Attachment #1255 for bug #1003

Lines 1090-1095 Link Here

(-)openssh-4.6p1/serverloop.c.port-0-forwarding (-3 / +8 lines)
1090	char *rtype;	1090	char *rtype;
1091	int want_reply;	1091	int want_reply;
1092	int success = 0;	1092	int success = 0;
		1093	u_short listen_port, real_listen_port;
		1094	int tcpip_forward = 0; /* boolean */
1093		1095
1094	rtype = packet_get_string(NULL);	1096	rtype = packet_get_string(NULL);
1095	want_reply = packet_get_char();	1097	want_reply = packet_get_char();
Lines 1099-1111 Link Here
1099	if (strcmp(rtype, "tcpip-forward") == 0) {	1101	if (strcmp(rtype, "tcpip-forward") == 0) {
1100	struct passwd *pw;	1102	struct passwd *pw;
1101	char *listen_address;	1103	char *listen_address;
1102	u_short listen_port;
1103		1104
		1105	tcpip_forward = 1; /* boolean, used for reply */
1104	pw = the_authctxt->pw;	1106	pw = the_authctxt->pw;
1105	if (pw == NULL \|\| !the_authctxt->valid)	1107	if (pw == NULL \|\| !the_authctxt->valid)
1106	fatal("server_input_global_request: no/invalid user");	1108	fatal("server_input_global_request: no/invalid user");
1107	listen_address = packet_get_string(NULL);	1109	listen_address = packet_get_string(NULL);
1108	listen_port = (u_short)packet_get_int();	1110	listen_port = (u_short)packet_get_int();
		1111	real_listen_port = listen_port;
1109	debug("server_input_global_request: tcpip-forward listen %s port %d",	1112	debug("server_input_global_request: tcpip-forward listen %s port %d",
1110	listen_address, listen_port);	1113	listen_address, listen_port);
1111		1114
Lines 1113-1119 Link Here
1113	if (!options.allow_tcp_forwarding \|\|	1116	if (!options.allow_tcp_forwarding \|\|
1114	no_port_forwarding_flag	1117	no_port_forwarding_flag
1115	#ifndef NO_IPPORT_RESERVED_CONCEPT	1118	#ifndef NO_IPPORT_RESERVED_CONCEPT
1116	\|\| (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)	1119	\|\| (listen_port < IPPORT_RESERVED && pw->pw_uid != 0 && listen_port != 0)
1117	#endif	1120	#endif
1118	) {	1121	) {
1119	success = 0;	1122	success = 0;
Lines 1121-1127 Link Here
1121	} else {	1124	} else {
1122	/* Start listening on the port */	1125	/* Start listening on the port */
1123	success = channel_setup_remote_fwd_listener(	1126	success = channel_setup_remote_fwd_listener(
1124	listen_address, listen_port, options.gateway_ports);	1127	listen_address, &real_listen_port, options.gateway_ports);
1125	}	1128	}
1126	xfree(listen_address);	1129	xfree(listen_address);
1127	} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {	1130	} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
Lines 1140-1145 Link Here
1140	if (want_reply) {	1143	if (want_reply) {
1141	packet_start(success ?	1144	packet_start(success ?
1142	SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);	1145	SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
		1146	if (success && tcpip_forward && listen_port == 0)
		1147	packet_put_int(real_listen_port);
1143	packet_send();	1148	packet_send();
1144	packet_write_wait();	1149	packet_write_wait();
1145	}	1150	}




}

static int
channel_setup_fwd_listener(int type, const char *listen_addr, u_short *listen_port,
    const char *host_to_connect, u_short port_to_connect, int gateway_ports)
{
	Channel *c;
	int sock, r, success = 0, wildcard = 0, is_client;
	struct addrinfo hints, *ai, *aitop, *ai2;
	const char *host, *addr;
	char ntop[NI_MAXHOST], strport[NI_MAXSERV];


	hints.ai_family = IPv4or6;
	hints.ai_flags = wildcard ? AI_PASSIVE : 0;
	hints.ai_socktype = SOCK_STREAM;
	snprintf(strport, sizeof strport, "%d", (int)*listen_port);
	if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
		if (addr == NULL) {
			/* This really shouldn't happen */

			close(sock);
			continue;
		}

		/* If the specified port was 0, get the actual port number */
		if (*listen_port == 0) {
			if (ai->ai_family == AF_INET) {
				struct sockaddr_in realport;
				socklen_t realportsz = (socklen_t)sizeof(realport);
				if (getsockname(sock, (struct sockaddr *)&realport, &realportsz) < 0) {
					error("getsockname: %.100s", strerror(errno));
					close(sock);
					continue;
				}
				*listen_port = (u_short)ntohs(realport.sin_port);
			}
			else {
				struct sockaddr_in6 realport;
				socklen_t realportsz = (socklen_t)sizeof(realport);
				if (getsockname(sock, (struct sockaddr *)&realport, &realportsz) < 0) {
					error("getsockname: %.100s", strerror(errno));
					close(sock);
					continue;
				}
				*listen_port = (u_short)ntohs(realport.sin6_port);
			}

