More strictness in ssh_channel_msg().

Now it disconnects if the server sends
SSH_MSG_CHANNEL_OPEN_CONFIRMATION or SSH_MSG_CHANNEL_OPEN_FAILURE for
a channel that isn't half-open.  Assertions in the SSH-2 handlers for
these messages rely on this behaviour even though it's never been
enforced before.

diff --git a/ssh.c b/ssh.c
index eea17d010a417af74e9d1fa35c058f02f99d5581..e2b2d0e3dd34e63f900df889a26e0889cc657903 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -7986,10 +7986,12 @@ static struct ssh_channel *ssh_channel_msg(Ssh ssh, struct Packet *pktin)
        halfopen_ok = (pktin->type == SSH2_MSG_CHANNEL_OPEN_CONFIRMATION ||
                       pktin->type == SSH2_MSG_CHANNEL_OPEN_FAILURE);
     c = find234(ssh->channels, &localid, ssh_channelfind);
-    if (!c || (c->type != CHAN_SHARING && c->halfopen && !halfopen_ok)) {
+    if (!c || (c->type != CHAN_SHARING && (c->halfopen != halfopen_ok))) {
        char *buf = dupprintf("Received %s for %s channel %u",
                              ssh_pkt_type(ssh, pktin->type),
-                             c ? "half-open" : "nonexistent", localid);
+                             !c ? "nonexistent" :
+                             c->halfopen ? "half-open" : "open",
+                             localid);
        ssh_disconnect(ssh, NULL, buf, SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
        sfree(buf);
        return NULL;