Advertisement
ryzhov_al

Dropbear: 2016.73 > Padavan patch

Aug 15th, 2016
239
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Diff 18.89 KB | None | 0 0
  1. diff -burNx debian dropbear-2016.73/cli-main.c dropbear-2015.XX/cli-main.c
  2. --- dropbear-2016.73/cli-main.c 2016-03-18 17:44:43.000000000 +0300
  3. +++ dropbear-2015.XX/cli-main.c 2016-08-14 19:43:25.229228227 +0300
  4. @@ -86,7 +86,8 @@
  5.         } else
  6.  #endif
  7.         {
  8. -               progress = connect_remote(cli_opts.remotehost, cli_opts.remoteport, cli_connected, &ses);
  9. +               progress = connect_remote(cli_opts.ipfamily, cli_opts.remotehost,
  10. +                               cli_opts.remoteport, cli_connected, &ses);
  11.                 sock_in = sock_out = -1;
  12.         }
  13.  
  14. diff -burNx debian dropbear-2016.73/cli-runopts.c dropbear-2015.XX/cli-runopts.c
  15. --- dropbear-2016.73/cli-runopts.c      2016-03-18 17:44:43.000000000 +0300
  16. +++ dropbear-2015.XX/cli-runopts.c      2016-08-14 19:43:25.229228227 +0300
  17. @@ -56,6 +56,9 @@
  18.  #else
  19.                                         "Usage: %s [options] [user@]host[/port] [command]\n"
  20.  #endif
  21. +#if defined AF_INET6 && AF_INET6 < AF_MAX
  22. +                                       "-4,-6 Explicitly force IPv4 or IPv6 usage\n"
  23. +#endif
  24.                                         "-p <remoteport>\n"
  25.                                         "-l <username>\n"
  26.                                         "-t    Allocate a pty\n"
  27. @@ -176,10 +179,7 @@
  28.  #ifndef DISABLE_SYSLOG
  29.         opts.usingsyslog = 0;
  30.  #endif
  31. -       /* not yet
  32. -       opts.ipv4 = 1;
  33. -       opts.ipv6 = 1;
  34. -       */
  35. +       cli_opts.ipfamily = AF_UNSPEC;
  36.         opts.recv_window = DEFAULT_RECV_WINDOW;
  37.         opts.keepalive_secs = DEFAULT_KEEPALIVE;
  38.         opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT;
  39. @@ -210,6 +210,14 @@
  40.                                         }
  41.                                         cli_opts.always_accept_key = 1;
  42.                                         break;
  43. +#if defined AF_INET6 && AF_INET6 < AF_MAX
  44. +                               case '4':
  45. +                                       cli_opts.ipfamily = AF_INET;
  46. +                                       break;
  47. +                               case '6':
  48. +                                       cli_opts.ipfamily = AF_INET6;
  49. +                                       break;
  50. +#endif
  51.                                 case 'p': /* remoteport */
  52.                                         next = &cli_opts.remoteport;
  53.                                         break;
  54. diff -burNx debian dropbear-2016.73/cli-tcpfwd.c dropbear-2015.XX/cli-tcpfwd.c
  55. --- dropbear-2016.73/cli-tcpfwd.c       2016-03-18 17:44:43.000000000 +0300
  56. +++ dropbear-2015.XX/cli-tcpfwd.c       2016-08-14 19:43:25.229228227 +0300
  57. @@ -274,7 +274,8 @@
  58.         }
  59.  
  60.         snprintf(portstring, sizeof(portstring), "%u", fwd->connectport);
  61. -       channel->conn_pending = connect_remote(fwd->connectaddr, portstring, channel_connect_done, channel);
  62. +       channel->conn_pending = connect_remote(AF_UNSPEC, fwd->connectaddr,
  63. +                                       portstring, channel_connect_done, channel);
  64.  
  65.         channel->prio = DROPBEAR_CHANNEL_PRIO_UNKNOWABLE;
  66.  
  67. diff -burNx debian dropbear-2016.73/common-session.c dropbear-2015.XX/common-session.c
  68. --- dropbear-2016.73/common-session.c   2016-03-18 17:44:43.000000000 +0300
  69. +++ dropbear-2015.XX/common-session.c   2016-08-14 19:43:25.237228509 +0300
  70. @@ -550,10 +550,12 @@
  71.  static long select_timeout() {
  72.         /* determine the minimum timeout that might be required, so
  73.         as to avoid waking when unneccessary */
  74. -       long timeout = LONG_MAX;
  75. +       long timeout = KEX_REKEY_TIMEOUT;
  76.         long now = monotonic_now();
  77.  
