View | Details | Raw Unified | Return to bug 1380 | Differences between
and this patch

Collapse All | Expand All

(-)channels.h (-3 / +1 lines)
Lines 55-62 Link Here
55
#define SSH_CHANNEL_ZOMBIE		14	/* Almost dead. */
55
#define SSH_CHANNEL_ZOMBIE		14	/* Almost dead. */
56
#define SSH_CHANNEL_MAX_TYPE		15
56
#define SSH_CHANNEL_MAX_TYPE		15
57
57
58
#define SSH_CHANNEL_PATH_LEN		256
59
60
struct Channel;
58
struct Channel;
61
typedef struct Channel Channel;
59
typedef struct Channel Channel;
62
60
Lines 104-110 struct Channel { Link Here
104
	Buffer  output;		/* data received over encrypted connection for
102
	Buffer  output;		/* data received over encrypted connection for
105
				 * send on socket */
103
				 * send on socket */
106
	Buffer  extended;
104
	Buffer  extended;
107
	char    path[SSH_CHANNEL_PATH_LEN];
105
	char    *path;
108
		/* path for unix domain sockets, or host name for forwards */
106
		/* path for unix domain sockets, or host name for forwards */
109
	int     listening_port;	/* port being listened for forwards */
107
	int     listening_port;	/* port being listened for forwards */
110
	int     host_port;	/* remote port to connect for forwards */
108
	int     host_port;	/* remote port to connect for forwards */
(-)channels.c (-12 / +25 lines)
Lines 291-296 channel_new(char *ctype, int type, int r Link Here
291
	buffer_init(&c->input);
291
	buffer_init(&c->input);
292
	buffer_init(&c->output);
292
	buffer_init(&c->output);
293
	buffer_init(&c->extended);
293
	buffer_init(&c->extended);
294
	c->path = NULL;
294
	c->ostate = CHAN_OUTPUT_OPEN;
295
	c->ostate = CHAN_OUTPUT_OPEN;
295
	c->istate = CHAN_INPUT_OPEN;
296
	c->istate = CHAN_INPUT_OPEN;
296
	c->flags = 0;
297
	c->flags = 0;
Lines 397-402 channel_free(Channel *c) Link Here
397
		xfree(c->remote_name);
398
		xfree(c->remote_name);
398
		c->remote_name = NULL;
399
		c->remote_name = NULL;
399
	}
400
	}
401
	if (c->path) {
402
		xfree(c->path);
403
		c->path = NULL;
404
	}
400
	while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) {
405
	while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) {
401
		if (cc->abandon_cb != NULL)
406
		if (cc->abandon_cb != NULL)
402
			cc->abandon_cb(c, cc->ctx);
407
			cc->abandon_cb(c, cc->ctx);
Lines 1032-1038 channel_decode_socks4(Channel *c, fd_set Link Here
1032
1037
1033
	if (need == 1) {			/* SOCKS4: one string */
1038
	if (need == 1) {			/* SOCKS4: one string */
1034
		host = inet_ntoa(s4_req.dest_addr);
1039
		host = inet_ntoa(s4_req.dest_addr);
1035
		strlcpy(c->path, host, sizeof(c->path));
1040
		c->path = xstrdup(host);
1036
	} else {				/* SOCKS4A: two strings */
1041
	} else {				/* SOCKS4A: two strings */
1037
		have = buffer_len(&c->input);
1042
		have = buffer_len(&c->input);
1038
		p = buffer_ptr(&c->input);
1043
		p = buffer_ptr(&c->input);
Lines 1043-1053 channel_decode_socks4(Channel *c, fd_set Link Here
1043
		if (len > have)
1048
		if (len > have)
1044
			fatal("channel %d: decode socks4a: len %d > have %d",
1049
			fatal("channel %d: decode socks4a: len %d > have %d",
1045
			    c->self, len, have);
1050
			    c->self, len, have);
1046
		if (strlcpy(c->path, p, sizeof(c->path)) >= sizeof(c->path)) {
1051
		if (len > NI_MAXHOST) {
1047
			error("channel %d: hostname \"%.100s\" too long",
1052
			error("channel %d: hostname \"%.100s\" too long",
1048
			    c->self, p);
1053
			    c->self, p);
1049
			return -1;
1054
			return -1;
1050
		}
1055
		}
1056
		c->path = xstrdup(p);
1051
		buffer_consume(&c->input, len);
1057
		buffer_consume(&c->input, len);
1052
	}
1058
	}
1053
	c->host_port = ntohs(s4_req.dest_port);
1059
	c->host_port = ntohs(s4_req.dest_port);
Lines 1088-1094 channel_decode_socks5(Channel *c, fd_set Link Here
1088
		u_int8_t atyp;
1094
		u_int8_t atyp;
1089
	} s5_req, s5_rsp;
1095
	} s5_req, s5_rsp;
1090
	u_int16_t dest_port;
1096
	u_int16_t dest_port;
1091
	u_char *p, dest_addr[255+1];
1097
	u_char *p, dest_addr[255+1], ntop[INET6_ADDRSTRLEN];
1092
	u_int have, need, i, found, nmethods, addrlen, af;
1098
	u_int have, need, i, found, nmethods, addrlen, af;
1093
1099
1094
	debug2("channel %d: decode socks5", c->self);
1100
