Attachment #179 for bug #413




		}
		cp = "permitopen=\"";
		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
			char *host;
			u_short port;
			char *patterns = xmalloc(strlen(opts) + 1);
			char *p;

			opts += strlen(cp);
			i = 0;

			}
			patterns[i] = 0;
			opts++;
			p = patterns;
			host = hpdelim(&p);
			if (!host) {
				debug("%.100s, line %lu: Bad permitopen specification "
				    "<%.100s>", file, linenum, patterns);
				packet_send_debug("%.100s, line %lu: "

				xfree(patterns);
				goto bad_option;
			}
			host = cleanhostname(host);
			port = p ? a2port(p) : 0;
			if (port == 0) {
				debug("%.100s, line %lu: Bad permitopen port <%.100s>",
				    file, linenum, p ? p : "");
				packet_send_debug("%.100s, line %lu: "
				    "Bad permitopen port", file, linenum);
				xfree(patterns);

Lines 2046-2054 Link Here

(-)openssh/channels.c (-9 / +38 lines)
2046	Channel *c;	2046	Channel *c;
2047	int success, sock, on = 1;	2047	int success, sock, on = 1;
2048	struct addrinfo hints, ai, aitop;	2048	struct addrinfo hints, ai, aitop;
2049	const char *host;	2049	const char host, addr;
2050	char ntop[NI_MAXHOST], strport[NI_MAXSERV];	2050	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
2051	struct linger linger;	2051	struct linger linger;
		2052	int wildcard = 0, is_server = 0;
2052		2053
2053	success = 0;	2054	success = 0;
2054	host = (type == SSH_CHANNEL_RPORT_LISTENER) ?	2055	host = (type == SSH_CHANNEL_RPORT_LISTENER) ?
Lines 2062-2079 Link Here
2062	error("Forward host name too long.");	2063	error("Forward host name too long.");
2063	return success;	2064	return success;
2064	}	2065	}
		2066	/*
		2067	* GatewayPorts is a default for the client, but a requirement
		2068	* for the server.
		2069	*/
		2070	if (type == SSH_CHANNEL_RPORT_LISTENER \|\| listen_addr == NULL)
		2071	is_server = 1;
2065		2072
2066	/*	2073	/*
2067	* getaddrinfo returns a loopback address if the hostname is	2074	* getaddrinfo returns a loopback address if the hostname is
2068	* set to NULL and hints.ai_flags is not AI_PASSIVE	2075	* set to NULL and hints.ai_flags is not AI_PASSIVE
2069	*/	2076	*/
		2077	if (is_server && !gateway_ports) {
		2078	/* enforce server policy */
		2079	addr = NULL;
		2080	} else {
		2081	if ( !listen_addr \|\| listen_addr[0] == '\0' \|\|
		2082	(!is_server && strcmp(listen_addr, "*") == 0) ) {
		2083	wildcard = 1;
		2084	addr = NULL;
		2085	} else {
		2086	if (listen_addr && listen_addr[0] == '\0')
		2087	addr = NULL;
		2088	else
		2089	addr = listen_addr;
		2090	}
		2091	}
2070	memset(&hints, 0, sizeof(hints));	2092	memset(&hints, 0, sizeof(hints));
2071	hints.ai_family = IPv4or6;	2093	hints.ai_family = IPv4or6;
2072	hints.ai_flags = gateway_ports ? AI_PASSIVE : 0;	2094	hints.ai_flags = wildcard ? AI_PASSIVE : 0;
2073	hints.ai_socktype = SOCK_STREAM;	2095	hints.ai_socktype = SOCK_STREAM;
2074	snprintf(strport, sizeof strport, "%d", listen_port);	2096	snprintf(strport, sizeof strport, "%d", listen_port);
2075	if (getaddrinfo(NULL, strport, &hints, &aitop) != 0)	2097	if (getaddrinfo(addr, strport, &hints, &aitop) != 0)
2076	packet_disconnect("getaddrinfo: fatal error");	2098	packet_disconnect("getaddrinfo: %.200s: fatal error",
		2099	addr ? addr : "(NULL)");
2077		2100
2078	for (ai = aitop; ai; ai = ai->ai_next) {	2101	for (ai = aitop; ai; ai = ai->ai_next) {
2079	if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)	2102	if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
Lines 2140-2150 Link Here
2140		2163
2141	/* protocol local port fwd, used by ssh (and sshd in v1) */	2164	/* protocol local port fwd, used by ssh (and sshd in v1) */
2142	int	2165	int
2143	channel_setup_local_fwd_listener(u_short listen_port,	2166	channel_setup_local_fwd_listener(const char *listen_host, u_short listen_port,
2144	const char *host_to_connect, u_short port_to_connect, int gateway_ports)	2167	const char *host_to_connect, u_short port_to_connect, int gateway_ports)
2145	{	2168	{
2146	return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER,	2169	return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER,
2147	NULL, listen_port, host_to_connect, port_to_connect, gateway_ports);	2170	listen_host, listen_port, host_to_connect, port_to_connect,
		2171	gateway_ports);
2148	}	2172	}
2149		2173
2150	/* protocol v2 remote port fwd, used by sshd */	2174	/* protocol v2 remote port fwd, used by sshd */
Lines 2162-2168 Link Here
2162	*/	2186	*/
2163		2187
2164	void	2188	void
2165	channel_request_remote_forwarding(u_short listen_port,	2189	channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
2166	const char *host_to_connect, u_short port_to_connect)	2190	const char *host_to_connect, u_short port_to_connect)
2167	{	2191	{
2168	int type, success = 0;	2192	int type, success = 0;
Lines 2173-2179 Link Here
2173		2197
2174	/* Send the forward request to the remote side. */	2198	/* Send the forward request to the remote side. */
2175	if (compat20) {	2199	if (compat20) {
2176	const char *address_to_bind = "0.0.0.0";	2200	const char *address_to_bind;
		2201	if (listen_host[0] == '\0' \|\| strcmp(listen_host, "*") == 0)
		2202	address_to_bind = "0.0.0.0";
		2203	else
		2204	address_to_bind = listen_host;
		2205
2177	packet_start(SSH2_MSG_GLOBAL_REQUEST);	2206	packet_start(SSH2_MSG_GLOBAL_REQUEST);
2178	packet_put_cstring("tcpip-forward");	2207	packet_put_cstring("tcpip-forward");
2179	packet_put_char(0); /* boolean: want reply */	2208	packet_put_char(0); /* boolean: want reply */
Lines 2241-2247 Link Here
2241	port);	2270	port);
2242	#endif	2271	#endif
2243	/* Initiate forwarding */	2272	/* Initiate forwarding */
2244	channel_setup_local_fwd_listener(port, hostname, host_port, gateway_ports);	2273	channel_setup_local_fwd_listener(NULL, port, hostname, host_port, gateway_ports);
2245		2274
2246	/* Free the argument string. */	2275	/* Free the argument string. */
2247	xfree(hostname);	2276	xfree(hostname);

