Bugzilla – Attachment 1866 Details for
Bug 1327
The limit of 100 forwarded ports is arbitrary and unnecessary
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
/home/djm/ssh-unlimit-forwards.diff
ssh-unlimit-forwards.diff (text/plain), 8.57 KB, created by
Damien Miller
on 2010-06-18 12:35:09 AEST
(
hide
)
Description:
/home/djm/ssh-unlimit-forwards.diff
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2010-06-18 12:35:09 AEST
Size:
8.57 KB
patch
obsolete
>Index: channels.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/channels.c,v >retrieving revision 1.304 >diff -u -p -r1.304 channels.c >--- channels.c 14 May 2010 23:29:23 -0000 1.304 >+++ channels.c 18 Jun 2010 02:32:53 -0000 >@@ -110,10 +110,10 @@ typedef struct { > } ForwardPermission; > > /* List of all permitted host/port pairs to connect by the user. */ >-static ForwardPermission permitted_opens[SSH_MAX_FORWARDS_PER_DIRECTION]; >+static ForwardPermission *permitted_opens = NULL; > > /* List of all permitted host/port pairs to connect by the admin. */ >-static ForwardPermission permitted_adm_opens[SSH_MAX_FORWARDS_PER_DIRECTION]; >+static ForwardPermission *permitted_adm_opens = NULL; > > /* Number of permitted host/port pairs in the array permitted by the user. */ > static int num_permitted_opens = 0; >@@ -2810,10 +2810,6 @@ channel_request_remote_forwarding(const > { > int type, success = 0; > >- /* Record locally that connection to this host/port is permitted. */ >- if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) >- fatal("channel_request_remote_forwarding: too many forwards"); >- > /* Send the forward request to the remote side. */ > if (compat20) { > const char *address_to_bind; >@@ -2863,6 +2859,9 @@ channel_request_remote_forwarding(const > } > } > if (success) { >+ /* Record that connection to this host/port is permitted. */ >+ permitted_opens = xrealloc(permitted_opens, >+ num_permitted_opens + 1, sizeof(*permitted_opens)); > permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); > permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; > permitted_opens[num_permitted_opens].listen_port = listen_port; >@@ -2958,10 +2957,10 @@ channel_permit_all_opens(void) > void > channel_add_permitted_opens(char *host, int port) > { >- if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) >- fatal("channel_add_permitted_opens: too many forwards"); > debug("allow port forwarding to host %s port %d", host, port); > >+ permitted_opens = xrealloc(permitted_opens, >+ num_permitted_opens + 1, sizeof(*permitted_opens)); > permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host); > permitted_opens[num_permitted_opens].port_to_connect = port; > num_permitted_opens++; >@@ -2972,10 +2971,10 @@ channel_add_permitted_opens(char *host, > int > channel_add_adm_permitted_opens(char *host, int port) > { >- if (num_adm_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) >- fatal("channel_add_adm_permitted_opens: too many forwards"); > debug("config allows port forwarding to host %s port %d", host, port); > >+ permitted_adm_opens = xrealloc(permitted_adm_opens, >+ num_adm_permitted_opens + 1, sizeof(*permitted_adm_opens)); > permitted_adm_opens[num_adm_permitted_opens].host_to_connect > = xstrdup(host); > permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port; >@@ -2990,6 +2989,10 @@ channel_clear_permitted_opens(void) > for (i = 0; i < num_permitted_opens; i++) > if (permitted_opens[i].host_to_connect != NULL) > xfree(permitted_opens[i].host_to_connect); >+ if (num_permitted_opens > 0) { >+ xfree(permitted_opens); >+ permitted_opens = NULL; >+ } > num_permitted_opens = 0; > } > >@@ -3001,6 +3004,10 @@ channel_clear_adm_permitted_opens(void) > for (i = 0; i < num_adm_permitted_opens; i++) > if (permitted_adm_opens[i].host_to_connect != NULL) > xfree(permitted_adm_opens[i].host_to_connect); >+ if (num_adm_permitted_opens > 0) { >+ xfree(permitted_adm_opens); >+ permitted_adm_opens = NULL; >+ } > num_adm_permitted_opens = 0; > } > >Index: mux.