|
|
69acbb |
From f98a09cacff7baad8748c9aa217afd155a4d493f Mon Sep 17 00:00:00 2001
|
|
|
69acbb |
From: "mmcc@openbsd.org" <mmcc@openbsd.org>
|
|
|
69acbb |
Date: Tue, 20 Oct 2015 03:36:35 +0000
|
|
|
69acbb |
Subject: upstream commit
|
|
|
69acbb |
|
|
|
69acbb |
Replace a function-local allocation with stack memory.
|
|
|
69acbb |
|
|
|
69acbb |
ok djm@
|
|
|
69acbb |
|
|
|
69acbb |
Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e
|
|
|
69acbb |
---
|
|
|
69acbb |
clientloop.c | 9 ++-------
|
|
|
69acbb |
1 file changed, 2 insertions(+), 7 deletions(-)
|
|
|
69acbb |
|
|
|
69acbb |
diff --git a/clientloop.c b/clientloop.c
|
|
|
69acbb |
index 87ceb3d..1e05cba 100644
|
|
|
69acbb |
--- a/clientloop.c
|
|
|
69acbb |
+++ b/clientloop.c
|
|
|
69acbb |
@@ -311,11 +311,10 @@ client_x11_get_proto(const char *display, const char *xauth_path,
|
|
|
69acbb |
static char proto[512], data[512];
|
|
|
69acbb |
FILE *f;
|
|
|
69acbb |
int got_data = 0, generated = 0, do_unlink = 0, i;
|
|
|
69acbb |
- char *xauthdir, *xauthfile;
|
|
|
69acbb |
+ char xauthdir[MAXPATHLEN] = "", xauthfile[MAXPATHLEN] = "";
|
|
|
69acbb |
struct stat st;
|
|
|
69acbb |
u_int now, x11_timeout_real;
|
|
|
69acbb |
|
|
|
69acbb |
- xauthdir = xauthfile = NULL;
|
|
|
69acbb |
*_proto = proto;
|
|
|
69acbb |
*_data = data;
|
|
|
69acbb |
proto[0] = data[0] = '\0';
|
|
|
69acbb |
@@ -343,8 +342,6 @@ client_x11_get_proto(const char *display, const char *xauth_path,
|
|
|
69acbb |
display = xdisplay;
|
|
|
69acbb |
}
|
|
|
69acbb |
if (trusted == 0) {
|
|
|
69acbb |
- xauthdir = xmalloc(MAXPATHLEN);
|
|
|
69acbb |
- xauthfile = xmalloc(MAXPATHLEN);
|
|
|
69acbb |
mktemp_proto(xauthdir, MAXPATHLEN);
|
|
|
69acbb |
/*
|
|
|
69acbb |
* The authentication cookie should briefly outlive
|
|
|
69acbb |
@@ -407,8 +404,6 @@ client_x11_get_proto(const char *display, const char *xauth_path,
|
|
|
69acbb |
unlink(xauthfile);
|
|
|
69acbb |
rmdir(xauthdir);
|
|
|
69acbb |
}
|
|
|
69acbb |
- free(xauthdir);
|
|
|
69acbb |
- free(xauthfile);
|
|
|
69acbb |
|
|
|
69acbb |
/*
|
|
|
69acbb |
* If we didn't get authentication data, just make up some
|
|
|
69acbb |
--
|
|
|
69acbb |
cgit v0.11.2
|
|
|
69acbb |
|
|
|
69acbb |
From ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c Mon Sep 17 00:00:00 2001
|
|
|
69acbb |
From: "djm@openbsd.org" <djm@openbsd.org>
|
|
|
69acbb |
Date: Wed, 13 Jan 2016 23:04:47 +0000
|
|
|
69acbb |
Subject: upstream commit
|
|
|
69acbb |
|
|
|
69acbb |
eliminate fallback from untrusted X11 forwarding to trusted
|
|
|
69acbb |
forwarding when the X server disables the SECURITY extension; Reported by
|
|
|
69acbb |
Thomas Hoger; ok deraadt@
|
|
|
69acbb |
|
|
|
69acbb |
Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
|
|
|
69acbb |
---
|
|
|
69acbb |
clientloop.c | 114 ++++++++++++++++++++++++++++++++++++-----------------------
|
|
|
69acbb |
clientloop.h | 4 +--
|
|
|
69acbb |
mux.c | 22 ++++++------
|
|
|
69acbb |
ssh.c | 23 +++++-------
|
|
|