Lines 189-196 Link Here

(-)openssh/channels.h (-2 / +5 lines)
189	void channel_input_port_forward_request(int, int);	189	void channel_input_port_forward_request(int, int);
190	int channel_connect_to(const char *, u_short);	190	int channel_connect_to(const char *, u_short);
191	int channel_connect_by_listen_address(u_short);	191	int channel_connect_by_listen_address(u_short);
192	void channel_request_remote_forwarding(u_short, const char *, u_short);	192	void
193	int channel_setup_local_fwd_listener(u_short, const char *, u_short, int);	193	channel_request_remote_forwarding(const char , u_short, const char , u_short);
		194	int
		195	channel_setup_local_fwd_listener(const char , u_short, const char , u_short,
		196	int);
194	int channel_setup_remote_fwd_listener(const char *, u_short, int);	197	int channel_setup_remote_fwd_listener(const char *, u_short, int);
195		198
196	/* x11 forwarding */	199	/* x11 forwarding */




	return total;
}

/* Search for next delimiter between hostnames/addresses and ports.
 * Argument may be modified (for termination).
 * Returns *cp if parsing succeeds.
 * *cp is set to the start of the next delimiter, if one was found.
 * If this is the last field, *cp is set to NULL.
 */
char *
hpdelim(char **cp)
{
	char *s, *old;

	if (!(cp && *cp))
		return NULL;

	old = s = *cp;
	if (*s == '[') {
		s = strchr(s, ']');
		if (!s)
			return NULL;
		else
			++s;
	} else {
		s = strpbrk(s, ":/");
		if (!s)
			s = *cp + strlen(*cp);	/* trailing null */
	}

	switch (*s) {
	case '\0':
		*cp = NULL;	/* no more fields*/
		break;
	
	case ':':
	case '/':
		*s = '\0';	/* terminate */
		*cp = s + 1;
		break;
	
	default:
		return NULL;
	}

	return old;
}

char *
cleanhostname(char *host)
{

Lines 17-22 Link Here

(-)openssh/misc.h (+1 lines)
17	void set_nonblock(int);	17	void set_nonblock(int);
18	void unset_nonblock(int);	18	void unset_nonblock(int);
19	int a2port(const char *);	19	int a2port(const char *);
		20	char hpdelim(char *);
20	char cleanhostname(char );	21	char cleanhostname(char );
21	char colon(char );	22	char colon(char );
22	long convtime(const char *);	23	long convtime(const char *);




 */

void
add_local_forward(Options *options, const char *listen_host,
		  u_short listen_port, const char *connect_host,
		  u_short connect_port)
{
	Forward *fwd;
#ifndef HAVE_CYGWIN
	extern uid_t original_real_uid;
	if (listen_port < IPPORT_RESERVED && original_real_uid != 0)
		fatal("Privileged ports can only be forwarded by root.");
#endif
	if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
		fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
	fwd = &options->local_forwards[options->num_local_forwards++];
	fwd->listen_host = xstrdup(listen_host);
	fwd->listen_port = listen_port;
	fwd->connect_host = xstrdup(connect_host);
	fwd->connect_port = connect_port;
}

