Attachment #1539 for bug #1380

Lines 19-24 Link Here

(-)auth-options.c (+1 lines)
19	#include <stdio.h>	19	#include <stdio.h>
20	#include <stdarg.h>	20	#include <stdarg.h>
21		21
		22	#include "ssh.h"
22	#include "xmalloc.h"	23	#include "xmalloc.h"
23	#include "match.h"	24	#include "match.h"
24	#include "log.h"	25	#include "log.h"

Lines 18-26 Link Here

(-)auth1.c (-1 / +2 lines)
18	#include <unistd.h>	18	#include <unistd.h>
19	#include <pwd.h>	19	#include <pwd.h>
20		20
		21	#include "ssh.h"
		22	#include "ssh1.h"
21	#include "xmalloc.h"	23	#include "xmalloc.h"
22	#include "rsa.h"	24	#include "rsa.h"
23	#include "ssh1.h"
24	#include "packet.h"	25	#include "packet.h"
25	#include "buffer.h"	26	#include "buffer.h"
26	#include "log.h"	27	#include "log.h"




 * Initiate forwarding of connections to port "port" on remote host through
 * the secure channel to host:port from local side.
 */

int
channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
    const char *host_to_connect, u_short port_to_connect)

	/* Record locally that connection to this host/port is permitted. */
	if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
		fatal("channel_request_remote_forwarding: too many forwards");

	if (strlen(listen_host) > SSH_CHANNEL_PATH_LEN - 1) {
		error("Listen address too long.");
		return -1;
	}

	/* Send the forward request to the remote side. */
	if (compat20) {

Lines 55-61 Link Here

(-)channels.h (-1 / +1 lines)
55	#define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */	55	#define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */
56	#define SSH_CHANNEL_MAX_TYPE 15	56	#define SSH_CHANNEL_MAX_TYPE 15
57		57
58	#define SSH_CHANNEL_PATH_LEN 256	58	#define SSH_CHANNEL_PATH_LEN SSH_MAX_DOMAIN_LEN
59		59
60	struct Channel;	60	struct Channel;
61	typedef struct Channel Channel;	61	typedef struct Channel Channel;

Lines 32-37 Link Here

(-)gss-serv.c (+1 lines)
32		32
33	#include <string.h>	33	#include <string.h>
34		34
		35	#include "ssh.h"
35	#include "xmalloc.h"	36	#include "xmalloc.h"
36	#include "buffer.h"	37	#include "buffer.h"
37	#include "key.h"	38	#include "key.h"

Lines 31-36 Link Here

(-)nchan.c (+1 lines)
31	#include <string.h>	31	#include <string.h>
32	#include <stdarg.h>	32	#include <stdarg.h>
33		33
		34	#include "ssh.h"
34	#include "ssh1.h"	35	#include "ssh1.h"
35	#include "ssh2.h"	36	#include "ssh2.h"
36	#include "buffer.h"	37	#include "buffer.h"

Lines 55-60 Link Here

(-)packet.c (-2 / +3 lines)
55	#include <unistd.h>	55	#include <unistd.h>
56	#include <signal.h>	56	#include <signal.h>
57		57
		58	#include "ssh.h"
		59	#include "ssh1.h"
		60	#include "ssh2.h"
58	#include "xmalloc.h"	61	#include "xmalloc.h"
59	#include "buffer.h"	62	#include "buffer.h"
60	#include "packet.h"	63	#include "packet.h"
Lines 63-70 Link Here
63	#include "deattack.h"	66	#include "deattack.h"
64	#include "channels.h"	67	#include "channels.h"
65	#include "compat.h"	68	#include "compat.h"
66	#include "ssh1.h"
67	#include "ssh2.h"
68	#include "cipher.h"	69	#include "cipher.h"
69	#include "key.h"	70	#include "key.h"
70	#include "kex.h"	71	#include "kex.h"

Lines 734-740 parse_int: Link Here

(-)readconf.c (-2 / +2 lines)
734	fwd.connect_host = "socks";	734	fwd.connect_host = "socks";
735	fwd.listen_host = hpdelim(&arg);	735	fwd.listen_host = hpdelim(&arg);
736	if (fwd.listen_host == NULL \|\|	736	if (fwd.listen_host == NULL \|\|
737	strlen(fwd.listen_host) >= NI_MAXHOST)	737	strlen(fwd.listen_host) >= SSH_MAX_DOMAIN_LEN)
738	fatal("%.200s line %d: Bad forwarding specification.",	738	fatal("%.200s line %d: Bad forwarding specification.",
739	filename, linenum);	739	filename, linenum);
740	if (arg) {	740	if (arg) {
Lines 1263-1269 parse_forward(Forward fwd, const char Link Here
1263	goto fail_free;	1263	goto fail_free;
1264		1264
1265	if (fwd->connect_host != NULL &&	1265	if (fwd->connect_host != NULL &&
1266	strlen(fwd->connect_host) >= NI_MAXHOST)	1266	strlen(fwd->connect_host) >= SSH_MAX_DOMAIN_LEN)
1267	goto fail_free;	1267	goto fail_free;
1268		1268
1269	return (i);	1269	return (i);

Lines 53-58 Link Here

(-)serverloop.c (+1 lines)
53	#include <unistd.h>	53	#include <unistd.h>
54	#include <stdarg.h>	54	#include <stdarg.h>
55		55
		56	#include "ssh.h"
56	#include "xmalloc.h"	57	#include "xmalloc.h"
57	#include "packet.h"	58	#include "packet.h"
58	#include "buffer.h"	59	#include "buffer.h"

Lines 98-100 Link Here

(-)ssh.h (+4 lines)
98		98
99	/* Listen backlog for sshd, ssh-agent and forwarding sockets */	99	/* Listen backlog for sshd, ssh-agent and forwarding sockets */
100	#define SSH_LISTEN_BACKLOG 128	100	#define SSH_LISTEN_BACKLOG 128
		101
		102	/* Maximum length of hostnames allowed in forwarding specifications */
		103	#define SSH_MAX_DOMAIN_LEN 256 /* RFC2181 255 octets + \0 */
		104

Return to bug 1380

Lines 2557-2563 channel_setup_remote_fwd_listener(const Link Here

(-)channels.c (-1 / +5 lines)
2557	* Initiate forwarding of connections to port "port" on remote host through	2557	* Initiate forwarding of connections to port "port" on remote host through
2558	* the secure channel to host:port from local side.	2558	* the secure channel to host:port from local side.
2559	*/	2559	*/
2560
2561	int	2560	int
2562	channel_request_remote_forwarding(const char *listen_host, u_short listen_port,	2561	channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
2563	const char *host_to_connect, u_short port_to_connect)	2562	const char *host_to_connect, u_short port_to_connect)
Lines 2567-2572 channel_request_remote_forwarding(const Link Here
2567	/* Record locally that connection to this host/port is permitted. */	2566	/* Record locally that connection to this host/port is permitted. */
2568	if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)	2567	if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
2569	fatal("channel_request_remote_forwarding: too many forwards");	2568	fatal("channel_request_remote_forwarding: too many forwards");
		2569
		2570	if (strlen(listen_host) > SSH_CHANNEL_PATH_LEN - 1) {
		2571	error("Listen address too long.");
		2572	return -1;
		2573	}
2570		2574
2571	/* Send the forward request to the remote side. */	2575	/* Send the forward request to the remote side. */
2572	if (compat20) {	2576	if (compat20) {