Attachment #1591 for bug #1380

Lines 55-62 Link Here

(-)channels.h (-3 / +1 lines)
55	#define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */	55	#define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */
56	#define SSH_CHANNEL_MAX_TYPE 15	56	#define SSH_CHANNEL_MAX_TYPE 15
57		57
58	#define SSH_CHANNEL_PATH_LEN 256
59
60	struct Channel;	58	struct Channel;
61	typedef struct Channel Channel;	59	typedef struct Channel Channel;
62		60
Lines 104-110 struct Channel { Link Here
104	Buffer output; /* data received over encrypted connection for	102	Buffer output; /* data received over encrypted connection for
105	* send on socket */	103	* send on socket */
106	Buffer extended;	104	Buffer extended;
107	char path[SSH_CHANNEL_PATH_LEN];	105	char *path;
108	/* path for unix domain sockets, or host name for forwards */	106	/* path for unix domain sockets, or host name for forwards */
109	int listening_port; /* port being listened for forwards */	107	int listening_port; /* port being listened for forwards */
110	int host_port; /* remote port to connect for forwards */	108	int host_port; /* remote port to connect for forwards */

Lines 291-296 channel_new(char *ctype, int type, int r Link Here

(-)channels.c (-12 / +25 lines)
291	buffer_init(&c->input);	291	buffer_init(&c->input);
292	buffer_init(&c->output);	292	buffer_init(&c->output);
293	buffer_init(&c->extended);	293	buffer_init(&c->extended);
		294	c->path = NULL;
294	c->ostate = CHAN_OUTPUT_OPEN;	295	c->ostate = CHAN_OUTPUT_OPEN;
295	c->istate = CHAN_INPUT_OPEN;	296	c->istate = CHAN_INPUT_OPEN;
296	c->flags = 0;	297	c->flags = 0;
Lines 397-402 channel_free(Channel *c) Link Here
397	xfree(c->remote_name);	398	xfree(c->remote_name);
398	c->remote_name = NULL;	399	c->remote_name = NULL;
399	}	400	}
		401	if (c->path) {
		402	xfree(c->path);
		403	c->path = NULL;
		404	}
400	while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) {	405	while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) {
401	if (cc->abandon_cb != NULL)	406	if (cc->abandon_cb != NULL)
402	cc->abandon_cb(c, cc->ctx);	407	cc->abandon_cb(c, cc->ctx);
Lines 1032-1038 channel_decode_socks4(Channel *c, fd_set Link Here
1032		1037
1033	if (need == 1) { /* SOCKS4: one string */	1038	if (need == 1) { /* SOCKS4: one string */
1034	host = inet_ntoa(s4_req.dest_addr);	1039	host = inet_ntoa(s4_req.dest_addr);
1035	strlcpy(c->path, host, sizeof(c->path));	1040	c->path = xstrdup(host);
1036	} else { /* SOCKS4A: two strings */	1041	} else { /* SOCKS4A: two strings */
1037	have = buffer_len(&c->input);	1042	have = buffer_len(&c->input);
1038	p = buffer_ptr(&c->input);	1043	p = buffer_ptr(&c->input);
Lines 1043-1053 channel_decode_socks4(Channel *c, fd_set Link Here
1043	if (len > have)	1048	if (len > have)
1044	fatal("channel %d: decode socks4a: len %d > have %d",	1049	fatal("channel %d: decode socks4a: len %d > have %d",
1045	c->self, len, have);	1050	c->self, len, have);
1046	if (strlcpy(c->path, p, sizeof(c->path)) >= sizeof(c->path)) {	1051	if (len > NI_MAXHOST) {
1047	error("channel %d: hostname \"%.100s\" too long",	1052	error("channel %d: hostname \"%.100s\" too long",
1048	c->self, p);	1053	c->self, p);
1049	return -1;	1054	return -1;
1050	}	1055	}
		1056	c->path = xstrdup(p);
1051	buffer_consume(&c->input, len);	1057	buffer_consume(&c->input, len);
1052	}	1058	}
1053	c->host_port = ntohs(s4_req.dest_port);	1059	c->host_port = ntohs(s4_req.dest_port);
Lines 1088-1094 channel_decode_socks5(Channel *c, fd_set Link Here
1088	u_int8_t atyp;	1094	u_int8_t atyp;
1089	} s5_req, s5_rsp;	1095	} s5_req, s5_rsp;
1090	u_int16_t dest_port;	1096	u_int16_t dest_port;
1091	u_char *p, dest_addr[255+1];	1097	u_char *p, dest_addr[255+1], ntop[INET6_ADDRSTRLEN];
1092	u_int have, need, i, found, nmethods, addrlen, af;	1098	u_int have, need, i, found, nmethods, addrlen, af;
1093		1099
1094	debug2("channel %d: decode socks5", c->self);	1100	debug2("channel %d: decode socks5", c->self);