/*

 */

void
add_remote_forward(Options *options, const char *listen_host,
		   u_short listen_port, const char *connect_host,
		   u_short connect_port)
{
	Forward *fwd;
	if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
		fatal("Too many remote forwards (max %d).",
		    SSH_MAX_FORWARDS_PER_DIRECTION);
	fwd = &options->remote_forwards[options->num_remote_forwards++];
	fwd->listen_host = xstrdup(listen_host);
	fwd->listen_port = listen_port;
	fwd->connect_host = xstrdup(connect_host);
	fwd->connect_port = connect_port;
}

static void

{
	int i;

	for (i = 0; i < options->num_local_forwards; i++) {
		xfree(options->local_forwards[i].listen_host);
		xfree(options->local_forwards[i].connect_host);
	}
	options->num_local_forwards = 0;
	for (i = 0; i < options->num_remote_forwards; i++) {
		xfree(options->remote_forwards[i].listen_host);
		xfree(options->remote_forwards[i].connect_host);
	}
	options->num_remote_forwards = 0;
}


		    char *line, const char *filename, int linenum,
		    int *activep)
{
	char *s, *string, **charptr, *endofnumber, *keyword, *arg, *arg2;
	int opcode, *intptr, value, i;
	u_short fwd_lport, fwd_cport;
	char *fwd_lhost, *fwd_chost, *fwdarg[4];

	s = line;
	/* Get the keyword. (Each line is supposed to begin with a keyword). */

		if (!arg || *arg == '\0')
			fatal("%.200s line %d: Missing port argument.",
			    filename, linenum);
		arg2 = strdelim(&s); /* optional second arg */

		for (i = 0; i < 4; ++i) {
			fwdarg[i] = hpdelim(&arg);
			if (!fwdarg[i])
				break;
			if (i<2 && !arg && arg2) {
				arg = arg2;
				arg2 = NULL;
			}
		}
		switch(i) {
		case 3:
			fwd_lhost = "";
			fwd_lport = a2port(fwdarg[0]);
			fwd_chost = cleanhostname(fwdarg[1]);
			fwd_cport = a2port(fwdarg[2]);
			break;
		case 4:
			fwd_lhost = cleanhostname(fwdarg[0]);
			fwd_lport = a2port(fwdarg[1]);
			fwd_chost = cleanhostname(fwdarg[2]);
			fwd_cport = a2port(fwdarg[3]);
			
			break;
		default:
			fatal("%.200s line %d: Bad forwarding specification.",
			    filename, linenum);
			/* NOTREACHED */
		}

		if (fwd_lport == 0)
			fatal("%.200s line %d: Bad listen port.",
			    filename, linenum);
		if (fwd_cport == 0)
			fatal("%.200s line %d: Bad forwarding port.",
			    filename, linenum);

		if (*activep) {
			if (opcode == oLocalForward)
				add_local_forward(options,
				    fwd_lhost, fwd_lport,
				    fwd_chost, fwd_cport);
			else if (opcode == oRemoteForward)
				add_remote_forward(options,
				    fwd_lhost, fwd_lport,
				    fwd_chost, fwd_cport);
		}
		break;


		if (!arg || *arg == '\0')
			fatal("%.200s line %d: Missing port argument.",
			    filename, linenum);
		fwd_lport = 0;
		fwd_lhost = hpdelim(&arg);
		if (!fwd_lhost)
			fatal("%.200s line %d: Bad forwarding specification.",
			    filename, linenum);
		if (arg) {
			fwd_lport = a2port(arg);
			fwd_lhost = cleanhostname(fwd_lhost);
		} else {
			fwd_lport = a2port(fwd_lhost);
			fwd_lhost = "";
		}
		if (fwd_lport == 0)
			fatal("%.200s line %d: Badly formatted port number.",
			    filename, linenum);
		if (*activep)
			add_local_forward(options, fwd_lhost, fwd_lport,
			    "socks4", 0);
		break;

	case oClearAllForwardings:

Lines 21-29 Link Here

(-)openssh/readconf.h (-5 / +8 lines)
21	/* Data structure for representing a forwarding request. */	21	/* Data structure for representing a forwarding request. */
22		22
23	typedef struct {	23	typedef struct {
24	u_short port; /* Port to forward. */	24	char listen_host; / Host (address) to listen on. */
25	char host; / Host to connect. */	25	u_short listen_port; /* Port to forward. */
26	u_short host_port; /* Port to connect on host. */	26	char connect_host; / Host to connect. */
		27	u_short connect_port; /* Port to connect on connect_host. */
27	} Forward;	28	} Forward;
28	/* Data structure for representing option data. */	29	/* Data structure for representing option data. */
29		30
Lines 112-118 Link Here
112	int	113	int
113	process_config_line(Options , const char , char , const char , int, int *);	114	process_config_line(Options , const char , char , const char , int, int *);
114		115
115	void add_local_forward(Options , u_short, const char , u_short);	116	void
116	void add_remote_forward(Options , u_short, const char , u_short);	117	add_local_forward(Options , const char , u_short, const char *, u_short);
		118	void
		119	add_remote_forward(Options , const char , u_short, const char *, u_short);
117		120
118	#endif /* READCONF_H */	121	#endif /* READCONF_H */