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/mux.c,v >retrieving revision 1.19 >diff -u -p -r1.19 mux.c >--- mux.c 17 Jun 2010 07:07:30 -0000 1.19 >+++ mux.c 18 Jun 2010 02:32:54 -0000 >@@ -710,9 +710,7 @@ process_mux_open_fwd(u_int rid, Channel > } > > if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) { >- if (options.num_local_forwards + 1 >= >- SSH_MAX_FORWARDS_PER_DIRECTION || >- channel_setup_local_fwd_listener(fwd.listen_host, >+ if (channel_setup_local_fwd_listener(fwd.listen_host, > fwd.listen_port, fwd.connect_host, fwd.connect_port, > options.gateway_ports) < 0) { > fail: >@@ -727,16 +725,14 @@ process_mux_open_fwd(u_int rid, Channel > } else { > struct mux_channel_confirm_ctx *fctx; > >- if (options.num_remote_forwards + 1 >= >- SSH_MAX_FORWARDS_PER_DIRECTION || >- channel_request_remote_forwarding(fwd.listen_host, >+ if (channel_request_remote_forwarding(fwd.listen_host, > fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0) > goto fail; > add_remote_forward(&options, &fwd); > fctx = xcalloc(1, sizeof(*fctx)); > fctx->cid = c->self; > fctx->rid = rid; >- fctx->fid = options.num_remote_forwards-1; >+ fctx->fid = options.num_remote_forwards - 1; > client_register_global_confirm(mux_confirm_remote_forward, > fctx); > freefwd = 0; >Index: readconf.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/readconf.c,v >retrieving revision 1.184 >diff -u -p -r1.184 readconf.c >--- readconf.c 16 May 2010 12:55:51 -0000 1.184 >+++ readconf.c 18 Jun 2010 02:32:54 -0000 >@@ -248,10 +248,12 @@ add_local_forward(Options *options, cons > { > Forward *fwd; > extern uid_t original_real_uid; >+ > if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) > fatal("Privileged ports can only be forwarded by root."); >- if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) >- fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); >+ options->local_forwards = xrealloc(options->local_forwards, >+ options->num_local_forwards + 1, >+ sizeof(*options->local_forwards)); > fwd = &options->local_forwards[options->num_local_forwards++]; > > fwd->listen_host = newfwd->listen_host; >@@ -269,9 +271,10 @@ void > add_remote_forward(Options *options, const Forward *newfwd) > { > Forward *fwd; >- if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) >- fatal("Too many remote forwards (max %d).", >- SSH_MAX_FORWARDS_PER_DIRECTION); >+ >+ options->remote_forwards = xrealloc(options->remote_forwards, >+ options->num_remote_forwards + 1, >+ sizeof(*options->remote_forwards)); > fwd = &options->remote_forwards[options->num_remote_forwards++]; > > fwd->listen_host = newfwd->listen_host; >@@ -291,12 +294,20 @@ clear_forwardings(Options *options) > xfree(options->local_forwards[i].listen_host); > xfree(options->local_forwards[i].connect_host); > } >+ if (options->num_local_forwards > 0) { >+ xfree(options->local_forwards); >+ options->local_forwards = NULL; >+ } > options->num_local_forwards = 0; > for (i = 0; i < options->num_remote_forwards; i++) { > if (options->remote_forwards[i].listen_host != NULL) > xfree(options->remote_forwards[i].listen_host); > xfree(options->remote_forwards[i].connect_host); > } >+ if (options->num_remote_forwards > 0) { >+ xfree(options->remote_forwards); >+ options->remote_forwards = NULL; >+ } > options->num_remote_forwards = 0; > options->tun_open = SSH_TUNMODE_NO; > } >@@ -1043,7 +1054,9 @@ initialize_options(Options * options) > options->user_hostfile = NULL; > options->system_hostfile2 = NULL; > options->user_hostfile2 = NULL; >+ options->local_forwards = NULL; > options->num_local_forwards = 0; >+ options->remote_forwards = NULL; > options->num_remote_forwards = 0; > options->clear_forwardings = -1; > options->log_level = SYSLOG_LEVEL_NOT_SET; >Index: readconf.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/readconf.h,v >retrieving revision 1.83 >diff -u -p -r1.83 readconf.h >--- readconf.h 16 May 2010 12:55:51 -0000 1.83 >+++ readconf.h 18 Jun 2010 02:32:54 -0000 >@@ -94,11 +94,11 @@ typedef struct { > > /* Local TCP/IP forward requests. */ > int num_local_forwards; >- Forward local_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; >+ Forward *local_forwards; > > /* Remote TCP/IP forward requests. */ > int num_remote_forwards; >- Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; >+ Forward *remote_forwards; > int clear_forwardings; > > int enable_ssh_keysign; >Index: ssh.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh.h,v >retrieving revision 1.78 >diff -u -p -r1.78 ssh.h >--- ssh.h 3 Aug 2006 03:34:42 -0000 1.78 >+++ ssh.h 18 Jun 2010 02:32:55 -0000 >@@ -18,9 +18,6 @@ > /* Default port number. */ > #define SSH_DEFAULT_PORT 22 > >-/* Maximum number of TCP/IP ports forwarded per direction. */ >-#define SSH_MAX_FORWARDS_PER_DIRECTION 100 >- > /* > * Maximum number of RSA authentication identity files that can be specified > * in configuration files or on the command line.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1866">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1327
: 1866