Skip to content

Commit d6cba82

Browse files
spikecurtisspikecurtis
committed
fix: cap max X11 forwarding ports and evict old
1 parent c3bc1e7 commit d6cba82

File tree

2 files changed

+269
-74
lines changed

2 files changed

+269
-74
lines changed

agent/agentssh/agentssh.go

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -129,9 +129,10 @@ type Server struct {
129129
// a lock on mu but protected by closing.
130130
wg sync.WaitGroup
131131

132-
Execer agentexec.Execer
133-
logger slog.Logger
134-
srv *ssh.Server
132+
Execer agentexec.Execer
133+
logger slog.Logger
134+
srv *ssh.Server
135+
x11Forwarder *x11Forwarder
135136

136137
config *Config
137138

@@ -187,6 +188,14 @@ func NewServer(ctx context.Context, logger slog.Logger, prometheusRegistry *prom
187188
config: config,
188189

189190
metrics: metrics,
191+
x11Forwarder: &x11Forwarder{
192+
logger: logger,
193+
x11HandlerErrors: metrics.x11HandlerErrors,
194+
fs: fs,
195+
displayOffset: *config.X11DisplayOffset,
196+
sessions: make(map[*x11Session]struct{}),
197+
connections: make(map[net.Conn]struct{}),
198+
},
190199
}
191200

192201
srv := &ssh.Server{
@@ -454,7 +463,7 @@ func (s *Server) sessionHandler(session ssh.Session) {
454463

455464
x11, hasX11 := session.X11()
456465
if hasX11 {
457-
display, handled := s.x11Handler(ctx, x11)
466+
display, handled := s.x11Forwarder.x11Handler(ctx, session)
458467
if !handled {
459468
logger.Error(ctx, "x11 handler failed")
460469
closeCause("x11 handler failed")
@@ -1096,6 +1105,9 @@ func (s *Server) Close() error {
10961105

10971106
s.mu.Unlock()
10981107

1108+
s.logger.Debug(ctx, "closing X11 forwarding")
1109+
_ = s.x11Forwarder.Close()
1110+
10991111
s.logger.Debug(ctx, "waiting for all goroutines to exit")
11001112
s.wg.Wait() // Wait for all goroutines to exit.
11011113

0 commit comments

Comments
 (0)