	int *intptr, value;
	ServerOpCodes opcode;
	int i, n;
	ushort port;

	cp = line;
	arg = strdelim(&cp);


	case sListenAddress:
		arg = strdelim(&cp);
		if (!arg || *arg == '\0')
			fatal("%s line %d: missing inet addr.",
			    filename, linenum);
		p = hpdelim(&arg);
		if (!p)
			fatal("%s line %d: bad inet addr:port usage.",
			    filename, linenum);
		p = cleanhostname(p);
		if (arg) {
			port = a2port(arg);
			if (port == 0) {
				fatal("%s line %d: bad port number.",
				    filename, linenum);
				/* NOTREACHED */
			}
		} else {
			port = 0;
			add_listen_addr(options, arg, 0);
			break;
		}
		if (*p == ':') {
			u_short port;

		add_listen_addr(options, p, port);

				fatal("%s line %d: bad inet addr:port usage.",
				    filename, linenum);
			else {
				*(p-1) = '\0';
				if ((port = a2port(p)) == 0)
					fatal("%s line %d: bad port number.",
					    filename, linenum);
				add_listen_addr(options, arg, port);
			}
		} else if (*p == '\0')
			add_listen_addr(options, arg, 0);
		else
			fatal("%s line %d: bad inet addr usage.",
			    filename, linenum);
		break;

	case sHostKeyFile:




	fprintf(stderr, "  -c cipher   Select encryption algorithm\n");
	fprintf(stderr, "  -m macs     Specify MAC algorithms for protocol version 2.\n");
	fprintf(stderr, "  -p port     Connect to this port.  Server must be on the same port.\n");
	fprintf(stderr, "  -L [listen-host]:listen-port:host:port   Forward local port to remote address\n");
	fprintf(stderr, "  -R [listen-host]:listen-port:host:port   Forward remote port to local address\n");
	fprintf(stderr, "              These cause %s to listen for connections on a port, and\n", __progname);
	fprintf(stderr, "              forward them to the other side by connecting to host:port.\n");
	fprintf(stderr, "  -D [listen-host]:port     Enable dynamic application-level port forwarding.\n");
	fprintf(stderr, "  -C          Enable compression.\n");
	fprintf(stderr, "  -N          Do not execute a shell or command.\n");
	fprintf(stderr, "  -g          Allow remote hosts to connect to forwarded ports.\n");

main(int ac, char **av)
{
	int i, opt, exit_status, cerr;
	u_short fwd_lport, fwd_cport;
	char *fwdarg[4], *fwd_lhost, *fwd_chost;
	char *p, *cp, buf[256];
	struct stat st;
	struct passwd *pw;


		case 'L':
		case 'R':
			cp = p = xstrdup(optarg);
			for (i = 0; i < 4; ++i)
				if ( !(fwdarg[i] = hpdelim(&cp)) )
					break;
			switch(i) {
			case 3:
				fwd_lhost = "";
				fwd_lport = a2port(fwdarg[0]);
				fwd_chost = cleanhostname(fwdarg[1]);
				fwd_cport = a2port(fwdarg[2]);
				break;

			case 4:
				fwd_lhost = cleanhostname(fwdarg[0]);
				fwd_lport = a2port(fwdarg[1]);
				fwd_chost = cleanhostname(fwdarg[2]);
				fwd_cport = a2port(fwdarg[3]);
				break;

			default:
				fprintf(stderr,
				    "Bad forwarding specification '%s'\n",
				    optarg);
				xfree(p);
				exit(1);
				/* NOTREACHED */
			}
			if (fwd_lport == 0 || fwd_cport == 0) {
	  		    (fwd_host_port = a2port(sfwd_host_port)) == 0) {
				fprintf(stderr,
				    "Bad forwarding port(s) '%s'\n", optarg);
				xfree(p);
				exit(1);
			}
			if (opt == 'L')
				add_local_forward(&options,
				    fwd_lhost, fwd_lport,
				    fwd_chost, fwd_cport);

			else if (opt == 'R')
				add_remote_forward(&options,
				    fwd_lhost, fwd_lport,
				    fwd_chost, fwd_cport);
			xfree(p);
			break;

		case 'D':
			cp = p = xstrdup(optarg);
			fwd_lport = 0;
			fwd_lhost = hpdelim(&cp);	/* may be NULL */
			if (cp) {
				fwd_lport = a2port(cp);
				fwd_lhost = cleanhostname(fwd_lhost);
			} else {
				fwd_lport = a2port(fwd_lhost);
				fwd_lhost = "";
			}

			if (fwd_lport == 0) {
				fprintf(stderr, "Bad dynamic port '%s'\n",
				    optarg);
				xfree(p);
				exit(1);
			}
			add_local_forward(&options,
			    fwd_lhost, fwd_lport, "socks4", 0);
			xfree(p);
			break;

		case 'C':

