# HG changeset patch
# User Matt Johnston <matt@ucc.asn.au>
# Date 1125940232 0
# Node ID 0056419cf0f4c28388d5ed8d3f576342393611e1
# Parent  3311f4aa52cba6441c320a888ae8a912dd10274e
* ensure that we only handle open confirmation/failure
  for channels where it is expected

diff -r 3311f4aa52cb -r 0056419cf0f4 channel.h
--- a/channel.h	Mon Sep 05 15:16:52 2005 +0000
+++ b/channel.h	Mon Sep 05 17:10:32 2005 +0000
@@ -81,6 +81,10 @@
 	int initconn; /* used for TCP forwarding, whether the channel has been
 					 fully initialised */
 
+	int await_open; /* flag indicating whether we've sent an open request
+					   for this channel (and are awaiting a confirmation
+					   or failure). */
+
 	const struct ChanType* type;
 
 };
diff -r 3311f4aa52cb -r 0056419cf0f4 common-channel.c
--- a/common-channel.c	Mon Sep 05 15:16:52 2005 +0000
+++ b/common-channel.c	Mon Sep 05 17:10:32 2005 +0000
@@ -147,6 +147,7 @@
 	newchan->outfd = FD_UNINIT;
 	newchan->errfd = FD_CLOSED; /* this isn't always set to start with */
 	newchan->initconn = 0;
+	newchan->await_open = 0;
 
 	newchan->writebuf = cbuf_new(RECV_MAXWINDOW);
 	newchan->extrabuf = NULL; /* The user code can set it up */
@@ -933,6 +934,8 @@
 	chan->infd = chan->outfd = fd;
 	ses.maxfd = MAX(ses.maxfd, fd);
 
+	chan->await_open = 1;
+
 	/* now open the channel connection */
 	CHECKCLEARTOWRITE();
 
@@ -960,6 +963,11 @@
 		dropbear_exit("Unknown channel");
 	}
 
+	if (!channel->await_open) {
+		dropbear_exit("unexpected channel reply");
+	}
+	channel->await_open = 0;
+
 	channel->remotechan =  buf_getint(ses.payload);
 	channel->transwindow = buf_getint(ses.payload);
 	channel->transmaxpacket = buf_getint(ses.payload);
@@ -990,6 +998,11 @@
 		dropbear_exit("Unknown channel");
 	}
 
+	if (!channel->await_open) {
+		dropbear_exit("unexpected channel reply");
+	}
+	channel->await_open = 0;
+
 	removechannel(channel);
 }
 #endif /* USING_LISTENERS */