  78. +       if (!ses.kexstate.sentkexinit) {
  79.         update_timeout(KEX_REKEY_TIMEOUT, now, ses.kexstate.lastkextime, &timeout);
  80. +       }
  81.  
  82.         if (ses.authstate.authdone != 1 && IS_DROPBEAR_SERVER) {
  83.                 /* AUTH_TIMEOUT is only relevant before authdone */
  84. diff -burNx debian dropbear-2016.73/kex.h dropbear-2015.XX/kex.h
  85. --- dropbear-2016.73/kex.h      2016-03-18 17:44:43.000000000 +0300
  86. +++ dropbear-2015.XX/kex.h      2016-08-14 19:43:25.357232748 +0300
  87. @@ -106,6 +106,6 @@
  88.  #endif
  89.  
  90.  
  91. -#define MAX_KEXHASHBUF 2000
  92. +#define MAX_KEXHASHBUF 3000
  93.  
  94.  #endif /* DROPBEAR_KEX_H_ */
  95. diff -burNx debian dropbear-2016.73/netio.c dropbear-2015.XX/netio.c
  96. --- dropbear-2016.73/netio.c    2016-03-18 17:44:43.000000000 +0300
  97. +++ dropbear-2015.XX/netio.c    2016-08-14 19:43:25.557239816 +0300
  98. @@ -129,8 +129,8 @@
  99.  }
  100.  
  101.  /* Connect via TCP to a host. */
  102. -struct dropbear_progress_connection *connect_remote(const char* remotehost, const char* remoteport,
  103. -       connect_callback cb, void* cb_data)
  104. +struct dropbear_progress_connection *connect_remote(int family, const char* remotehost,
  105. +       const char* remoteport, connect_callback cb, void* cb_data)
  106.  {
  107.         struct dropbear_progress_connection *c = NULL;
  108.         int err;
  109. @@ -147,7 +147,7 @@
  110.  
  111.         memset(&hints, 0, sizeof(hints));
  112.         hints.ai_socktype = SOCK_STREAM;
  113. -       hints.ai_family = AF_UNSPEC;
  114. +       hints.ai_family = family;
  115.  
  116.         err = getaddrinfo(remotehost, remoteport, &hints, &c->res);
  117.         if (err) {
  118. @@ -354,7 +354,7 @@
  119.   * Returns the number of sockets bound on success, or -1 on failure. On
  120.   * failure, if errstring wasn't NULL, it'll be a newly malloced error
  121.   * string.*/
  122. -int dropbear_listen(const char* address, const char* port,
  123. +int dropbear_listen(int family, const char* address, const char* port,
  124.                 int *socks, unsigned int sockcount, char **errstring, int *maxfd) {
  125.  
  126.         struct addrinfo hints, *res = NULL, *res0 = NULL;
  127. @@ -367,7 +367,7 @@
  128.         TRACE(("enter dropbear_listen"))
  129.  
  130.         memset(&hints, 0, sizeof(hints));
  131. -       hints.ai_family = AF_UNSPEC; /* TODO: let them flag v4 only etc */
  132. +       hints.ai_family = family;
  133.         hints.ai_socktype = SOCK_STREAM;
  134.  
  135.         /* for calling getaddrinfo:
  136. diff -burNx debian dropbear-2016.73/netio.h dropbear-2015.XX/netio.h
  137. --- dropbear-2016.73/netio.h    2016-03-18 17:44:43.000000000 +0300
  138. +++ dropbear-2015.XX/netio.h    2016-08-14 19:43:25.557239816 +0300
  139. @@ -18,7 +18,7 @@
  140.                 char **remote_host, char **remote_port, int host_lookup);
  141.  void getaddrstring(struct sockaddr_storage* addr,
  142.                 char **ret_host, char **ret_port, int host_lookup);
  143. -int dropbear_listen(const char* address, const char* port,
  144. +int dropbear_listen(int family, const char* address, const char* port,
  145.                 int *socks, unsigned int sockcount, char **errstring, int *maxfd);
  146.  
