[X2Go-Commits] x2goclient.git - build-baikal (branch) updated: 4.0.1.1-12-gc121b7e

X2Go dev team git-admin at x2go.org
Wed Jan 8 22:20:04 CET 2014


The branch, build-baikal has been updated
       via  c121b7e2d3d83abdc2d7a29637bc3294e38b2ec3 (commit)
      from  cf33d551c21c86c7ea654914930550b0fd0b2c79 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 debian/changelog        |    3 +++
 sshmasterconnection.cpp |    6 ++++--
 sshmasterconnection.h   |    5 +++--
 sshprocess.cpp          |   23 ++++++++++++++++-------
 sshprocess.h            |    2 +-
 5 files changed, 27 insertions(+), 12 deletions(-)

The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index e484ba5..e069591 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,9 @@ x2goclient (4.0.1.2-0~x2go2) UNRELEASED; urgency=low
     + Store broker HTTPS certificate exceptions in
       $HOME/.x2go/ssl/exceptions (before: $HOME/ssl/exceptions).
       (Fixes: #328).
+    + Perform sanity checks on data that comes in from X2Go Servers.
+      Prohibit the execution of arbitrary code via the ~/.bashrc file.
+      (Fixes: #333).
   * Pull-in packaging changes from Debian.
 
   [ Ricardo Díaz Martín ]
diff --git a/sshmasterconnection.cpp b/sshmasterconnection.cpp
index d71ce84..0672eb0 100644
--- a/sshmasterconnection.cpp
+++ b/sshmasterconnection.cpp
@@ -903,7 +903,7 @@ void SshMasterConnection::addChannelConnection ( SshProcess* creator, int sock,
 }
 
 
-void SshMasterConnection::addChannelConnection ( SshProcess* creator, QString cmd )
+void SshMasterConnection::addChannelConnection ( SshProcess* creator, QString uuid, QString cmd )
 {
 
     ChannelConnection con;
@@ -911,6 +911,7 @@ void SshMasterConnection::addChannelConnection ( SshProcess* creator, QString cm
     con.sock=-1;
     con.creator=creator;
     con.command=cmd;
+    con.uuid=uuid;
 
     channelConnectionsMutex.lock();
     channelConnections<<con;
@@ -1407,7 +1408,8 @@ void SshMasterConnection::finalize ( int item )
         close ( tcpSocket );
     }
     SshProcess* proc=channelConnections[item].creator;
+    QString uuid=channelConnections[item].uuid;
     channelConnections.removeAt ( item );
-    emit channelClosed ( proc );
+    emit channelClosed ( proc, uuid );
 }
 
diff --git a/sshmasterconnection.h b/sshmasterconnection.h
index bbefe0f..43ad7f6 100644
--- a/sshmasterconnection.h
+++ b/sshmasterconnection.h
@@ -39,6 +39,7 @@ struct ChannelConnection
     QString forwardHost;
     QString localHost;
     QString command;
+    QString uuid;
     bool operator==(ChannelConnection& t)
     {
         return (channel==t.channel);
@@ -67,7 +68,7 @@ public:
     static void finalizeLibSsh();
     void addChannelConnection(SshProcess* creator, int sock, QString forwardHost,
                               int forwardPort, QString localHost, int localPort, void* channel=0l);
-    void addChannelConnection(SshProcess* creator, QString cmd);
+    void addChannelConnection(SshProcess* creator, QString uuid, QString cmd);
     void addCopyRequest(SshProcess* creator, QString src, QString dst);
     void writeKnownHosts(bool);
     void setKeyPhrase(QString);
@@ -191,7 +192,7 @@ signals:
     void ioErr(SshProcess* caller, QString error, QString lastSessionError);
     void copyErr(SshProcess* caller, QString error, QString lastSessionError);
     void copyOk(SshProcess* caller);
-    void channelClosed(SshProcess* caller);
+    void channelClosed(SshProcess* caller, QString uuid);
 
     void connectionError(QString message, QString lastSessionError);
     void serverAuthError(int errCode, QString lastSessionError, SshMasterConnection*);
diff --git a/sshprocess.cpp b/sshprocess.cpp
index 1347e21..3068ca0 100644
--- a/sshprocess.cpp
+++ b/sshprocess.cpp
@@ -20,6 +20,7 @@
 #include "sshmasterconnection.h"
 #include "sshprocess.h"
 #include <QTimer>
+#include <QUuid>
 
