===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-agent.c,v
retrieving revision 1.85.2.1
retrieving revision 1.85.2.2
diff -u -r1.85.2.1 -r1.85.2.2
--- src/usr.bin/ssh/ssh-agent.c	2002/06/26 15:30:39	1.85.2.1
+++ src/usr.bin/ssh/ssh-agent.c	2002/10/11 14:51:53	1.85.2.2
@@ -35,7 +35,7 @@
 
 #include "includes.h"
 #include <sys/queue.h>
-RCSID("$OpenBSD: ssh-agent.c,v 1.85.2.1 2002/06/26 15:30:39 jason Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.85.2.2 2002/10/11 14:51:53 miod Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -103,6 +103,17 @@
 extern char *__progname;
 
 static void
+close_socket(SocketEntry *e)
+{
+	close(e->fd);
+	e->fd = -1;
+	e->type = AUTH_UNUSED;
+	buffer_free(&e->input);
+	buffer_free(&e->output);
+	buffer_free(&e->request);
+}
+
+static void
 idtab_init(void)
 {
 	int i;
@@ -613,13 +624,7 @@
 	cp = buffer_ptr(&e->input);
 	msg_len = GET_32BIT(cp);
 	if (msg_len > 256 * 1024) {
-		shutdown(e->fd, SHUT_RDWR);
-		close(e->fd);
-		e->fd = -1;
-		e->type = AUTH_UNUSED;
-		buffer_free(&e->input);
-		buffer_free(&e->output);
-		buffer_free(&e->request);
+		close_socket(e);
 		return;
 	}
 	if (buffer_len(&e->input) < msg_len + 4)
@@ -801,6 +806,8 @@
 	char buf[1024];
 	int len, sock;
 	u_int i;
+	uid_t euid;
+	gid_t egid;
 
 	for (i = 0; i < sockets_alloc; i++)
 		switch (sockets[i].type) {
@@ -816,6 +823,19 @@
 					    strerror(errno));
 					break;
 				}
+				if (getpeereid(sock, &euid, &egid) < 0) {
+					error("getpeereid %d failed: %s",
+					    sock, strerror(errno));
+					close(sock);
+					break;
+				}
+				if ((euid != 0) && (getuid() != euid)) {
+					error("uid mismatch: "
+					    "peer euid %u != uid %u",
+					    (u_int) euid, (u_int) getuid());
+					close(sock);
+					break;
+				}
 				new_socket(AUTH_CONNECTION, sock);
 			}
 			break;
@@ -832,13 +852,7 @@
 					break;
 				} while (1);
 				if (len <= 0) {
-					shutdown(sockets[i].fd, SHUT_RDWR);
-					close(sockets[i].fd);
-					sockets[i].fd = -1;
-					sockets[i].type = AUTH_UNUSED;
-					buffer_free(&sockets[i].input);
-					buffer_free(&sockets[i].output);
-					buffer_free(&sockets[i].request);
+					close_socket(&sockets[i]);
 					break;
 				}
 				buffer_consume(&sockets[i].output, len);
@@ -852,13 +866,7 @@
 					break;
 				} while (1);
 				if (len <= 0) {
-					shutdown(sockets[i].fd, SHUT_RDWR);
-					close(sockets[i].fd);
-					sockets[i].fd = -1;
-					sockets[i].type = AUTH_UNUSED;
-					buffer_free(&sockets[i].input);
-					buffer_free(&sockets[i].output);
-					buffer_free(&sockets[i].request);
+					close_socket(&sockets[i]);
 					break;
 				}
 				buffer_append(&sockets[i].input, buf, len);
@@ -930,9 +938,14 @@
 	struct sockaddr_un sunaddr;
 	struct rlimit rlim;
 	extern int optind;
+	extern char *optarg;
 	pid_t pid;
 	char pidstrbuf[1 + 3 * sizeof pid];
 
+	/* drop */
+	setegid(getgid());
+	setgid(getgid());
+
 	SSLeay_add_all_algorithms();
 
 	while ((ch = getopt(ac, av, "cdksa:")) != -1) {
@@ -1029,7 +1042,7 @@
 		perror("bind");
 		cleanup_exit(1);
 	}
-	if (listen(sock, 5) < 0) {
+	if (listen(sock, 128) < 0) {
 		perror("listen");
 		cleanup_exit(1);
 	}