESENT;
memset(&sunaddr, 0, sizeof(sunaddr));
- sunaddr.sun_family = AF_UNIX;
- strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
+ sunaddr.sin_family = AF_INET;
+ sunaddr.sin_addr.s_addr = htonl(kSshAgentFakeIP);
- if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
+ if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
return SSH_ERR_SYSTEM_ERROR;
/* close on exec */
daemonized() relies on funcs we don't implement (because we don't need them),
and this func is only used in sshd. disable it to avoid link failures.
--- a/misc.c
+++ b/misc.c
@@ -1257,6 +1257,7 @@ bind_permitted(int port, uid_t uid)
return 1;
}
+#if !defined(__pnacl__) && !defined(__nacl__)
/* returns 1 if process is already daemonized, 0 otherwise */
int
daemonized(void)
@@ -1274,3 +1275,4 @@ daemonized(void)
debug3("already daemonized");
return 1;
}
+#endif
https://crbug.com/707941
--- a/authfile.c
+++ b/authfile.c
@@ -133,7 +133,8 @@ sshkey_load_file(int fd, struct sshbuf *blob)
goto out;
}
}
- if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
+ if (dontmax == 0 &&
+ (st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
st.st_size != (off_t)sshbuf_len(blob)) {
r = SSH_ERR_FILE_CHANGED;
goto out;