	debug2("channel %d: decode socks5", c->self);
Lines 1161-1170 channel_decode_socks5(Channel *c, fd_set Link Here
1161
	buffer_get(&c->input, (char *)&dest_addr, addrlen);
1167
	buffer_get(&c->input, (char *)&dest_addr, addrlen);
1162
	buffer_get(&c->input, (char *)&dest_port, 2);
1168
	buffer_get(&c->input, (char *)&dest_port, 2);
1163
	dest_addr[addrlen] = '\0';
1169
	dest_addr[addrlen] = '\0';
1164
	if (s5_req.atyp == SSH_SOCKS5_DOMAIN)
1170
	if (s5_req.atyp == SSH_SOCKS5_DOMAIN) {
1165
		strlcpy(c->path, (char *)dest_addr, sizeof(c->path));
1171
		if (addrlen > NI_MAXHOST - 1) {
1166
	else if (inet_ntop(af, dest_addr, c->path, sizeof(c->path)) == NULL)
1172
			error("channel %d: dynamic request: socks5 hostname "
1167
		return -1;
1173
			    "\"%.100s\" too long", c->self, dest_addr);
1174
			return -1;
1175
		}
1176
		c->path = xstrdup(dest_addr);
1177
	} else {
1178
		if (inet_ntop(af, dest_addr, ntop, sizeof(ntop)) == NULL)
1179
			return -1;
1180
		c->path = xstrdup(ntop);
1181
	}
1168
	c->host_port = ntohs(dest_port);
1182
	c->host_port = ntohs(dest_port);
1169
1183
1170
	debug2("channel %d: dynamic request: socks5 host %s port %u command %u",
1184
	debug2("channel %d: dynamic request: socks5 host %s port %u command %u",
Lines 1393-1399 channel_post_port_listener(Channel *c, f Link Here
1393
		    c->local_window_max, c->local_maxpacket, 0, rtype, 1);
1407
		    c->local_window_max, c->local_maxpacket, 0, rtype, 1);
1394
		nc->listening_port = c->listening_port;
1408
		nc->listening_port = c->listening_port;
1395
		nc->host_port = c->host_port;
1409
		nc->host_port = c->host_port;
1396
		strlcpy(nc->path, c->path, sizeof(nc->path));
1410
		nc->path = xstrdup(c->path);
1397
1411
1398
		if (nextstate == SSH_CHANNEL_DYNAMIC) {
1412
		if (nextstate == SSH_CHANNEL_DYNAMIC) {
1399
			/*
1413
			/*
Lines 2432-2438 channel_setup_fwd_listener(int type, con Link Here
2432
		error("No forward host name.");
2446
		error("No forward host name.");
2433
		return 0;
2447
		return 0;
2434
	}
2448
	}
2435
	if (strlen(host) > SSH_CHANNEL_PATH_LEN - 1) {
2449
	if (strlen(host) > NI_MAXHOST) {
2436
		error("Forward host name too long.");
2450
		error("Forward host name too long.");
2437
		return 0;
2451
		return 0;
2438
	}
2452
	}
Lines 2529-2535 channel_setup_fwd_listener(int type, con Link Here
2529
		c = channel_new("port listener", type, sock, sock, -1,
2543
		c = channel_new("port listener", type, sock, sock, -1,
2530
		    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
2544
		    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
2531
		    0, "port listener", 1);
2545
		    0, "port listener", 1);
2532
		strlcpy(c->path, host, sizeof(c->path));
2546
		c->path = xstrdup(host);
2533
		c->host_port = port_to_connect;
2547
		c->host_port = port_to_connect;
2534
		c->listening_port = listen_port;
2548
		c->listening_port = listen_port;
2535
		success = 1;
2549
		success = 1;
Lines 2551-2558 channel_cancel_rport_listener(const char Link Here
2551
		Channel *c = channels[i];
2565
		Channel *c = channels[i];
2552
2566
2553
		if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER &&
2567
		if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER &&
2554
		    strncmp(c->path, host, sizeof(c->path)) == 0 &&
2568
		    strcmp(c->path, host) == 0 && c->listening_port == port) {
2555
		    c->listening_port == port) {
2556
			debug2("%s: close channel %d", __func__, i);
2569
			debug2("%s: close channel %d", __func__, i);
2557
			channel_free(c);
2570
			channel_free(c);
2558
			found = 1;
2571
			found = 1;
(-)session.c (-1 / +1 lines)
Lines 221-227 auth_input_request_forwarding(struct pas Link Here
221
	    SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
221
	    SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
222
	    CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
222
	    CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
223
	    0, "auth socket", 1);
223
	    0, "auth socket", 1);
224
	strlcpy(nc->path, auth_sock_name, sizeof(nc->path));
224
	nc->path = xstrdup(auth_sock_name);
225
	return 1;
225
	return 1;
226
226
227
 authsock_err:
227
 authsock_err:

Return to bug 1380