  147.  struct dropbear_progress_connection;
  148. @@ -28,8 +28,8 @@
  149.  typedef void(*connect_callback)(int result, int sock, void* data, const char* errstring);
  150.  
  151.  /* Always returns a progress connection, if it fails it will call the callback at a later point */
  152. -struct dropbear_progress_connection * connect_remote (const char* remotehost, const char* remoteport,
  153. -       connect_callback cb, void *cb_data);
  154. +struct dropbear_progress_connection * connect_remote (int family, const char* remotehost,
  155. +       const char* remoteport, connect_callback cb, void *cb_data);
  156.  
  157.  /* Sets up for select() */
  158.  void set_connect_fds(fd_set *writefd);
  159. diff -burNx debian dropbear-2016.73/options.h dropbear-2015.XX/options.h
  160. --- dropbear-2016.73/options.h  2016-03-18 17:44:43.000000000 +0300
  161. +++ dropbear-2015.XX/options.h  2016-08-14 19:43:25.557239816 +0300
  162. @@ -21,13 +21,13 @@
  163.  
  164.  /* Default hostkey paths - these can be specified on the command line */
  165.  #ifndef DSS_PRIV_FILENAME
  166. -#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
  167. +#define DSS_PRIV_FILENAME "/etc/storage/dropbear/dss_host_key"
  168.  #endif
  169.  #ifndef RSA_PRIV_FILENAME
  170. -#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
  171. +#define RSA_PRIV_FILENAME "/etc/storage/dropbear/rsa_host_key"
  172.  #endif
  173.  #ifndef ECDSA_PRIV_FILENAME
  174. -#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key"
  175. +#define ECDSA_PRIV_FILENAME "/etc/storage/dropbear/ecdsa_host_key"
  176.  #endif
  177.  
  178.  /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
  179. @@ -41,7 +41,7 @@
  180.   * Both of these flags can be defined at once, don't compile without at least
  181.   * one of them. */
  182.  #define NON_INETD_MODE
  183. -#define INETD_MODE
  184. +/*#define INETD_MODE*/
  185.  
  186.  /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
  187.   * perhaps 20% slower for pubkey operations (it is probably worth experimenting
  188. @@ -52,7 +52,7 @@
  189.  several kB in binary size however will make the symmetrical ciphers and hashes
  190.  slower, perhaps by 50%. Recommended for small systems that aren't doing
  191.  much traffic. */
  192. -#define DROPBEAR_SMALL_CODE
  193. +/*#define DROPBEAR_SMALL_CODE*/
  194.  
  195.  /* Enable X11 Forwarding - server only */
  196.  #define ENABLE_X11FWD
  197. @@ -81,7 +81,7 @@
  198.  
  199.  /* Enable "Netcat mode" option. This will forward standard input/output
  200.   * to a remote TCP-forwarded connection */
  201. -#define ENABLE_CLI_NETCAT
  202. +/*#define ENABLE_CLI_NETCAT*/
  203.  
  204.  /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
  205.  #define ENABLE_USER_ALGO_LIST
  206. @@ -95,8 +95,8 @@
  207.  #define DROPBEAR_AES256
  208.  /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
  209.  /*#define DROPBEAR_BLOWFISH*/
  210. -#define DROPBEAR_TWOFISH256
  211. -#define DROPBEAR_TWOFISH128
  212. +/*#define DROPBEAR_TWOFISH256*/
  213. +/*#define DROPBEAR_TWOFISH128*/
  214.  
  215.  /* Enable CBC mode for ciphers. This has security issues though
  216.   * is the most compatible with older SSH implementations */
  217. @@ -157,12 +157,12 @@
  218.     with badly seeded /dev/urandom when systems first boot.
  219.     This also requires a runtime flag "-R". This adds ~4kB to binary size (or hardly
  220.     anything if dropbearkey is linked in a "dropbearmulti" binary) */
  221. -#define DROPBEAR_DELAY_HOSTKEY
  222. +/*#define DROPBEAR_DELAY_HOSTKEY*/
  223.  
  224.  /* Enable Curve25519 for key exchange. This is another elliptic
  225.   * curve method with good security properties. Increases binary size
  226.   * by ~8kB on x86-64 */
  227. -#define DROPBEAR_CURVE25519
  228. +/*#define DROPBEAR_CURVE25519*/
  229.  