{
	int success = 0;
	int i;
	char *listen_host;

	/* Initiate local TCP/IP port forwardings. */
	for (i = 0; i < options.num_local_forwards; i++) {
		listen_host = options.local_forwards[i].listen_host;
		if (listen_host[0] == '\0' && !options.gateway_ports)
			listen_host = "localhost";
		debug("Connections to local port %.200s:%d forwarded to remote address %.200s:%d",
		    listen_host,
		    options.local_forwards[i].listen_port,
		    options.local_forwards[i].connect_host,
		    options.local_forwards[i].connect_port);
		success += channel_setup_local_fwd_listener(
		    listen_host,
		    options.local_forwards[i].listen_port,
		    options.local_forwards[i].connect_host,
		    options.local_forwards[i].connect_port,
		    options.gateway_ports);
	}
	if (i > 0 && success == 0)


	/* Initiate remote TCP/IP port forwardings. */
	for (i = 0; i < options.num_remote_forwards; i++) {
		listen_host = options.remote_forwards[i].listen_host;
		if (listen_host[0] == '\0' && !options.gateway_ports)
			listen_host = "localhost";
		debug("Connections to remote port %.200s:%d forwarded to local address %.200s:%d",
		    listen_host,
		    options.remote_forwards[i].listen_port,
		    options.remote_forwards[i].connect_host,
		    options.remote_forwards[i].connect_port);
		channel_request_remote_forwarding(
		    listen_host,
		    options.remote_forwards[i].listen_port,
		    options.remote_forwards[i].connect_host,
		    options.remote_forwards[i].connect_port);
	}
}


Return to bug 413

Lines 251-256 Link Here

(-)openssh/misc.c (+45 lines)
251	return total;	251	return total;
252	}	252	}
253		253
		254	/* Search for next delimiter between hostnames/addresses and ports.
		255	* Argument may be modified (for termination).
		256	* Returns *cp if parsing succeeds.
		257	* *cp is set to the start of the next delimiter, if one was found.
		258	* If this is the last field, *cp is set to NULL.
		259	*/
		260	char *
		261	hpdelim(char **cp)
		262	{
		263	char s, old;
		264
		265	if (!(cp && *cp))
		266	return NULL;
		267
		268	old = s = *cp;
		269	if (*s == '[') {
		270	s = strchr(s, ']');
		271	if (!s)
		272	return NULL;
		273	else
		274	++s;
		275	} else {
		276	s = strpbrk(s, ":/");
		277	if (!s)
		278	s = cp + strlen(cp); /* trailing null */
		279	}
		280
		281	switch (*s) {
		282	case '\0':
		283	cp = NULL; / no more fields*/
		284	break;
		285
		286	case ':':
		287	case '/':
		288	s = '\0'; / terminate */
		289	*cp = s + 1;
		290	break;
		291
		292	default:
		293	return NULL;
		294	}
		295
		296	return old;
		297	}
		298
254	char *	299	char *
255	cleanhostname(char *host)	300	cleanhostname(char *host)
256	{	301	{

Lines 403-408 Link Here

(-)openssh/servconf.c (-28 / +17 lines)
403	int *intptr, value;	403	int *intptr, value;
404	ServerOpCodes opcode;	404	ServerOpCodes opcode;
405	int i, n;	405	int i, n;
		406	ushort port;
406		407
407	cp = line;	408	cp = line;
408	arg = strdelim(&cp);	409	arg = strdelim(&cp);
Lines 475-513 Link Here
475		476
476	case sListenAddress:	477	case sListenAddress:
477	arg = strdelim(&cp);	478	arg = strdelim(&cp);
478	if (!arg \|\| *arg == '\0' \|\| strncmp(arg, "[]", 2) == 0)	479	if (!arg \|\| *arg == '\0')
479	fatal("%s line %d: missing inet addr.",	480	fatal("%s line %d: missing inet addr.",
480	filename, linenum);	481	filename, linenum);
481	if (*arg == '[') {	482	p = hpdelim(&arg);
482	if ((p = strchr(arg, ']')) == NULL)	483	if (!p)
483	fatal("%s line %d: bad ipv6 inet addr usage.",	484	fatal("%s line %d: bad inet addr:port usage.",
		485	filename, linenum);
		486	p = cleanhostname(p);
		487	if (arg) {
		488	port = a2port(arg);
		489	if (port == 0) {
		490	fatal("%s line %d: bad port number.",
484	filename, linenum);	491	filename, linenum);
485	arg++;	492	/* NOTREACHED */
486	memmove(p, p+1, strlen(p+1)+1);	493	}
487	} else if (((p = strchr(arg, ':')) == NULL) \|\|	494	} else {
488	(strchr(p+1, ':') != NULL)) {	495	port = 0;
489	add_listen_addr(options, arg, 0);
490	break;
491	}	496	}
492	if (*p == ':') {
493	u_short port;
494		497
495	p++;	498	add_listen_addr(options, p, port);
496	if (*p == '\0')	499
497	fatal("%s line %d: bad inet addr:port usage.",
498	filename, linenum);
499	else {
500	*(p-1) = '\0';
501	if ((port = a2port(p)) == 0)
502	fatal("%s line %d: bad port number.",
503	filename, linenum);
504	add_listen_addr(options, arg, port);
505	}
506	} else if (*p == '\0')
507	add_listen_addr(options, arg, 0);
508	else
509	fatal("%s line %d: bad inet addr usage.",
510	filename, linenum);
511	break;	500	break;
512		501
513	case sHostKeyFile:	502	case sHostKeyFile:

Lines 182-192 Link Here

(-)openssh/ssh.c (-33 / +78 lines)
182	fprintf(stderr, " -c cipher Select encryption algorithm\n");	182	fprintf(stderr, " -c cipher Select encryption algorithm\n");
183	fprintf(stderr, " -m macs Specify MAC algorithms for protocol version 2.\n");	183	fprintf(stderr, " -m macs Specify MAC algorithms for protocol version 2.\n");
184	fprintf(stderr, " -p port Connect to this port. Server must be on the same port.\n");	184	fprintf(stderr, " -p port Connect to this port. Server must be on the same port.\n");
185	fprintf(stderr, " -L listen-port:host:port Forward local port to remote address\n");	185	fprintf(stderr, " -L [listen-host]:listen-port:host:port Forward local port to remote address\n");
186	fprintf(stderr, " -R listen-port:host:port Forward remote port to local address\n");	186	fprintf(stderr, " -R [listen-host]:listen-port:host:port Forward remote port to local address\n");
187	fprintf(stderr, " These cause %s to listen for connections on a port, and\n", __progname);	187	fprintf(stderr, " These cause %s to listen for connections on a port, and\n", __progname);
188	fprintf(stderr, " forward them to the other side by connecting to host:port.\n");	188	fprintf(stderr, " forward them to the other side by connecting to host:port.\n");
189	fprintf(stderr, " -D port Enable dynamic application-level port forwarding.\n");	189	fprintf(stderr, " -D [listen-host]:port Enable dynamic application-level port forwarding.\n");
190	fprintf(stderr, " -C Enable compression.\n");	190	fprintf(stderr, " -C Enable compression.\n");
191	fprintf(stderr, " -N Do not execute a shell or command.\n");	191	fprintf(stderr, " -N Do not execute a shell or command.\n");
192	fprintf(stderr, " -g Allow remote hosts to connect to forwarded ports.\n");	192	fprintf(stderr, " -g Allow remote hosts to connect to forwarded ports.\n");
Lines 249-256 Link Here
249	main(int ac, char **av)	249	main(int ac, char **av)
250	{	250	{
251	int i, opt, exit_status, cerr;	251	int i, opt, exit_status, cerr;
252	u_short fwd_port, fwd_host_port;	252	u_short fwd_lport, fwd_cport;
253	char sfwd_port[6], sfwd_host_port[6];	253	char fwdarg[4], fwd_lhost, *fwd_chost;
254	char p, cp, buf[256];	254	char p, cp, buf[256];
255	struct stat st;	255	struct stat st;
256	struct passwd *pw;	256	struct passwd *pw;
Lines 464-501 Link Here
464		464
465	case 'L':	465	case 'L':
466	case 'R':	466	case 'R':
467	if (sscanf(optarg, "%5[0-9]:%255[^:]:%5[0-9]",	467	cp = p = xstrdup(optarg);
468	sfwd_port, buf, sfwd_host_port) != 3 &&	468	for (i = 0; i < 4; ++i)
469	sscanf(optarg, "%5[0-9]/%255[^/]/%5[0-9]",	469	if ( !(fwdarg[i] = hpdelim(&cp)) )
470	sfwd_port, buf, sfwd_host_port) != 3) {	470	break;
		471	switch(i) {
		472	case 3:
		473	fwd_lhost = "";
		474	fwd_lport = a2port(fwdarg[0]);
		475	fwd_chost = cleanhostname(fwdarg[1]);
		476	fwd_cport = a2port(fwdarg[2]);
		477	break;
		478
		479	case 4:
		480	fwd_lhost = cleanhostname(fwdarg[0]);
		481	fwd_lport = a2port(fwdarg[1]);
		482	fwd_chost = cleanhostname(fwdarg[2]);
		483	fwd_cport = a2port(fwdarg[3]);
		484	break;
		485
		486	default:
471	fprintf(stderr,	487	fprintf(stderr,
472	"Bad forwarding specification '%s'\n",	488	"Bad forwarding specification '%s'\n",
473	optarg);	489	optarg);
474	usage();	490	xfree(p);
		491	exit(1);
475	/* NOTREACHED */	492	/* NOTREACHED */
476	}	493	}
477	if ((fwd_port = a2port(sfwd_port)) == 0 \|\|	494	if (fwd_lport == 0 \|\| fwd_cport == 0) {
478	(fwd_host_port = a2port(sfwd_host_port)) == 0) {
479	fprintf(stderr,	495	fprintf(stderr,
480	"Bad forwarding port(s) '%s'\n", optarg);	496	"Bad forwarding port(s) '%s'\n", optarg);
		497	xfree(p);
481	exit(1);	498	exit(1);
482	}	499	}
483	if (opt == 'L')	500	if (opt == 'L')
484	add_local_forward(&options, fwd_port, buf,	501	add_local_forward(&options,