			/* use the same port for all other sockets */
			for (ai2 = ai->ai_next; ai2; ai2 = ai2->ai_next) {
				if (ai->ai_family == AF_INET) {
					((struct sockaddr_in *)ai2->ai_addr)->sin_port =
							htons(*listen_port);
				}
				else {
					((struct sockaddr_in6 *)ai2->ai_addr)->sin6_port =
							htons(*listen_port);
				}
			}
		}

		/* Start listening for connections on the socket. */
		if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
			error("listen: %.100s", strerror(errno));

		    0, "port listener", 1);
		strlcpy(c->path, host, sizeof(c->path));
		c->host_port = port_to_connect;
		c->listening_port = *listen_port;
		success = 1;
	}
	if (success == 0)
		error("channel_setup_fwd_listener: cannot listen to port: %d",
		    (int)*listen_port);
	freeaddrinfo(aitop);
	return success;
}

    const char *host_to_connect, u_short port_to_connect, int gateway_ports)
{
	return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER,
	    listen_host, &listen_port, host_to_connect, port_to_connect,
	    gateway_ports);
}

/* protocol v2 remote port fwd, used by sshd */
int
channel_setup_remote_fwd_listener(const char *listen_address,
    u_short *listen_port, int gateway_ports)
{
	return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER,
	    listen_address, listen_port, NULL, 0, gateway_ports);

		packet_put_int(listen_port);
		packet_send();
		packet_write_wait();

		type = packet_read();
		switch(type) {
		case SSH2_MSG_REQUEST_SUCCESS:
			success = 1;
			if (listen_port == 0)
				listen_port = (u_short)packet_get_int();
			break;
		case SSH2_MSG_REQUEST_FAILURE:
			logit("Warning: Server denied remote port 0 forwarding.");
			break;
		default:
			/* Unknown packet */
			packet_disconnect("Protocol error for port 0 forward request:"
					"received packet typr %d.", type);
		}
	} else {
		packet_start(SSH_CMSG_PORT_FORWARD_REQUEST);
		packet_put_int(listen_port);

Lines 216-222 Link Here

(-)openssh-4.6p1/channels.h.port-0-forwarding (-1 / +1 lines)
216	int channel_setup_local_fwd_listener(const char *, u_short,	216	int channel_setup_local_fwd_listener(const char *, u_short,
217	const char *, u_short, int);	217	const char *, u_short, int);
218	void channel_request_rforward_cancel(const char *host, u_short port);	218	void channel_request_rforward_cancel(const char *host, u_short port);
219	int channel_setup_remote_fwd_listener(const char *, u_short, int);	219	int channel_setup_remote_fwd_listener(const char , u_short , int);
220	int channel_cancel_rport_listener(const char *, u_short);	220	int channel_cancel_rport_listener(const char *, u_short);
221		221
222	/* x11 forwarding */	222	/* x11 forwarding */