  230.  /* Enable elliptic curve Diffie Hellman key exchange, see note about
  231.   * ECDSA above */
  232. @@ -190,11 +190,11 @@
  233.  #define DROPBEAR_SERVER_DELAY_ZLIB 1
  234.  
  235.  /* Whether to do reverse DNS lookups. */
  236. -/*#define DO_HOST_LOOKUP */
  237. +/*#define DO_HOST_LOOKUP*/
  238.  
  239.  /* Whether to print the message of the day (MOTD). This doesn't add much code
  240.   * size */
  241. -#define DO_MOTD
  242. +/*#define DO_MOTD*/
  243.  
  244.  /* The MOTD file path */
  245.  #ifndef MOTD_FILENAME
  246. @@ -216,7 +216,7 @@
  247.  #define ENABLE_SVR_PASSWORD_AUTH
  248.  #endif
  249.  /* PAM requires ./configure --enable-pam */
  250. -/*#define ENABLE_SVR_PAM_AUTH */
  251. +/*#define ENABLE_SVR_PAM_AUTH*/
  252.  #define ENABLE_SVR_PUBKEY_AUTH
  253.  
  254.  /* Whether to take public key options in
  255. @@ -270,18 +270,18 @@
  256.   * not yet authenticated. After this limit, connections are rejected */
  257.  /* The first setting is per-IP, to avoid denial of service */
  258.  #ifndef MAX_UNAUTH_PER_IP
  259. -#define MAX_UNAUTH_PER_IP 5
  260. +#define MAX_UNAUTH_PER_IP 3
  261.  #endif
  262.  
  263.  /* And then a global limit to avoid chewing memory if connections
  264.   * come from many IPs */
  265.  #ifndef MAX_UNAUTH_CLIENTS
  266. -#define MAX_UNAUTH_CLIENTS 30
  267. +#define MAX_UNAUTH_CLIENTS 10
  268.  #endif
  269.  
  270.  /* Maximum number of failed authentication tries (server option) */
  271.  #ifndef MAX_AUTH_TRIES
  272. -#define MAX_AUTH_TRIES 10
  273. +#define MAX_AUTH_TRIES 4
  274.  #endif
  275.  
  276.  /* The default file to store the daemon's process ID, for shutdown
  277. @@ -293,19 +293,19 @@
  278.  /* The command to invoke for xauth when using X11 forwarding.
  279.   * "-q" for quiet */
  280.  #ifndef XAUTH_COMMAND
  281. -#define XAUTH_COMMAND "/usr/bin/xauth -q"
  282. +#define XAUTH_COMMAND "/opt/bin/xauth -q"
  283.  #endif
  284.  
  285.  /* if you want to enable running an sftp server (such as the one included with
  286.   * OpenSSH), set the path below. If the path isn't defined, sftp will not
  287.   * be enabled */
  288.  #ifndef SFTPSERVER_PATH
  289. -#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
  290. +#define SFTPSERVER_PATH "/opt/libexec/sftp-server"
  291.  #endif
  292.  
  293.  /* This is used by the scp binary when used as a client binary. If you're
  294.   * not using the Dropbear client, you'll need to change it */
  295. -#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
  296. +#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/ssh"
  297.  
  298.  /* Whether to log commands executed by a client. This only logs the
  299.   * (single) command sent to the server, not what a user did in a
  300. diff -burNx debian dropbear-2016.73/release.sh dropbear-2015.XX/release.sh
  301. --- dropbear-2016.73/release.sh 2016-03-18 17:44:43.000000000 +0300
  302. +++ dropbear-2015.XX/release.sh 1970-01-01 03:00:00.000000000 +0300
  303. @@ -1,45 +0,0 @@
  304. -#!/bin/sh
  305. -VERSION=$(echo '#include "sysoptions.h"\necho DROPBEAR_VERSION' | cpp - | sh)
  306. -echo Releasing version "$VERSION" ...