Lines 1161-1170 channel_decode_socks5(Channel *c, fd_set Link Here
1161	buffer_get(&c->input, (char *)&dest_addr, addrlen);	1167	buffer_get(&c->input, (char *)&dest_addr, addrlen);
1162	buffer_get(&c->input, (char *)&dest_port, 2);	1168	buffer_get(&c->input, (char *)&dest_port, 2);
1163	dest_addr[addrlen] = '\0';	1169	dest_addr[addrlen] = '\0';
1164	if (s5_req.atyp == SSH_SOCKS5_DOMAIN)	1170	if (s5_req.atyp == SSH_SOCKS5_DOMAIN) {
1165	strlcpy(c->path, (char *)dest_addr, sizeof(c->path));	1171	if (addrlen > NI_MAXHOST - 1) {
1166	else if (inet_ntop(af, dest_addr, c->path, sizeof(c->path)) == NULL)	1172	error("channel %d: dynamic request: socks5 hostname "
1167	return -1;	1173	"\"%.100s\" too long", c->self, dest_addr);
		1174	return -1;
		1175	}
		1176	c->path = xstrdup(dest_addr);
		1177	} else {
		1178	if (inet_ntop(af, dest_addr, ntop, sizeof(ntop)) == NULL)
		1179	return -1;
		1180	c->path = xstrdup(ntop);
		1181	}
1168	c->host_port = ntohs(dest_port);	1182	c->host_port = ntohs(dest_port);
1169		1183
1170	debug2("channel %d: dynamic request: socks5 host %s port %u command %u",	1184	debug2("channel %d: dynamic request: socks5 host %s port %u command %u",
Lines 1393-1399 channel_post_port_listener(Channel *c, f Link Here
1393	c->local_window_max, c->local_maxpacket, 0, rtype, 1);	1407	c->local_window_max, c->local_maxpacket, 0, rtype, 1);
1394	nc->listening_port = c->listening_port;	1408	nc->listening_port = c->listening_port;
1395	nc->host_port = c->host_port;	1409	nc->host_port = c->host_port;
1396	strlcpy(nc->path, c->path, sizeof(nc->path));	1410	nc->path = xstrdup(c->path);
1397		1411
1398	if (nextstate == SSH_CHANNEL_DYNAMIC) {	1412	if (nextstate == SSH_CHANNEL_DYNAMIC) {
1399	/*	1413	/*
Lines 2432-2438 channel_setup_fwd_listener(int type, con Link Here
2432	error("No forward host name.");	2446	error("No forward host name.");
2433	return 0;	2447	return 0;
2434	}	2448	}
2435	if (strlen(host) > SSH_CHANNEL_PATH_LEN - 1) {	2449	if (strlen(host) > NI_MAXHOST) {
2436	error("Forward host name too long.");	2450	error("Forward host name too long.");
2437	return 0;	2451	return 0;
2438	}	2452	}
Lines 2529-2535 channel_setup_fwd_listener(int type, con Link Here
2529	c = channel_new("port listener", type, sock, sock, -1,	2543	c = channel_new("port listener", type, sock, sock, -1,
2530	CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,	2544	CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
2531	0, "port listener", 1);	2545	0, "port listener", 1);
2532	strlcpy(c->path, host, sizeof(c->path));	2546	c->path = xstrdup(host);
2533	c->host_port = port_to_connect;	2547	c->host_port = port_to_connect;
2534	c->listening_port = listen_port;	2548	c->listening_port = listen_port;
2535	success = 1;	2549	success = 1;
Lines 2551-2558 channel_cancel_rport_listener(const char Link Here
2551	Channel *c = channels[i];	2565	Channel *c = channels[i];
2552		2566
2553	if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER &&	2567	if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER &&
2554	strncmp(c->path, host, sizeof(c->path)) == 0 &&	2568	strcmp(c->path, host) == 0 && c->listening_port == port) {
2555	c->listening_port == port) {
2556	debug2("%s: close channel %d", __func__, i);	2569	debug2("%s: close channel %d", __func__, i);
2557	channel_free(c);	2570	channel_free(c);
2558	found = 1;	2571	found = 1;

Lines 221-227 auth_input_request_forwarding(struct pas Link Here

(-)session.c (-1 / +1 lines)
221	SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,	221	SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
222	CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,	222	CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
223	0, "auth socket", 1);	223	0, "auth socket", 1);
224	strlcpy(nc->path, auth_sock_name, sizeof(nc->path));	224	nc->path = xstrdup(auth_sock_name);
225	return 1;	225	return 1;
226		226
227	authsock_err:	227	authsock_err:

Return to bug 1380