Mercurial > dropbear
view sshpty.h @ 1715:3974f087d9c0
Disallow leading lines before the ident for server (#102)
Per RFC4253 4.2 clients must be able to process other lines of data
before the version string, server behavior is not defined neither
with MUST/SHOULD nor with MAY.
If server process up to 50 lines too - it may cause too long hanging
session with invalid/evil client that consume host resources and
potentially may lead to DDoS on poor embedded boxes.
Let's require first line from client to be version string and fail
early if it's not - matches both RFC and real OpenSSH behavior.
author | Vladislav Grishenko <themiron@users.noreply.github.com> |
---|---|
date | Mon, 15 Jun 2020 18:22:18 +0500 |
parents | fe6bca95afa7 |
children |
line wrap: on
line source
/* $OpenBSD: sshpty.h,v 1.4 2002/03/04 17:27:39 stevesk Exp $ */ /* * Copied from openssh-3.5p1 source by Matt Johnston 2003 * * Author: Tatu Ylonen <[email protected]> * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland * All rights reserved * Functions for allocating a pseudo-terminal and making it the controlling * tty. * * As far as I am concerned, the code I have written for this software * can be used freely for any purpose. Any derived versions of this * software must be clearly marked as such, and if the derived work is * incompatible with the protocol description in the RFC file, it must be * called by a name other than "ssh" or "Secure Shell". */ #ifndef SSHPTY_H #define SSHPTY_H int pty_allocate(int *, int *, char *, int); void pty_release(const char *); void pty_make_controlling_tty(int *, const char *); void pty_change_window_size(int, int, int, int, int); void pty_setowner(struct passwd *, const char *); #endif /* SSHPTY_H */