485	fwd_host_port);	502	fwd_lhost, fwd_lport,
		503	fwd_chost, fwd_cport);
		504
486	else if (opt == 'R')	505	else if (opt == 'R')
487	add_remote_forward(&options, fwd_port, buf,	506	add_remote_forward(&options,
488	fwd_host_port);	507	fwd_lhost, fwd_lport,
		508	fwd_chost, fwd_cport);
		509	xfree(p);
489	break;	510	break;
490		511
491	case 'D':	512	case 'D':
492	fwd_port = a2port(optarg);	513	cp = p = xstrdup(optarg);
493	if (fwd_port == 0) {	514	fwd_lport = 0;
		515	fwd_lhost = hpdelim(&cp); /* may be NULL */
		516	if (cp) {
		517	fwd_lport = a2port(cp);
		518	fwd_lhost = cleanhostname(fwd_lhost);
		519	} else {
		520	fwd_lport = a2port(fwd_lhost);
		521	fwd_lhost = "";
		522	}
		523
		524	if (fwd_lport == 0) {
494	fprintf(stderr, "Bad dynamic port '%s'\n",	525	fprintf(stderr, "Bad dynamic port '%s'\n",
495	optarg);	526	optarg);
		527	xfree(p);
496	exit(1);	528	exit(1);
497	}	529	}
498	add_local_forward(&options, fwd_port, "socks4", 0);	530	add_local_forward(&options,
		531	fwd_lhost, fwd_lport, "socks4", 0);
		532	xfree(p);
499	break;	533	break;
500		534
501	case 'C':	535	case 'C':
Lines 834-850 Link Here
834	{	868	{
835	int success = 0;	869	int success = 0;
836	int i;	870	int i;
		871	char *listen_host;
837		872
838	/* Initiate local TCP/IP port forwardings. */	873	/* Initiate local TCP/IP port forwardings. */
839	for (i = 0; i < options.num_local_forwards; i++) {	874	for (i = 0; i < options.num_local_forwards; i++) {
840	debug("Connections to local port %d forwarded to remote address %.200s:%d",	875	listen_host = options.local_forwards[i].listen_host;
841	options.local_forwards[i].port,	876	if (listen_host[0] == '\0' && !options.gateway_ports)
842	options.local_forwards[i].host,	877	listen_host = "localhost";
843	options.local_forwards[i].host_port);	878	debug("Connections to local port %.200s:%d forwarded to remote address %.200s:%d",
		879	listen_host,
		880	options.local_forwards[i].listen_port,
		881	options.local_forwards[i].connect_host,
		882	options.local_forwards[i].connect_port);
844	success += channel_setup_local_fwd_listener(	883	success += channel_setup_local_fwd_listener(
845	options.local_forwards[i].port,	884	listen_host,
846	options.local_forwards[i].host,	885	options.local_forwards[i].listen_port,
847	options.local_forwards[i].host_port,	886	options.local_forwards[i].connect_host,
		887	options.local_forwards[i].connect_port,
848	options.gateway_ports);	888	options.gateway_ports);
849	}	889	}
850	if (i > 0 && success == 0)	890	if (i > 0 && success == 0)
Lines 852-865 Link Here
852		892
853	/* Initiate remote TCP/IP port forwardings. */	893	/* Initiate remote TCP/IP port forwardings. */
854	for (i = 0; i < options.num_remote_forwards; i++) {	894	for (i = 0; i < options.num_remote_forwards; i++) {
855	debug("Connections to remote port %d forwarded to local address %.200s:%d",	895	listen_host = options.remote_forwards[i].listen_host;
856	options.remote_forwards[i].port,	896	if (listen_host[0] == '\0' && !options.gateway_ports)
857	options.remote_forwards[i].host,	897	listen_host = "localhost";
858	options.remote_forwards[i].host_port);	898	debug("Connections to remote port %.200s:%d forwarded to local address %.200s:%d",
		899	listen_host,
		900	options.remote_forwards[i].listen_port,
		901	options.remote_forwards[i].connect_host,
		902	options.remote_forwards[i].connect_port);
859	channel_request_remote_forwarding(	903	channel_request_remote_forwarding(
860	options.remote_forwards[i].port,	904	listen_host,
861	options.remote_forwards[i].host,	905	options.remote_forwards[i].listen_port,
862	options.remote_forwards[i].host_port);	906	options.remote_forwards[i].connect_host,
		907	options.remote_forwards[i].connect_port);
863	}	908	}
864	}	909	}
865		910

