===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/session.c,v
retrieving revision 1.280.2.1
retrieving revision 1.281
diff -u -r1.280.2.1 -r1.281
--- src/usr.bin/ssh/session.c	2016/03/10 11:55:43	1.280.2.1
+++ src/usr.bin/ssh/session.c	2016/03/07 19:02:43	1.281
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.280.2.1 2016/03/10 11:55:43 djm Exp $ */
+/* $OpenBSD: session.c,v 1.281 2016/03/07 19:02:43 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -40,7 +40,6 @@
 #include <sys/socket.h>
 #include <sys/queue.h>
 
-#include <ctype.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <grp.h>
@@ -257,21 +256,6 @@
 	do_cleanup(authctxt);
 }
 
-/* Check untrusted xauth strings for metacharacters */
-static int
-xauth_valid_string(const char *s)
-{
-	size_t i;
-
-	for (i = 0; s[i] != '\0'; i++) {
-		if (!isalnum((u_char)s[i]) &&
-		    s[i] != '.' && s[i] != ':' && s[i] != '/' &&
-		    s[i] != '-' && s[i] != '_')
-		return 0;
-	}
-	return 1;
-}
-
 /*
  * Prepares for an interactive session.  This is called after the user has
  * been successfully authenticated.  During this message exchange, pseudo
@@ -345,13 +329,7 @@
 				s->screen = 0;
 			}
 			packet_check_eom();
-			if (xauth_valid_string(s->auth_proto) &&
-			    xauth_valid_string(s->auth_data))
-				success = session_setup_x11fwd(s);
-			else {
-				success = 0;
-				error("Invalid X11 forwarding data");
-			}
+			success = session_setup_x11fwd(s);
 			if (!success) {
 				free(s->auth_proto);
 				free(s->auth_data);
@@ -717,6 +695,7 @@
 int
 do_exec(Session *s, const char *command)
 {
+	struct ssh *ssh = active_state; /* XXX */
 	int ret;
 	const char *forced = NULL, *tty = NULL;
 	char session_type[1024];
@@ -759,8 +738,8 @@
 	    tty == NULL ? "" : " on ",
 	    tty == NULL ? "" : tty,
 	    s->pw->pw_name,
-	    get_remote_ipaddr(),
-	    get_remote_port(),
+	    ssh_remote_ipaddr(ssh),
+	    ssh_remote_port(ssh),
 	    s->self);
 
 #ifdef GSSAPI
@@ -792,6 +771,7 @@
 void
 do_login(Session *s, const char *command)
 {
+	struct ssh *ssh = active_state;	/* XXX */
 	socklen_t fromlen;
 	struct sockaddr_storage from;
 	struct passwd * pw = s->pw;
@@ -814,7 +794,7 @@
 	/* Record that there was a login on that tty from the remote host. */
 	if (!use_privsep)
 		record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
-		    get_remote_name_or_ip(utmp_len,
+		    session_get_remote_name_or_ip(ssh, utmp_len,
 		    options.use_dns),
 		    (struct sockaddr *)&from, fromlen);
 
@@ -964,6 +944,7 @@
 static char **
 do_setup_env(Session *s, const char *shell)
 {
+	struct ssh *ssh = active_state; /* XXX */
 	char buf[256];
 	u_int i, envsize;
 	char **env, *laddr;
@@ -1025,12 +1006,14 @@
 
 	/* SSH_CLIENT deprecated */
 	snprintf(buf, sizeof buf, "%.50s %d %d",
-	    get_remote_ipaddr(), get_remote_port(), get_local_port());
+	    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
+	    ssh_local_port(ssh));
 	child_set_env(&env, &envsize, "SSH_CLIENT", buf);
 
 	laddr = get_local_ipaddr(packet_get_connection_in());
 	snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
-	    get_remote_ipaddr(), get_remote_port(), laddr, get_local_port());
+	    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
+	    laddr, ssh_local_port(ssh));
 	free(laddr);
 	child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
 
@@ -1343,6 +1326,7 @@
 void
 do_child(Session *s, const char *command)
 {
+	struct ssh *ssh = active_state;	/* XXX */
 	extern char **environ;
 	char **env;
 	char *argv[ARGV_MAX];
@@ -1390,14 +1374,14 @@
 
 	/* we have to stash the hostname before we close our socket. */
 	if (options.use_login)
-		hostname = get_remote_name_or_ip(utmp_len,
+		hostname = session_get_remote_name_or_ip(ssh, utmp_len,
 		    options.use_dns);
 	/*
 	 * Close the connection descriptors; note that this is the child, and
 	 * the server will still have the socket open, and it is important
 	 * that we do not shutdown it.  Note that the descriptors cannot be
 	 * closed before building the environment, as we call
-	 * get_remote_ipaddr there.
+	 * ssh_remote_ipaddr there.
 	 */
 	child_close_fds();
 
@@ -1825,13 +1809,7 @@
 	s->screen = packet_get_int();
 	packet_check_eom();
 
-	if (xauth_valid_string(s->auth_proto) &&
-	    xauth_valid_string(s->auth_data))
-		success = session_setup_x11fwd(s);
-	else {
-		success = 0;
-		error("Invalid X11 forwarding data");
-	}
+	success = session_setup_x11fwd(s);
 	if (!success) {
 		free(s->auth_proto);
 		free(s->auth_data);
@@ -2147,12 +2125,13 @@
 void
 session_close(Session *s)
 {
+	struct ssh *ssh = active_state; /* XXX */
 	u_int i;
 
 	verbose("Close session: user %s from %.200s port %d id %d",
 	    s->pw->pw_name,
-	    get_remote_ipaddr(),
-	    get_remote_port(),
+	    ssh_remote_ipaddr(ssh),
+	    ssh_remote_port(ssh),
 	    s->self);
 
 	if (s->ttyfd != -1)
@@ -2386,3 +2365,18 @@
 	if (!use_privsep || mm_is_monitor())
 		session_destroy_all(session_pty_cleanup2);
 }
+
+/* Return a name for the remote host that fits inside utmp_size */
+
+const char *
+session_get_remote_name_or_ip(struct ssh *ssh, u_int utmp_size, int use_dns)
+{
+	const char *remote = "";
+
+	if (utmp_size > 0)
+		remote = auth_get_canonical_hostname(ssh, use_dns);
+	if (utmp_size == 0 || strlen(remote) > utmp_size)
+		remote = ssh_remote_ipaddr(ssh);
+	return remote;
+}
+