  307. -if ! head -n1 CHANGES | grep -q $VERSION ; then
  308. -       echo "CHANGES needs updating"
  309. -       exit 1
  310. -fi
  311. -
  312. -if ! head -n1 debian/changelog | grep -q $VERSION ; then
  313. -       echo "debian/changelog needs updating"
  314. -       exit 1
  315. -fi
  316. -
  317. -head -n1 CHANGES
  318. -
  319. -#sleep 3
  320. -
  321. -RELDIR=$PWD/../dropbear-$VERSION
  322. -ARCHIVE=${RELDIR}.tar.bz2
  323. -if test -e $RELDIR; then
  324. -       echo "$RELDIR exists"
  325. -       exit 1
  326. -fi
  327. -
  328. -if test -e $ARCHIVE; then
  329. -       echo "$ARCHIVE exists"
  330. -       exit 1
  331. -fi
  332. -
  333. -hg archive "$RELDIR"  || exit 2
  334. -
  335. -(cd "$RELDIR" && autoconf && autoheader) || exit 2
  336. -
  337. -rm -r "$RELDIR/autom4te.cache" || exit 2
  338. -
  339. -rm "$RELDIR/.hgtags"
  340. -
  341. -(cd "$RELDIR/.." && tar cjf $ARCHIVE `basename "$RELDIR"`) || exit 2
  342. -
  343. -ls -l $ARCHIVE
  344. -openssl sha -sha256 $ARCHIVE
  345. -echo Done to
  346. -echo "$ARCHIVE"
  347. -echo Sign it with
  348. -echo gpg2 --detach-sign -a -u F29C6773 "$ARCHIVE"
  349. diff -burNx debian dropbear-2016.73/runopts.h dropbear-2015.XX/runopts.h
  350. --- dropbear-2016.73/runopts.h  2016-03-18 17:44:43.000000000 +0300
  351. +++ dropbear-2015.XX/runopts.h  2016-08-14 19:43:25.557239816 +0300
  352. @@ -80,11 +80,8 @@
  353.  
  354.         int inetdmode;
  355.  
  356. -       /* Flags indicating whether to use ipv4 and ipv6 */
  357. -       /* not used yet
  358. -       int ipv4;
  359. -       int ipv6;
  360. -       */
  361. +       /* ip protocol family to use */
  362. +       int ipfamily;
  363.  
  364.  #ifdef DO_MOTD
  365.         /* whether to print the MOTD */
  366. @@ -124,6 +121,10 @@
  367.  typedef struct cli_runopts {
  368.  
  369.         char *progname;
  370. +
  371. +       /* ip protocol family to use */
  372. +       int ipfamily;
  373. +
  374.         char *remotehost;
  375.         char *remoteport;
  376.  
  377. diff -burNx debian dropbear-2016.73/signkey.c dropbear-2015.XX/signkey.c
  378. --- dropbear-2016.73/signkey.c  2016-03-18 17:44:43.000000000 +0300
  379. +++ dropbear-2015.XX/signkey.c  2016-08-14 19:43:25.557239816 +0300
  380. @@ -410,7 +410,8 @@
  381.         /* skip the size int of the string - this is a bit messy */
  382.         md5_process(&hs, keyblob, keybloblen);
  383.  
  384. -       md5_done(&hs, hash);
  385. +       if (md5_done(&hs, hash) != CRYPT_OK)
  386. +               return NULL;
  387.  
  388.         /* "md5 hexfingerprinthere\0", each hex digit is "AB:" etc */
  389.         buflen = 4 + 3*MD5_HASH_SIZE;
  390. diff -burNx debian dropbear-2016.73/svr-main.c dropbear-2015.XX/svr-main.c
  391. --- dropbear-2016.73/svr-main.c 2016-03-18 17:44:43.000000000 +0300
  392. +++ dropbear-2015.XX/svr-main.c 2016-08-14 19:43:25.557239816 +0300
  393. @@ -119,6 +119,7 @@
  394.         int childsock;
  395.         int childpipe[2];
  396.  
  397. +       memset(listensocks, 0, sizeof(listensocks));
  398.         /* Note: commonsetup() must happen before we daemon()ise. Otherwise
  399.            daemon() will chdir("/"), and we won't be able to find local-dir
  400.            hostkeys. */
  401. @@ -415,7 +416,8 @@
  402.  
  403.                 TRACE(("listening on '%s:%s'", svr_opts.addresses[i], svr_opts.ports[i]))
  404.  
  405. -               nsock = dropbear_listen(svr_opts.addresses[i], svr_opts.ports[i], &socks[sockpos],
  406. +               nsock = dropbear_listen(svr_opts.ipfamily,
  407. +                               svr_opts.addresses[i], svr_opts.ports[i], &socks[sockpos],
  408.                                 sockcount - sockpos,
  409.                                 &errstring, maxfd);
  410.  