 #ifndef Q_OS_WIN
 #include <arpa/inet.h>
@@ -128,14 +129,17 @@ void SshProcess::tunnelLoop()
 
 void SshProcess::startNormal(const QString& cmd)
 {
-    QString shcmd = "sh -c \""+cmd+"\"";
-// #ifdef DEBUG
+    QUuid uuid = QUuid::createUuid();
+    QString uuidStr = uuid.toString().mid(1, 36).toLower();
+
+    QString shcmd = "sh -c \"echo X2GODATABEGIN:" + uuidStr + " && "+cmd+" && echo X2GODATAEND:" + uuidStr +"\";";
+//#ifdef DEBUG
 // ONLY UNCOMMENT FOR TESTING, MIGHT REVEAL PASSWORD WHEN command=RDP
 //    x2goDebug<<"executing remote command: "<<shcmd<<endl;
 // #endif
-    masterCon->addChannelConnection(this, shcmd);
+    masterCon->addChannelConnection(this, uuidStr, shcmd);
     connect(masterCon,SIGNAL(stdOut(SshProcess*,QByteArray)),this,SLOT(slotStdOut(SshProcess*,QByteArray)));
-    connect(masterCon,SIGNAL(channelClosed(SshProcess*)), this,SLOT(slotChannelClosed(SshProcess*)));
+    connect(masterCon,SIGNAL(channelClosed(SshProcess*,QString)), this,SLOT(slotChannelClosed(SshProcess*,QString)));
 }
 
 void SshProcess::start_cp(QString src, QString dst)
@@ -216,7 +220,7 @@ void SshProcess::slotReverseTunnelOk(SshProcess* creator)
 }
 
 
-void SshProcess::slotChannelClosed(SshProcess* creator)
+void SshProcess::slotChannelClosed(SshProcess* creator, QString uuid)
 {
     if (creator!=this)
         return;
@@ -235,8 +239,13 @@ void SshProcess::slotChannelClosed(SshProcess* creator)
             x2goDebug<<"have only stderr, something must be wrong"<<endl;
 #endif
         }
-        else
-            output=stdOutString;
+        else {
+            QString begin_marker = "X2GODATABEGIN:"+uuid+"\n";
+            QString end_marker = "X2GODATAEND:"+uuid+"\n";
+            int output_begin=stdOutString.indexOf(begin_marker) + begin_marker.length();
+            int output_end=stdOutString.indexOf(end_marker);
+            output = stdOutString.mid(output_begin, output_end-output_begin);
+        }
     }
 #ifdef DEBUG
     x2goDebug<<"ssh finished:"<<normalExited<<" - "<<output<<endl;
diff --git a/sshprocess.h b/sshprocess.h
index d446e22..caddb3f 100644
--- a/sshprocess.h
+++ b/sshprocess.h
@@ -77,7 +77,7 @@ private slots:
     void slotStdErr(SshProcess* creator, QByteArray data);
     void slotStdOut(SshProcess* creator, QByteArray data);
     void slotIOerr(SshProcess* creator,QString message, QString sshSessionErr);
-    void slotChannelClosed(SshProcess* creator);
+    void slotChannelClosed(SshProcess* creator, QString uuid);
     void slotReverseTunnelOk(SshProcess* creator);
     void slotCopyOk(SshProcess* creator);
     void slotCopyErr(SshProcess* creator,QString message, QString sshSessionErr);


hooks/post-receive
-- 
x2goclient.git (X2Go Client)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2goclient.git" (X2Go Client).




More information about the x2go-commits mailing list