Allow ssh_config ForwardX11Timeout=0 to disable the timeout and allow

X11 connections in untrusted mode indefinitely. ok dtucker@

diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c
index 8794874..9399d43 100644 (file)
--- a/usr.bin/ssh/clientloop.c
+++ b/usr.bin/ssh/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.317 2018/07/11 18:53:29 markus Exp $ */
+/* $OpenBSD: clientloop.c,v 1.318 2018/09/21 12:46:22 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -271,7 +271,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
     const char *xauth_path, u_int trusted, u_int timeout,
     char **_proto, char **_data)
 {
-       char cmd[1024], line[512], xdisplay[512];
+       char *cmd, line[512], xdisplay[512];
        char xauthfile[PATH_MAX], xauthdir[PATH_MAX];
        static char proto[512], data[512];
        FILE *f;
@@ -335,19 +335,30 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
                                return -1;
                        }
 
-                       if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK)
-                               x11_timeout_real = UINT_MAX;
-                       else
-                               x11_timeout_real = timeout + X11_TIMEOUT_SLACK;
-                       if ((r = snprintf(cmd, sizeof(cmd),
-                           "%s -f %s generate %s " SSH_X11_PROTO
-                           " untrusted timeout %u 2>" _PATH_DEVNULL,
-                           xauth_path, xauthfile, display,
-                           x11_timeout_real)) < 0 ||
-                           (size_t)r >= sizeof(cmd))
-                               fatal("%s: cmd too long", __func__);
+                       if (timeout == 0) {
+                               /* auth doesn't time out */
+                               xasprintf(&cmd, "%s -f %s generate %s %s "
+                                   "untrusted 2>%s",
+                                   xauth_path, xauthfile, display,
+                                   SSH_X11_PROTO, _PATH_DEVNULL);
+                       } else {
+                               /* Add some slack to requested expiry */
+                               if (timeout < UINT_MAX - X11_TIMEOUT_SLACK)
+                                       x11_timeout_real = timeout +
+                                           X11_TIMEOUT_SLACK;
+                               else {
+                                       /* Don't overflow on long timeouts */
+                                       x11_timeout_real = UINT_MAX;
+                               }
+                               xasprintf(&cmd, "%s -f %s generate %s %s "
+                                   "untrusted timeout %u 2>%s",
+                                   xauth_path, xauthfile, display,
+                                   SSH_X11_PROTO, x11_timeout_real,
+                                   _PATH_DEVNULL);
+                       }
                        debug2("%s: %s", __func__, cmd);
-                       if (x11_refuse_time == 0) {
+
+                       if (timeout != 0 && x11_refuse_time == 0) {
                                now = monotime() + 1;
                                if (UINT_MAX - timeout < now)
                                        x11_refuse_time = UINT_MAX;
@@ -358,6 +369,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
                        }
                        if (system(cmd) == 0)
                                generated = 1;
+                       free(cmd);
                }
 
                /*
@@ -366,7 +378,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
                 * above.
                 */
                if (trusted || generated) {
-                       snprintf(cmd, sizeof(cmd),
+                       xasprintf(&cmd,
                            "%s %s%s list %s 2>" _PATH_DEVNULL,
                            xauth_path,
                            generated ? "-f " : "" ,
@@ -379,6 +391,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
                                got_data = 1;
                        if (f)
                                pclose(f);
+                       free(cmd);
                }
        }
 

diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5
index 1bf1834..a6b41eb 100644 (file)
--- a/usr.bin/ssh/ssh_config.5
+++ b/usr.bin/ssh/ssh_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.284 2018/09/21 03:11:36 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.285 2018/09/21 12:46:22 djm Exp $
 .Dd $Mdocdate: September 21 2018 $
 .Dt SSH_CONFIG 5
 .Os
@@ -686,6 +686,10 @@ section of
 X11 connections received by
 .Xr ssh 1
 after this time will be refused.
+Setting
+.Cm ForwardX11Timeout
+to zero will disable the timeout and permit X11 forwarding for the life
+of the connection.
 The default is to disable untrusted X11 forwarding after twenty minutes has
 elapsed.
 .It Cm ForwardX11Trusted