69acbb |
4 files changed, 93 insertions(+), 70 deletions(-)
|
|
|
69acbb |
|
|
|
69acbb |
diff --git a/clientloop.c b/clientloop.c
|
|
|
69acbb |
index f555451..c0386d5 100644
|
|
|
69acbb |
--- a/clientloop.c
|
|
|
69acbb |
+++ b/clientloop.c
|
|
|
69acbb |
@@ -288,6 +288,9 @@ client_x11_display_valid(const char *display)
|
|
|
69acbb |
{
|
|
|
69acbb |
size_t i, dlen;
|
|
|
69acbb |
|
|
|
69acbb |
+ if (display == NULL)
|
|
|
69acbb |
+ return 0;
|
|
|
69acbb |
+
|
|
|
69acbb |
dlen = strlen(display);
|
|
|
69acbb |
for (i = 0; i < dlen; i++) {
|
|
|
69acbb |
if (!isalnum((u_char)display[i]) &&
|
|
|
69acbb |
@@ -301,34 +304,33 @@ client_x11_display_valid(const char *display)
|
|
|
69acbb |
|
|
|
69acbb |
#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
|
|
|
69acbb |
#define X11_TIMEOUT_SLACK 60
|
|
|
69acbb |
-void
|
|
|
69acbb |
+int
|
|
|
69acbb |
client_x11_get_proto(const char *display, const char *xauth_path,
|
|
|
69acbb |
u_int trusted, u_int timeout, char **_proto, char **_data)
|
|
|
69acbb |
{
|
|
|
69acbb |
- char cmd[1024];
|
|
|
69acbb |
- char line[512];
|
|
|
69acbb |
- char xdisplay[512];
|
|
|
69acbb |
+ char cmd[1024], line[512], xdisplay[512];
|
|
|
69acbb |
+ char xauthfile[MAXPATHLEN], xauthdir[MAXPATHLEN];
|
|
|
69acbb |
static char proto[512], data[512];
|
|
|
69acbb |
FILE *f;
|
|
|
69acbb |
- int got_data = 0, generated = 0, do_unlink = 0, i;
|
|
|
69acbb |
- char xauthdir[MAXPATHLEN] = "", xauthfile[MAXPATHLEN] = "";
|
|
|
69acbb |
+ int got_data = 0, generated = 0, do_unlink = 0, i, r;
|
|
|
69acbb |
struct stat st;
|
|
|
69acbb |
u_int now, x11_timeout_real;
|
|
|
69acbb |
|
|
|
69acbb |
*_proto = proto;
|
|
|
69acbb |
*_data = data;
|
|
|
69acbb |
- proto[0] = data[0] = '\0';
|
|
|
69acbb |
+ proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0';
|
|
|
69acbb |
|
|
|
69acbb |
- if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) {
|
|
|
69acbb |
- debug("No xauth program.");
|
|
|
69acbb |
- } else if (!client_x11_display_valid(display)) {
|
|
|
69acbb |
- logit("DISPLAY '%s' invalid, falling back to fake xauth data",
|
|
|
69acbb |
+ if (!client_x11_display_valid(display)) {
|
|
|
69acbb |
+ logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
|
|
|
69acbb |
display);
|
|
|
69acbb |
- } else {
|
|
|
69acbb |
- if (display == NULL) {
|
|
|
69acbb |
- debug("x11_get_proto: DISPLAY not set");
|
|
|
69acbb |
- return;
|
|
|
69acbb |
- }
|
|
|
69acbb |
+ return -1;
|
|
|
69acbb |
+ }
|
|
|
69acbb |
+ if (xauth_path != NULL && stat(xauth_path, &st) == -1) {
|
|
|
69acbb |
+ debug("No xauth program.");
|
|
|
69acbb |
+ xauth_path = NULL;
|
|
|
69acbb |
+ }
|
|
|
69acbb |
+
|
|
|
69acbb |
+ if (xauth_path != NULL) {
|
|
|
69acbb |
/*
|
|
|
69acbb |
* Handle FamilyLocal case where $DISPLAY does
|
|
|
69acbb |
* not match an authorization entry. For this we
|
|
|
69acbb |
@@ -337,43 +339,60 @@ client_x11_get_proto(const char *display, const char *xauth_path,
|
|
|
69acbb |
* is not perfect.
|
|
|
69acbb |
*/
|
|
|
69acbb |
if (strncmp(display, "localhost:", 10) == 0) {
|
|
|
69acbb |
- snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
|
|
|
69acbb |
- display + 10);
|
|
|
69acbb |
+ if ((r = snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
|
|
|
69acbb |
+ display + 10)) < 0 ||
|
|
|
69acbb |
+ (size_t)r >= sizeof(xdisplay)) {
|
|
|
69acbb |
+ error("%s: display name too long", __func__);
|
|
|
69acbb |
+ return -1;
|
|
|
69acbb |
+ }
|
|
|
69acbb |
display = xdisplay;
|
|
|
69acbb |
}
|
|
|
69acbb |
if (trusted == 0) {
|
|
|
69acbb |
- mktemp_proto(xauthdir, MAXPATHLEN);
|
|
|
69acbb |
/*
|
|
|
69acbb |
+ * Generate an untrusted X11 auth cookie.
|
|
|
69acbb |
+ *
|
|
|
69acbb |
* The authentication cookie should briefly outlive
|
|
|
69acbb |
* ssh's willingness to forward X11 connections to
|
|
|
69acbb |
* avoid nasty fail-open behaviour in the X server.
|
|
|
69acbb |
*/
|
|
|
69acbb |
+ mktemp_proto(xauthdir, sizeof(xauthdir));
|
|
|
69acbb |
+ if (mkdtemp(xauthdir) == NULL) {
|
|
|
69acbb |
+ error("%s: mkdtemp: %s",
|
|
|
69acbb |
+ __func__, strerror(errno));
|
|
|
69acbb |
+ return -1;
|
|
|
69acbb |
+ }
|
|
|
69acbb |
+ do_unlink = 1;
|
|
|
69acbb |
+ if ((r = snprintf(xauthfile, sizeof(xauthfile),
|
|
|
69acbb |
+ "%s/xauthfile", xauthdir)) < 0 ||
|
|
|
69acbb |
+ (size_t)r >= sizeof(xauthfile)) {
|
|
|
69acbb |
+ error("%s: xauthfile path too long", __func__);
|
|
|
69acbb |
+ unlink(xauthfile);
|
|
|
69acbb |
+ rmdir(xauthdir);
|
|
|
69acbb |
+ return -1;
|
|
|
69acbb |
+ }
|
|
|
69acbb |
+
|
|
|
69acbb |
if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK)
|
|
|
69acbb |
x11_timeout_real = UINT_MAX;
|
|
|
69acbb |
else
|
|
|
69acbb |
x11_timeout_real = timeout + X11_TIMEOUT_SLACK;
|
|
|
69acbb |
- if (mkdtemp(xauthdir) != NULL) {
|
|
|
69acbb |
- do_unlink = 1;
|
|
|
69acbb |
- snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile",
|
|
|
69acbb |
- xauthdir);
|
|
|
69acbb |
- snprintf(cmd, sizeof(cmd),
|
|
|
69acbb |
- "%s -f %s generate %s " SSH_X11_PROTO
|
|
|
69acbb |
- " untrusted timeout %u 2>" _PATH_DEVNULL,
|
|
|
69acbb |
- xauth_path, xauthfile, display,
|
|
|
69acbb |
- x11_timeout_real);
|
|
|
69acbb |
- debug2("x11_get_proto: %s", cmd);
|
|
|
69acbb |
- if (x11_refuse_time == 0) {
|
|
|
69acbb |
- now = monotime() + 1;
|
|
|
69acbb |
- if (UINT_MAX - timeout < now)
|
|
|
69acbb |
- x11_refuse_time = UINT_MAX;
|
|
|
69acbb |
- else
|
|
|
69acbb |
- x11_refuse_time = now + timeout;
|
|
|
69acbb |
- channel_set_x11_refuse_time(
|
|
|
69acbb |
- x11_refuse_time);
|
|
|
69acbb |
- }
|
|
|
69acbb |
- if (system(cmd) == 0)
|
|
|
69acbb |
- generated = 1;
|
|
|
69acbb |
+ if ((r = snprintf(cmd, sizeof(cmd),
|
|
|
69acbb |
+ "%s -f %s generate %s " SSH_X11_PROTO
|
|
|
69acbb |
+ " untrusted timeout %u 2>" _PATH_DEVNULL,
|
|
|
69acbb |
+ xauth_path, xauthfile, display,
|
|
|
69acbb |
+ x11_timeout_real)) < 0 ||
|
|
|
69acbb |
+ (size_t)r >= sizeof(cmd))
|
|
|
69acbb |
+ fatal("%s: cmd too long", __func__);
|
|
|
69acbb |
+ debug2("%s: %s", __func__, cmd);
|
|
|
69acbb |
+ if (x11_refuse_time == 0) {
|
|
|
69acbb |
+ now = monotime() + 1;
|
|
|
69acbb |
+ if (UINT_MAX - timeout < now)
|
|
|
69acbb |
+ x11_refuse_time = UINT_MAX;
|
|
|
69acbb |
+ else
|
|
|
69acbb |
+ x11_refuse_time = now + timeout;
|
|
|
69acbb |
+ channel_set_x11_refuse_time(x11_refuse_time);
|
|
|
69acbb |
}
|
|
|
69acbb |
+ if (system(cmd) == 0)
|
|
|
69acbb |
+ generated = 1;
|
|
|
69acbb |
}
|
|
|
69acbb |
|
|
|
69acbb |
/*
|
|
|
69acbb |
@@ -395,9 +414,7 @@ client_x11_get_proto(const char *display, const char *xauth_path,
|
|
|
69acbb |
got_data = 1;
|
|
|
69acbb |
if (f)
|
|
|
69acbb |
pclose(f);
|
|
|
69acbb |
- } else
|
|
|
69acbb |
- error("Warning: untrusted X11 forwarding setup failed: "
|
|
|
69acbb |
- "xauth key data not generated");
|
|
|
69acbb |
+ }
|
|
|
69acbb |
}
|
|
|
69acbb |
|
|
|
69acbb |
if (do_unlink) {
|
|
|
69acbb |
@@ -405,6 +422,13 @@ client_x11_get_proto(const char *display, const char *xauth_path,
|
|
|
69acbb |
rmdir(xauthdir);
|
|
|
69acbb |
}
|
|
|
69acbb |
|
|
|
69acbb |
+ /* Don't fall back to fake X11 data for untrusted forwarding */
|
|
|
69acbb |
+ if (!trusted && !got_data) {
|
|
|
69acbb |
+ error("Warning: untrusted X11 forwarding setup failed: "
|
|
|
69acbb |
+ "xauth key data not generated");
|
|
|
69acbb |
+ return -1;
|
|
|
69acbb |
+ }
|
|
|
69acbb |
+
|
|
|
69acbb |
/*
|
|
|
69acbb |
* If we didn't get authentication data, just make up some
|
|
|
69acbb |
* data. The forwarding code will check the validity of the
|
|
|
69acbb |
@@ -427,6 +451,8 @@ client_x11_get_proto(const char *display, const char *xauth_path,
|
|
|
69acbb |
rnd >>= 8;
|
|
|
69acbb |
}
|
|
|
69acbb |
}
|
|
|
69acbb |
+
|
|
|
69acbb |
+ return 0;
|
|
|
69acbb |
}
|
|
|
69acbb |
|
|
|
69acbb |
/*
|
|
|
69acbb |
diff --git a/clientloop.h b/clientloop.h
|
|
|
69acbb |
index 338d451..f4d4c69 100644
|
|
|
69acbb |
--- a/clientloop.h
|
|
|
69acbb |
+++ b/clientloop.h
|
|
|
69acbb |
@@ -39,7 +39,7 @@
|
|
|
69acbb |
|
|
|
69acbb |
/* Client side main loop for the interactive session. */
|
|
|
69acbb |
int client_loop(int, int, int);
|
|
|
69acbb |
-void client_x11_get_proto(const char *, const char *, u_int, u_int,
|
|
|
69acbb |
+int client_x11_get_proto(const char *, const char *, u_int, u_int,
|
|
|
69acbb |
char **, char **);
|
|
|
69acbb |
void client_global_request_reply_fwd(int, u_int32_t, void *);
|
|
|
69acbb |
void client_session2_setup(int, int, int, const char *, struct termios *,
|
|
|
69acbb |
diff --git a/mux.c b/mux.c
|
|
|
69acbb |
index f9c3af6..6bf53eb 100644
|
|
|
69acbb |
--- a/mux.c
|
|
|
69acbb |
+++ b/mux.c
|
|
|
69acbb |
@@ -1354,16 +1354,18 @@ mux_session_confirm(int id, int success, void *arg)
