simon-git: putty (master): Simon Tatham
Commits to Tartarus hosted VCS
tartarus-commits at lists.tartarus.org
Wed Apr 3 21:50:00 BST 2019
TL;DR:
77bdaa24 Fix reentrancy bug around sshfwd_x11_sharing_handover.
Repository: https://git.tartarus.org/simon/putty.git
On the web: https://git.tartarus.org/?p=simon/putty.git
Branch updated: master
Committer: Simon Tatham <anakin at pobox.com>
Date: 2019-04-03 21:50:00
commit 77bdaa2436fa1f7fefb529b7354e8b35944a5f50
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=77bdaa2436fa1f7fefb529b7354e8b35944a5f50;hp=f9e2c7b1fe582b8ba1f6998c071e2a7635dd9d5d
Author: Simon Tatham <anakin at pobox.com>
Date: Wed Apr 3 20:58:10 2019 +0100
Fix reentrancy bug around sshfwd_x11_sharing_handover.
When we get an incoming forwarded X11 channel over SSH, we keep it as
an upstream channel for long enough to decide from its auth data which
downstream (if any) it's destined for. Then we do a handover which
retags the channel as a sharing one, so all further SSH messages are
passed through trivially.
But the handover function is called from chan_send, which in turn is
called from the processing of the CHANNEL_DATA message that completed
the auth exchange. So after the handover finishes, we were coming back
to the standard CHANNEL_DATA processing and calling ssh2_set_window,
which tried to dereference c->chan, which has now become NULL.
Therefore, we should check for this case after calling chan_send, and
stop doing the post-send processing if we spot it, which avoids that
segfault.
ssh2connection.c | 11 +++++++++++
1 file changed, 11 insertions(+)
More information about the tartarus-commits
mailing list