File xrdp-CVE-2017-6967.patch of Package xrdp.7006

Overview Repositories Revisions Requests Users Attributes Meta

File xrdp-CVE-2017-6967.patch of Package xrdp.7006

diff --git a/sesman/scp_v0.c b/sesman/scp_v0.c
index 3fc788f..73dd51b 100644
--- a/sesman/scp_v0.c
+++ b/sesman/scp_v0.c
@@ -36,6 +36,7 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
     tbus data;
     struct session_item *s_item;
     int errorcode = 0 ;
+    int do_auth_end = 1;
 
     data = auth_userpass(s->username, s->password,&errorcode);
 
@@ -146,6 +147,9 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
                                             s->domain, s->program, s->directory,
                                             s->client_ip);
                 }
+                /* if the session started up ok, auth_end will be called on
+                   sig child */
+                do_auth_end = display == 0;
             }
             else
             {
@@ -155,7 +159,6 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
 
         if (display == 0)
         {
-            auth_end(data);
             scp_v0s_deny_connection(c);
         }
         else
@@ -167,4 +170,8 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
     {
         scp_v0s_deny_connection(c);
     }
+    if (do_auth_end)
+    {
+        auth_end(data);
+    }
 }
diff --git a/sesman/scp_v1.c b/sesman/scp_v1.c
index 2324b75..21924e1 100644
--- a/sesman/scp_v1.c
+++ b/sesman/scp_v1.c
@@ -38,7 +38,7 @@ void DEFAULT_CC
 scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
 {
     long data;
-    int display;
+    int display = 0;
     int retries;
     int current_try;
     enum SCP_SERVER_STATES_E e;
@@ -46,6 +46,7 @@ scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
     struct session_item *sitem;
     int scount;
     SCP_SID sid;
+    int do_auth_end = 1;
 
     retries = g_cfg->sec.login_retry;
     current_try = retries;
@@ -129,13 +129,23 @@ scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
                                     s->password, data, SESMAN_SESSION_TYPE_XVNC,
                                     s->domain, s->program, s->directory, s->client_ip);
         }
-        else
+        else if (SCP_SESSION_TYPE_XRDP == s->type)
         {
             log_message(LOG_LEVEL_INFO, "starting X11rdp session...");
             display = session_start(s->width, s->height, s->bpp, s->username,
                                     s->password, data, SESMAN_SESSION_TYPE_XRDP,
                                     s->domain, s->program, s->directory, s->client_ip);
         }
+        else if (SCP_SESSION_TYPE_XORG == s->type)
+        {
+            log_message(LOG_LEVEL_INFO, "starting Xorg session...");
+            display = session_start(s->width, s->height, s->bpp, s->username,
+                                    s->password, data, SESMAN_SESSION_TYPE_XORG,
+                                    s->domain, s->program, s->directory, s->client_ip);
+        }
+        /* if the session started up ok, auth_end will be called on
+           sig child */
+        do_auth_end = display == 0;
 
         e = scp_v1s_connect_new_session(c, display);
 
@@ -205,7 +214,10 @@ scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
 
     /* cleanup */
     scp_session_destroy(s);
-    auth_end(data);
+    if (do_auth_end)
+    {
+        auth_end(data);
+    }
     g_free(slist);
 }
 
diff --git a/sesman/session.c b/sesman/session.c
index 4ea48d3..efc97e5 100644
--- a/sesman/session.c
+++ b/sesman/session.c
@@ -513,6 +513,7 @@ session_start_fork(int width, int height, int bpp, char *username,
         return 0;
     }
 
+    auth_start_session(data, display);
     pid = g_fork();
 
     if (pid == -1)
@@ -532,7 +533,6 @@ session_start_fork(int width, int height, int bpp, char *username,
         else if (wmpid == 0) /* child (child sesman) xserver */
         {
             wait_for_xserver(display);
-            auth_start_session(data, display);
             pampid = g_fork();
             if (pampid == -1)
             {
@@ -620,7 +620,6 @@ session_start_fork(int width, int height, int bpp, char *username,
             else
             {
                 g_waitpid(pampid);
-                auth_stop_session(data);
                 g_deinit();
                 g_exit(0);
             }
@@ -958,6 +957,8 @@ session_kill(int pid)
 
         if (tmp->item->pid == pid)
         {
+            auth_stop_session(tmp->item->data);
+            auth_end(tmp->item->data);
             /* deleting the session */
             log_message(LOG_LEVEL_INFO, "++ terminated session:  username %s, display :%d.0, session_pid %d, ip %s", tmp->item->name, tmp->item->display, tmp->item->pid, tmp->item->client_ip);
             g_free(tmp->item);

Places

File xrdp-CVE-2017-6967.patch of Package xrdp.7006

Places