|
|
|
69acbb |
char *proto, *data;
|
|
|
69acbb |
|
|
|
69acbb |
/* Get reasonable local authentication information. */
|
|
|
69acbb |
- client_x11_get_proto(display, options.xauth_location,
|
|
|
69acbb |
+ if (client_x11_get_proto(display, options.xauth_location,
|
|
|
69acbb |
options.forward_x11_trusted, options.forward_x11_timeout,
|
|
|
69acbb |
- &proto, &data);
|
|
|
69acbb |
- /* Request forwarding with authentication spoofing. */
|
|
|
69acbb |
- debug("Requesting X11 forwarding with authentication "
|
|
|
69acbb |
- "spoofing.");
|
|
|
69acbb |
- x11_request_forwarding_with_spoofing(id, display, proto,
|
|
|
69acbb |
- data, 1);
|
|
|
69acbb |
- client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN);
|
|
|
69acbb |
- /* XXX exit_on_forward_failure */
|
|
|
69acbb |
+ &proto, &data) == 0) {
|
|
|
69acbb |
+ /* Request forwarding with authentication spoofing. */
|
|
|
69acbb |
+ debug("Requesting X11 forwarding with authentication "
|
|
|
69acbb |
+ "spoofing.");
|
|
|
69acbb |
+ x11_request_forwarding_with_spoofing(id, display, proto,
|
|
|
69acbb |
+ data, 1);
|
|
|
69acbb |
+ /* XXX exit_on_forward_failure */
|
|
|
69acbb |
+ client_expect_confirm(id, "X11 forwarding",
|
|
|
69acbb |
+ CONFIRM_WARN);
|
|
|
69acbb |
+ }
|
|
|
69acbb |
}
|
|
|
69acbb |
|
|
|
69acbb |
if (cctx->want_agent_fwd && options.forward_agent) {
|
|
|
69acbb |
diff --git a/ssh.c b/ssh.c
|
|
|
69acbb |
index 81704ab..096c5b5 100644
|
|
|
69acbb |
--- a/ssh.c
|
|
|
69acbb |
+++ b/ssh.c
|
|
|
69acbb |
@@ -1626,6 +1626,7 @@ ssh_session(void)
|
|
|
69acbb |
struct winsize ws;
|
|
|
69acbb |
char *cp;
|
|
|
69acbb |
const char *display;
|
|
|
69acbb |
+ char *proto = NULL, *data = NULL;
|
|
|
69acbb |
|
|
|
69acbb |
/* Enable compression if requested. */
|
|
|
69acbb |
if (options.compression) {
|
|
|
69acbb |
@@ -1696,13 +1697,9 @@ ssh_session(void)
|
|
|
69acbb |
}
|
|
|
69acbb |
/* Request X11 forwarding if enabled and DISPLAY is set. */
|
|
|
69acbb |
display = getenv("DISPLAY");
|
|
|
69acbb |
- if (options.forward_x11 && display != NULL) {
|
|
|
69acbb |
- char *proto, *data;
|
|
|
69acbb |
- /* Get reasonable local authentication information. */
|
|
|
69acbb |
- client_x11_get_proto(display, options.xauth_location,
|
|
|
69acbb |
- options.forward_x11_trusted,
|
|
|
69acbb |
- options.forward_x11_timeout,
|
|
|
69acbb |
- &proto, &data);
|
|
|
69acbb |
+ if (options.forward_x11 && client_x11_get_proto(display,
|
|
|
69acbb |
+ options.xauth_location, options.forward_x11_trusted,
|
|
|
69acbb |
+ options.forward_x11_timeout, &proto, &data) == 0) {
|
|
|
69acbb |
/* Request forwarding with authentication spoofing. */
|
|
|
69acbb |
debug("Requesting X11 forwarding with authentication "
|
|
|
69acbb |
"spoofing.");
|
|
|
69acbb |
@@ -1792,6 +1789,7 @@ ssh_session2_setup(int id, int success, void *arg)
|
|
|