  411. diff -burNx debian dropbear-2016.73/svr-runopts.c dropbear-2015.XX/svr-runopts.c
  412. --- dropbear-2016.73/svr-runopts.c      2016-03-18 17:44:43.000000000 +0300
  413. +++ dropbear-2015.XX/svr-runopts.c      2016-08-14 19:43:25.561239956 +0300
  414. @@ -80,6 +80,9 @@
  415.                                         "-k             Disable remote port forwarding\n"
  416.                                         "-a             Allow connections to forwarded ports from any host\n"
  417.  #endif
  418. +#if defined AF_INET6 && AF_INET6 < AF_MAX
  419. +                                       "-4,-6          Explicitly force IPv4 or IPv6 usage\n"
  420. +#endif
  421.                                         "-p [address:]port\n"
  422.                                         "               Listen on specified tcp port (and optionally address),\n"
  423.                                         "               up to %d can be specified\n"
  424. @@ -149,17 +152,13 @@
  425.         opts.compress_mode = DROPBEAR_COMPRESS_ON;
  426.  #endif
  427.  #endif
  428. -
  429. -       /* not yet
  430. -       opts.ipv4 = 1;
  431. -       opts.ipv6 = 1;
  432. -       */
  433.  #ifdef DO_MOTD
  434.         svr_opts.domotd = 1;
  435.  #endif
  436.  #ifndef DISABLE_SYSLOG
  437.         opts.usingsyslog = 1;
  438.  #endif
  439. +       svr_opts.ipfamily = AF_UNSPEC;
  440.         opts.recv_window = DEFAULT_RECV_WINDOW;
  441.         opts.keepalive_secs = DEFAULT_KEEPALIVE;
  442.         opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT;
  443. @@ -210,6 +209,14 @@
  444.                                         svr_opts.inetdmode = 1;
  445.                                         break;
  446.  #endif
  447. +#if defined AF_INET6 && AF_INET6 < AF_MAX
  448. +                               case '4':
  449. +                                       svr_opts.ipfamily = AF_INET;
  450. +                                       break;
  451. +                               case '6':
  452. +                                       svr_opts.ipfamily = AF_INET6;
  453. +                                       break;
  454. +#endif
  455.                                 case 'p':
  456.                                   nextisport = 1;
  457.                                   break;
  458. diff -burNx debian dropbear-2016.73/svr-tcpfwd.c dropbear-2015.XX/svr-tcpfwd.c
  459. --- dropbear-2016.73/svr-tcpfwd.c       2016-03-18 17:44:43.000000000 +0300
  460. +++ dropbear-2015.XX/svr-tcpfwd.c       2016-08-14 19:43:25.561239956 +0300
  461. @@ -270,7 +270,8 @@
  462.         }
  463.  
  464.         snprintf(portstring, sizeof(portstring), "%u", destport);
  465. -       channel->conn_pending = connect_remote(desthost, portstring, channel_connect_done, channel);
  466. +       channel->conn_pending = connect_remote(AF_UNSPEC, desthost, portstring,
  467. +                                       channel_connect_done, channel);
  468.  
  469.         channel->prio = DROPBEAR_CHANNEL_PRIO_UNKNOWABLE;
  470.  
  471. diff -burNx debian dropbear-2016.73/tcp-accept.c dropbear-2015.XX/tcp-accept.c
  472. --- dropbear-2016.73/tcp-accept.c       2016-03-18 17:44:43.000000000 +0300
  473. +++ dropbear-2015.XX/tcp-accept.c       2016-08-14 19:43:25.561239956 +0300
  474. @@ -123,7 +123,7 @@
  475.         /* first we try to bind, so don't need to do so much cleanup on failure */
  476.         snprintf(portstring, sizeof(portstring), "%u", tcpinfo->listenport);
  477.  
  478. -       nsocks = dropbear_listen(tcpinfo->listenaddr, portstring, socks,
  479. +       nsocks = dropbear_listen(AF_UNSPEC, tcpinfo->listenaddr, portstring, socks,
  480.                         DROPBEAR_MAX_SOCKS, &errstring, &ses.maxfd);
  481.         if (nsocks < 0) {
  482.                 dropbear_log(LOG_INFO, "TCP forward failed: %s", errstring);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement