Attachment #1613 for bug #1572




#include <sys/socket.h>

#include <netinet/in.h>
#include <sys/un.h>

#include <ctype.h>
#include <errno.h>

	addrlen = sizeof(addr);
	memset(&addr, 0, sizeof(addr));

	if (getsockname(sock, (struct sockaddr *)&addr, &addrlen) < 0)
		return NULL;

	if (addr.ss_family == AF_UNIX)
		return xstrdup(((struct sockaddr_un *)&addr)->sun_path);

	if (remote) {
		addrlen = sizeof(addr);
		if (getpeername(sock, (struct sockaddr *)&addr, &addrlen)
		    < 0)
			return NULL;
	} else {
		if (getsockname(sock, (struct sockaddr *)&addr, &addrlen)
		    < 0)
			return NULL;
	}
	/* Get the address in ascii. */
	if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop,

	/* Get IP address of client. */
	fromlen = sizeof(from);
	memset(&from, 0, sizeof(from));


	if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) {
		error("getsockname failed: %.100s", strerror(errno));
		return 0;
	}

	if (from.ss_family == AF_UNIX)
		return 0;

	if (!local) {
		fromlen = sizeof(from);
		if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) {
			debug("getpeername failed: %.100s", strerror(errno));
			return -1;

Lines 1233-1238 Link Here

(-)ssh//channels.c (+1 lines)
1233	ret = channel_decode_socks5(c, readset, writeset);	1233	ret = channel_decode_socks5(c, readset, writeset);
1234	break;	1234	break;
1235	default:	1235	default:
		1236	error("channel %d: bad SOCKS protocol version %d", c->self, p[0]);
1236	ret = -1;	1237	ret = -1;
1237	break;	1238	break;
1238	}	1239	}




}

int
ssh_msg_recv_body(int fd, u_int msg_len, Buffer *m)
{
	if (msg_len > 256 * 1024) {
		error("ssh_msg_recv_body: read: bad msg_len %u", msg_len);
		return (-1);
	}
	buffer_clear(m);
	buffer_append_space(m, msg_len);
	if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) {
		error("ssh_msg_recv: read: %s", strerror(errno));
		return (-1);
	}
	return (0);
}

int
ssh_msg_recv(int fd, Buffer *m)
{
	u_char buf[4];

		return (-1);
	}
	msg_len = get_u32(buf);
	return ssh_msg_recv_body(fd, msg_len, m);
		error("ssh_msg_recv: read: bad msg_len %u", msg_len);
		return (-1);
	}
	buffer_clear(m);
	buffer_append_space(m, msg_len);
	if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) {
		error("ssh_msg_recv: read: %s", strerror(errno));
		return (-1);
	}
	return (0);
}

Lines 27-31 Link Here

(-)ssh//msg.h (+1 lines)
27		27
28	int ssh_msg_send(int, u_char, Buffer *);	28	int ssh_msg_send(int, u_char, Buffer *);
29	int ssh_msg_recv(int, Buffer *);	29	int ssh_msg_recv(int, Buffer *);
		30	int ssh_msg_recv_body(int fd, u_int msg_len, Buffer *m);
30		31
31	#endif	32	#endif

Lines 68-73 Link Here

(-)ssh//mux.c (-4 / +40 lines)
68	#include "key.h"	68	#include "key.h"
69	#include "readconf.h"	69	#include "readconf.h"
70	#include "clientloop.h"	70	#include "clientloop.h"
		71	#include "atomicio.h"
71		72
72	/* from ssh.c */	73	/* from ssh.c */
73	extern int tty_flag;	74	extern int tty_flag;
Lines 217-222 Link Here
217	uid_t euid;	218	uid_t euid;
218	gid_t egid;	219	gid_t egid;
219	int start_close = 0;	220	int start_close = 0;
		221	u_char buf[4];
		222	u_int msg_len;
		223	Channel *nc;
220		224
221	/*	225	/*
222	* Accept connection on control socket	226	* Accept connection on control socket
Lines 244-253 Link Here
244	/* XXX handle asynchronously */	248	/* XXX handle asynchronously */
245	unset_nonblock(client_fd);	249	unset_nonblock(client_fd);
246		250
247	/* Read command */	251	/* We can distinguish if we are talking to a SOCKS client
248	buffer_init(&m);	252	* looking at the first byte: 0 indicates a mux packet, 4 and
249	if (ssh_msg_recv(client_fd, &m) == -1) {	253	* 5 a SOCKS request
250	error("%s: client msg_recv failed", __func__);	254	*/
		255	if (atomicio(read, client_fd, buf, 1) != 1) {
		256	error("%s: client read char failed", __func__);
		257	close (client_fd);
		258	return 0;
		259	}
		260
		261	if ((buf[0] == 4) \|\| (buf[0] == 5)) {
		262	/* create a new channel for the SOCKS request */
		263	debug("Connection to mux socket is a SOCKS%d request", buf[0]);
		264
		265	nc = channel_new("dynamic-tcpip", SSH_CHANNEL_DYNAMIC,
		266	client_fd, client_fd, -1,
		267	CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
		268	0, "dynamic-tcpip", 1);
		269	nc->listening_port = 0;
		270	nc->host_port = 0;
		271	buffer_append(&nc->input, buf, 1);
		272	nc->delayed = 1;
		273	return 0;
		274	}
		275
		276	/* Read mux command */
		277	if (atomicio(read, client_fd, buf+1, sizeof(buf) - 1) != (sizeof(buf) - 1)) {
		278	error("%s: client read msg length failed", __func__);
		279	close(client_fd);
		280	return 0;
		281	}
		282
		283	msg_len = get_u32(buf);
		284	buffer_init(&m);
		285	if (ssh_msg_recv_body(client_fd, msg_len, &m) == -1) {
		286	error("%s: client msg_recv_body failed", __func__);
251	close(client_fd);	287	close(client_fd);
252	buffer_free(&m);	288	buffer_free(&m);
253	return 0;	289	return 0;