69acbb |
extern char **environ;
|
|
|
69acbb |
const char *display;
|
|
|
69acbb |
int interactive = tty_flag;
|
|
|
69acbb |
+ char *proto = NULL, *data = NULL;
|
|
|
69acbb |
|
|
|
69acbb |
if (!success)
|
|
|
69acbb |
return; /* No need for error message, channels code sens one */
|
|
|
69acbb |
@@ -1799,12 +1797,9 @@ ssh_session2_setup(int id, int success, void *arg)
|
|
|
69acbb |
return; /* No need for error message, channels code sens one */
|
|
|
69acbb |
|
|
|
69acbb |
display = getenv("DISPLAY");
|
|
|
69acbb |
- if (options.forward_x11 && display != NULL) {
|
|
|
69acbb |
- char *proto, *data;
|
|
|
69acbb |
- /* Get reasonable local authentication information. */
|
|
|
69acbb |
- client_x11_get_proto(display, options.xauth_location,
|
|
|
69acbb |
- options.forward_x11_trusted,
|
|
|
69acbb |
- options.forward_x11_timeout, &proto, &data);
|
|
|
69acbb |
+ if (options.forward_x11 && client_x11_get_proto(display,
|
|
|
69acbb |
+ options.xauth_location, options.forward_x11_trusted,
|
|
|
69acbb |
+ options.forward_x11_timeout, &proto, &data) == 0) {
|
|
|
69acbb |
/* Request forwarding with authentication spoofing. */
|
|
|
69acbb |
debug("Requesting X11 forwarding with authentication "
|
|
|
69acbb |
"spoofing.");
|
|
|
69acbb |
--
|
|
|
69acbb |
cgit v0.11.2
|
|
|
69acbb |
|
|
|
69acbb |
From 5658ef2501e785fbbdf5de2dc33b1ff7a4dca73a Mon Sep 17 00:00:00 2001
|
|
|
69acbb |
From: "millert@openbsd.org" <millert@openbsd.org>
|
|
|
69acbb |
Date: Mon, 1 Feb 2016 21:18:17 +0000
|
|
|
69acbb |
Subject: upstream commit
|
|
|
69acbb |
|
|
|
69acbb |
Avoid ugly "DISPLAY "(null)" invalid; disabling X11
|
|
|
69acbb |
forwarding" message when DISPLAY is not set. This could also result in a
|
|
|
69acbb |
crash on systems with a printf that doesn't handle NULL. OK djm@
|
|
|
69acbb |
|
|
|
69acbb |
Upstream-ID: 20ee0cfbda678a247264c20ed75362042b90b412
|
|
|
69acbb |
---
|
|
|
69acbb |
clientloop.c | 7 ++++---
|
|
|
69acbb |
1 file changed, 4 insertions(+), 3 deletions(-)
|
|
|
69acbb |
|
|
|
69acbb |
diff --git a/clientloop.c b/clientloop.c
|
|
|
69acbb |
index f8f9a3f..f0a08f2 100644
|
|
|
69acbb |
--- a/clientloop.c
|
|
|
69acbb |
+++ b/clientloop.c
|
|
|
69acbb |
@@ -318,8 +318,9 @@ client_x11_get_proto(const char *display, const char *xauth_path,
|
|
|
69acbb |
proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0';
|
|
|
69acbb |
|
|
|
69acbb |
if (!client_x11_display_valid(display)) {
|
|
|
69acbb |
- logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
|
|
|
69acbb |
- display);
|
|
|
69acbb |
+ if (display != NULL)
|
|
|
69acbb |
+ logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
|
|
|
69acbb |
+ display);
|
|
|
69acbb |
return -1;
|
|
|
69acbb |
}
|
|
|
69acbb |
if (xauth_path != NULL && stat(xauth_path, &st) == -1) {
|
|
|
69acbb |
--
|
|
|
69acbb |
cgit v0.11.2
|
|
|
69acbb |
|
|
|
69acbb |
|