Return to bug 1003

Lines 2340-2351 Link Here

(-)openssh-4.6p1/channels.c.port-0-forwarding (-9 / +60 lines)
2340	}	2340	}
2341		2341
2342	static int	2342	static int
2343	channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port,	2343	channel_setup_fwd_listener(int type, const char listen_addr, u_short listen_port,
2344	const char *host_to_connect, u_short port_to_connect, int gateway_ports)	2344	const char *host_to_connect, u_short port_to_connect, int gateway_ports)
2345	{	2345	{
2346	Channel *c;	2346	Channel *c;
2347	int sock, r, success = 0, wildcard = 0, is_client;	2347	int sock, r, success = 0, wildcard = 0, is_client;
2348	struct addrinfo hints, ai, aitop;	2348	struct addrinfo hints, ai, aitop, *ai2;
2349	const char host, addr;	2349	const char host, addr;
2350	char ntop[NI_MAXHOST], strport[NI_MAXSERV];	2350	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
2351		2351
Lines 2403-2409 Link Here
2403	hints.ai_family = IPv4or6;	2403	hints.ai_family = IPv4or6;
2404	hints.ai_flags = wildcard ? AI_PASSIVE : 0;	2404	hints.ai_flags = wildcard ? AI_PASSIVE : 0;
2405	hints.ai_socktype = SOCK_STREAM;	2405	hints.ai_socktype = SOCK_STREAM;
2406	snprintf(strport, sizeof strport, "%d", listen_port);	2406	snprintf(strport, sizeof strport, "%d", (int)*listen_port);
2407	if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {	2407	if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
2408	if (addr == NULL) {	2408	if (addr == NULL) {
2409	/* This really shouldn't happen */	2409	/* This really shouldn't happen */
Lines 2447-2452 Link Here
2447	close(sock);	2447	close(sock);
2448	continue;	2448	continue;
2449	}	2449	}
		2450
		2451	/* If the specified port was 0, get the actual port number */
		2452	if (*listen_port == 0) {
		2453	if (ai->ai_family == AF_INET) {
		2454	struct sockaddr_in realport;
		2455	socklen_t realportsz = (socklen_t)sizeof(realport);
		2456	if (getsockname(sock, (struct sockaddr *)&realport, &realportsz) < 0) {
		2457	error("getsockname: %.100s", strerror(errno));
		2458	close(sock);
		2459	continue;
		2460	}
		2461	*listen_port = (u_short)ntohs(realport.sin_port);
		2462	}
		2463	else {
		2464	struct sockaddr_in6 realport;
		2465	socklen_t realportsz = (socklen_t)sizeof(realport);
		2466	if (getsockname(sock, (struct sockaddr *)&realport, &realportsz) < 0) {
		2467	error("getsockname: %.100s", strerror(errno));
		2468	close(sock);
		2469	continue;
		2470	}
		2471	*listen_port = (u_short)ntohs(realport.sin6_port);
		2472	}
		2473
		2474	/* use the same port for all other sockets */
		2475	for (ai2 = ai->ai_next; ai2; ai2 = ai2->ai_next) {
		2476	if (ai->ai_family == AF_INET) {
		2477	((struct sockaddr_in *)ai2->ai_addr)->sin_port =
		2478	htons(*listen_port);
		2479	}
		2480	else {
		2481	((struct sockaddr_in6 *)ai2->ai_addr)->sin6_port =
		2482	htons(*listen_port);
		2483	}
		2484	}
		2485	}
		2486
2450	/* Start listening for connections on the socket. */	2487	/* Start listening for connections on the socket. */
2451	if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {	2488	if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
2452	error("listen: %.100s", strerror(errno));	2489	error("listen: %.100s", strerror(errno));
Lines 2459-2470 Link Here
2459	0, "port listener", 1);	2496	0, "port listener", 1);
2460	strlcpy(c->path, host, sizeof(c->path));	2497	strlcpy(c->path, host, sizeof(c->path));
2461	c->host_port = port_to_connect;	2498	c->host_port = port_to_connect;
2462	c->listening_port = listen_port;	2499	c->listening_port = *listen_port;
2463	success = 1;	2500	success = 1;
2464	}	2501	}
2465	if (success == 0)	2502	if (success == 0)
2466	error("channel_setup_fwd_listener: cannot listen to port: %d",	2503	error("channel_setup_fwd_listener: cannot listen to port: %d",
2467	listen_port);	2504	(int)*listen_port);
2468	freeaddrinfo(aitop);	2505	freeaddrinfo(aitop);
2469	return success;	2506	return success;
2470	}	2507	}
Lines 2496-2509 Link Here
2496	const char *host_to_connect, u_short port_to_connect, int gateway_ports)	2533	const char *host_to_connect, u_short port_to_connect, int gateway_ports)
2497	{	2534	{
2498	return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER,	2535	return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER,
2499	listen_host, listen_port, host_to_connect, port_to_connect,	2536	listen_host, &listen_port, host_to_connect, port_to_connect,
2500	gateway_ports);	2537	gateway_ports);
2501	}	2538	}
2502		2539
2503	/* protocol v2 remote port fwd, used by sshd */	2540	/* protocol v2 remote port fwd, used by sshd */
2504	int	2541	int
2505	channel_setup_remote_fwd_listener(const char *listen_address,	2542	channel_setup_remote_fwd_listener(const char *listen_address,
2506	u_short listen_port, int gateway_ports)	2543	u_short *listen_port, int gateway_ports)
2507	{	2544	{
2508	return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER,	2545	return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER,
2509	listen_address, listen_port, NULL, 0, gateway_ports);	2546	listen_address, listen_port, NULL, 0, gateway_ports);
Lines 2548-2555 Link Here
2548	packet_put_int(listen_port);	2585	packet_put_int(listen_port);
2549	packet_send();	2586	packet_send();
2550	packet_write_wait();	2587	packet_write_wait();
2551	/* Assume that server accepts the request */	2588
2552	success = 1;	2589	type = packet_read();
		2590	switch(type) {
		2591	case SSH2_MSG_REQUEST_SUCCESS:
		2592	success = 1;
		2593	if (listen_port == 0)
		2594	listen_port = (u_short)packet_get_int();
		2595	break;
		2596	case SSH2_MSG_REQUEST_FAILURE:
		2597	logit("Warning: Server denied remote port 0 forwarding.");
		2598	break;
		2599	default:
		2600	/* Unknown packet */
		2601	packet_disconnect("Protocol error for port 0 forward request:"
		2602	"received packet typr %d.", type);
		2603	}
2553	} else {	2604	} else {
2554	packet_start(SSH_CMSG_PORT_FORWARD_REQUEST);	2605	packet_start(SSH_CMSG_PORT_FORWARD_REQUEST);
2555	packet_put_int(listen_port);	2606	packet_put_int(listen_port);