Return to bug 1572

Lines 16-21 Link Here

(-)ssh//canohost.c (-10 / +20 lines)
16	#include <sys/socket.h>	16	#include <sys/socket.h>
17		17
18	#include <netinet/in.h>	18	#include <netinet/in.h>
		19	#include <sys/un.h>
19		20
20	#include <ctype.h>	21	#include <ctype.h>
21	#include <errno.h>	22	#include <errno.h>
Lines 217-230 Link Here
217	addrlen = sizeof(addr);	218	addrlen = sizeof(addr);
218	memset(&addr, 0, sizeof(addr));	219	memset(&addr, 0, sizeof(addr));
219		220
		221	if (getsockname(sock, (struct sockaddr *)&addr, &addrlen) < 0)
		222	return NULL;
		223
		224	if (addr.ss_family == AF_UNIX)
		225	return xstrdup(((struct sockaddr_un *)&addr)->sun_path);
		226
220	if (remote) {	227	if (remote) {
		228	addrlen = sizeof(addr);
221	if (getpeername(sock, (struct sockaddr *)&addr, &addrlen)	229	if (getpeername(sock, (struct sockaddr *)&addr, &addrlen)
222	< 0)	230	< 0)
223	return NULL;	231	return NULL;
224	} else {
225	if (getsockname(sock, (struct sockaddr *)&addr, &addrlen)
226	< 0)
227	return NULL;
228	}	232	}
229	/* Get the address in ascii. */	233	/* Get the address in ascii. */
230	if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop,	234	if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop,
Lines 311-322 Link Here
311	/* Get IP address of client. */	315	/* Get IP address of client. */
312	fromlen = sizeof(from);	316	fromlen = sizeof(from);
313	memset(&from, 0, sizeof(from));	317	memset(&from, 0, sizeof(from));
314	if (local) {	318
315	if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) {	319
316	error("getsockname failed: %.100s", strerror(errno));	320	if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) {
317	return 0;	321	error("getsockname failed: %.100s", strerror(errno));
318	}	322	return 0;
319	} else {	323	}
		324
		325	if (from.ss_family == AF_UNIX)
		326	return 0;
		327
		328	if (!local) {
		329	fromlen = sizeof(from);
320	if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) {	330	if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) {
321	debug("getpeername failed: %.100s", strerror(errno));	331	debug("getpeername failed: %.100s", strerror(errno));
322	return -1;	332	return -1;

Lines 60-65 Link Here

(-)ssh//msg.c (-11 / +17 lines)
60	}	60	}
61		61
62	int	62	int
		63	ssh_msg_recv_body(int fd, u_int msg_len, Buffer *m)
		64	{
		65	if (msg_len > 256 * 1024) {
		66	error("ssh_msg_recv_body: read: bad msg_len %u", msg_len);
		67	return (-1);
		68	}
		69	buffer_clear(m);
		70	buffer_append_space(m, msg_len);
		71	if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) {
		72	error("ssh_msg_recv: read: %s", strerror(errno));
		73	return (-1);
		74	}
		75	return (0);
		76	}
		77
		78	int
63	ssh_msg_recv(int fd, Buffer *m)	79	ssh_msg_recv(int fd, Buffer *m)
64	{	80	{
65	u_char buf[4];	81	u_char buf[4];
Lines 73-87 Link Here
73	return (-1);	89	return (-1);
74	}	90	}
75	msg_len = get_u32(buf);	91	msg_len = get_u32(buf);
76	if (msg_len > 256 * 1024) {	92	return ssh_msg_recv_body(fd, msg_len, m);
77	error("ssh_msg_recv: read: bad msg_len %u", msg_len);
78	return (-1);
79	}
80	buffer_clear(m);
81	buffer_append_space(m, msg_len);
82	if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) {
83	error("ssh_msg_recv: read: %s", strerror(errno));
84	return (-1);
85	}
86	return (0);
87	}	93	}