| --- a/channels.h |
| +++ b/channels.h |
| @@ -172,9 +172,9 @@ struct Channel { |
| |
| /* default window/packet sizes for tcp/x11-fwd-channel */ |
| #define CHAN_SES_PACKET_DEFAULT (32*1024) |
| -#define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT) |
| +#define CHAN_SES_WINDOW_DEFAULT (4*CHAN_SES_PACKET_DEFAULT) |
| #define CHAN_TCP_PACKET_DEFAULT (32*1024) |
| -#define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT) |
| +#define CHAN_TCP_WINDOW_DEFAULT (4*CHAN_TCP_PACKET_DEFAULT) |
| #define CHAN_X11_PACKET_DEFAULT (16*1024) |
| #define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT) |
| |
| --- a/ssh.c |
| +++ b/ssh.c |
| @@ -508,7 +508,7 @@ set_addrinfo_port(struct addrinfo *addrs, int port) |
| * Main program for the ssh client. |
| */ |
| int |
| -main(int ac, char **av) |
| +ssh_main(int ac, char **av, const char *subsystem) |
| { |
| struct ssh *ssh = NULL; |
| int i, r, opt, exit_status, use_syslog, direct, config_test = 0; |
| @@ -971,6 +971,21 @@ |
| /* Initialize the command to execute on remote host. */ |
| buffer_init(&command); |
| |
| + if (subsystem) { |
| + /* |
| + * Hijack the codeflow now that we're done parsing the command line. |
| + * We want all the flags, but none of the command line. Unless they |
| + * passed in -s themselves. |
| + */ |
| + if (!subsystem_flag) { |
| + subsystem_flag = 1; |
| + av = xcalloc(2, sizeof(*av)); |
| + av[0] = subsystem; |
| + av[1] = NULL; |
| + ac = 1; |
| + } |
| + } |
| + |
| /* |
| * Save the command to execute on the remote host in a buffer. There |
| * is no limit on the length of the command, except by the maximum |
| --- a/umac.c |
| +++ b/umac.c |
| @@ -1179,7 +1179,7 @@ struct umac_ctx { |
| uhash_ctx hash; /* Hash function for message compression */ |
| pdf_ctx pdf; /* PDF for hashed output */ |
| void *free_ptr; /* Address to free this struct via */ |
| -} umac_ctx; |
| +}; |
| |
| /* ---------------------------------------------------------------------- */ |
| |
| --- a/authfd.c |
| +++ b/authfd.c |
| @@ -89,7 +89,10 @@ ssh_get_authentication_socket(int *fdp) |
| { |
| const char *authsocket; |
| int sock, oerrno; |
| - struct sockaddr_un sunaddr; |
| + struct sockaddr_in sunaddr; |
| + |
| + /* Magic value. Keep in sync with //ssh_client/src/file_system.cc */ |
| + static const int kSshAgentFakeIP = 0x7F010203; |
| |
| if (fdp != NULL) |
| *fdp = -1; |
| @@ -99,10 +102,10 @@ ssh_get_authentication_socket(int *fdp) |
| return SSH_ERR_AGENT_NOT_PRESENT; |
| |
| memset(&sunaddr, 0, sizeof(sunaddr)); |
| - sunaddr.sun_family = AF_UNIX; |
| - strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); |
| + sunaddr.sin_family = AF_INET; |
| + sunaddr.sin_addr.s_addr = htonl(kSshAgentFakeIP); |
| |
| - if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) |
| + if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) |
| return SSH_ERR_SYSTEM_ERROR; |
| |
| /* close on exec */ |
| |
| daemonized() relies on funcs we don't implement (because we don't need them), |
| and this func is only used in sshd. disable it to avoid link failures. |
| |
| --- a/misc.c |
| +++ b/misc.c |
| @@ -1257,6 +1257,7 @@ bind_permitted(int port, uid_t uid) |
| return 1; |
| } |
| |
| +#if !defined(__pnacl__) && !defined(__nacl__) |
| /* returns 1 if process is already daemonized, 0 otherwise */ |
| int |
| daemonized(void) |
| @@ -1274,3 +1275,4 @@ daemonized(void) |
| debug3("already daemonized"); |
| return 1; |
| } |
| +#endif |
| |
| https://crbug.com/707941 |
| |
| --- a/authfile.c |
| +++ b/authfile.c |
| @@ -133,7 +133,8 @@ sshkey_load_file(int fd, struct sshbuf *blob) |
| goto out; |
| } |
| } |
| - if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && |
| + if (dontmax == 0 && |
| + (st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && |
| st.st_size != (off_t)sshbuf_len(blob)) { |
| r = SSH_ERR_FILE_CHANGED; |
| goto out; |