Bug 43 - remote port forwarding failure silently ignored
Summary: remote port forwarding failure silently ignored
Status: CLOSED DUPLICATE of bug 215
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: -current
Hardware: All All
: P2 normal
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2001-12-14 02:59 AEDT by Martijn Koster
Modified: 2004-04-14 12:24 AEST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Martijn Koster 2001-12-14 02:59:10 AEDT 
What should happen when you request remote port forwarding, and the
remote listen socket cannot be bound to because it's already in use?

sshd 1.2.27 terminates the connection:

  Received disconnect from 192.168.194.180: bind: Address already in use

sshd OpenSSH_3.0.2p1 remains silent (on the client side; it logs an
error in the sshd log) and keeps going. If you run with -d, it reports
that the forwarding is happening:

  debug1: Connections to remote port 10177 forwarded to local address
localhost:\
25

This can be dangerous. For example, you might want to use ssh with
remote forwarding to start up serialmail to connect back to you over your
encrypted channel:

  ssh -R 10135:localhost:209 isphost maildirqmtp mydir myname- 127.0.0.1 10135

but if someone else has done "ssh -R 10135:localhost:209 isphost"
already, you now end up sending your mail to them!

Therefore I suggest OpenSSH should report this, and disconnect.

The stacktrace in question is:

  #0  channel_request_forwarding         channels.c
  #1  channel_request_local_forwarding   channels.c
  #2  channel_input_port_forward_request channels.c
  #3  do_authenticated1                  session.c
  #4  do_authenticated                   session.c
  #5  do_authentication                  auth1.c
  #6  main                               sshd.c

channel_input_port_forward_request says:

  /*
   * This is called after receiving CHANNEL_FORWARDING_REQUEST.  This initates
   * listening for the port, and sends back a success reply (or disconnect
   * message if there was an error).  This never returns if there was an error.
   */

but it doesn't handle a unsuccessful return from
channel_request_local_forwarding,
and nothing below it takes any explicit action.

I have no experience with the openssh codebase or community, so I
don't feel qualified to suggest the right solution. But the attached
patch is one option.

-- Martijn

--- channels.c.old      Thu Dec 13 14:23:00 2001
+++ channels.c  Thu Dec 13 15:42:42 2001
@@ -2167,9 +2167,12 @@
                c->listening_port = listen_port;
                success = 1;
        }
-       if (success == 0)
+       if (success == 0) {
+               packet_disconnect("channel_request_forwarding: cannot listen to
\
port: %d",
+                   listen_port);
                error("channel_request_forwarding: cannot listen to port: %d",
                    listen_port);
+        }
        freeaddrinfo(aitop);
        return success;
 }
Comment 1 Markus Friedl 2001-12-20 04:30:54 AEDT 
I don't think ssh should disconnect.

i should report the problem.
Comment 2 Damien Miller 2002-04-17 11:12:35 AEST 
Bug #215 has an testing patch for this

*** This bug has been marked as a duplicate of 215 ***
Comment 3 Damien Miller 2004-04-14 12:24:17 AEST 
Mass change of RESOLVED bugs to CLOSED