Lines 214-222 Link Here

(-)openssh/auth-options.c (-5 / +9 lines)
214	}	214	}
215	cp = "permitopen=\"";	215	cp = "permitopen=\"";
216	if (strncasecmp(opts, cp, strlen(cp)) == 0) {	216	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
217	char host[256], sport[6];	217	char *host;
218	u_short port;	218	u_short port;
219	char *patterns = xmalloc(strlen(opts) + 1);	219	char *patterns = xmalloc(strlen(opts) + 1);
		220	char *p;
220		221
221	opts += strlen(cp);	222	opts += strlen(cp);
222	i = 0;	223	i = 0;
Lines 240-247 Link Here
240	}	241	}
241	patterns[i] = 0;	242	patterns[i] = 0;
242	opts++;	243	opts++;
243	if (sscanf(patterns, "%255[^:]:%5[0-9]", host, sport) != 2 &&	244	p = patterns;
244	sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) {	245	host = hpdelim(&p);
		246	if (!host) {
245	debug("%.100s, line %lu: Bad permitopen specification "	247	debug("%.100s, line %lu: Bad permitopen specification "
246	"<%.100s>", file, linenum, patterns);	248	"<%.100s>", file, linenum, patterns);
247	packet_send_debug("%.100s, line %lu: "	249	packet_send_debug("%.100s, line %lu: "
Lines 249-257 Link Here
249	xfree(patterns);	251	xfree(patterns);
250	goto bad_option;	252	goto bad_option;
251	}	253	}
252	if ((port = a2port(sport)) == 0) {	254	host = cleanhostname(host);
		255	port = p ? a2port(p) : 0;
		256	if (port == 0) {
253	debug("%.100s, line %lu: Bad permitopen port <%.100s>",	257	debug("%.100s, line %lu: Bad permitopen port <%.100s>",
254	file, linenum, sport);	258	file, linenum, p ? p : "");
255	packet_send_debug("%.100s, line %lu: "	259	packet_send_debug("%.100s, line %lu: "
256	"Bad permitopen port", file, linenum);	260	"Bad permitopen port", file, linenum);
257	xfree(patterns);	261	xfree(patterns);

Lines 196-216 Link Here

(-)openssh/readconf.c (-36 / +82 lines)
196	*/	196	*/
197		197
198	void	198	void
199	add_local_forward(Options options, u_short port, const char host,	199	add_local_forward(Options options, const char listen_host,
200	u_short host_port)	200	u_short listen_port, const char *connect_host,
		201	u_short connect_port)
201	{	202	{
202	Forward *fwd;	203	Forward *fwd;
203	#ifndef HAVE_CYGWIN	204	#ifndef HAVE_CYGWIN
204	extern uid_t original_real_uid;	205	extern uid_t original_real_uid;
205	if (port < IPPORT_RESERVED && original_real_uid != 0)	206	if (listen_port < IPPORT_RESERVED && original_real_uid != 0)
206	fatal("Privileged ports can only be forwarded by root.");	207	fatal("Privileged ports can only be forwarded by root.");
207	#endif	208	#endif
208	if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)	209	if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
209	fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);	210	fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
210	fwd = &options->local_forwards[options->num_local_forwards++];	211	fwd = &options->local_forwards[options->num_local_forwards++];
211	fwd->port = port;	212	fwd->listen_host = xstrdup(listen_host);
212	fwd->host = xstrdup(host);	213	fwd->listen_port = listen_port;
213	fwd->host_port = host_port;	214	fwd->connect_host = xstrdup(connect_host);
		215	fwd->connect_port = connect_port;
214	}	216	}
215		217
216	/*	218	/*
Lines 219-235 Link Here
219	*/	221	*/
220		222
221	void	223	void
222	add_remote_forward(Options options, u_short port, const char host,	224	add_remote_forward(Options options, const char listen_host,
223	u_short host_port)	225	u_short listen_port, const char *connect_host,
		226	u_short connect_port)
224	{	227	{
225	Forward *fwd;	228	Forward *fwd;
226	if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)	229	if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
227	fatal("Too many remote forwards (max %d).",	230	fatal("Too many remote forwards (max %d).",
228	SSH_MAX_FORWARDS_PER_DIRECTION);	231	SSH_MAX_FORWARDS_PER_DIRECTION);
229	fwd = &options->remote_forwards[options->num_remote_forwards++];	232	fwd = &options->remote_forwards[options->num_remote_forwards++];
230	fwd->port = port;	233	fwd->listen_host = xstrdup(listen_host);
231	fwd->host = xstrdup(host);	234	fwd->listen_port = listen_port;
232	fwd->host_port = host_port;	235	fwd->connect_host = xstrdup(connect_host);
		236	fwd->connect_port = connect_port;
233	}	237	}
234		238
235	static void	239	static void
Lines 237-247 Link Here
237	{	241	{
238	int i;	242	int i;
239		243
240	for (i = 0; i < options->num_local_forwards; i++)	244	for (i = 0; i < options->num_local_forwards; i++) {
241	xfree(options->local_forwards[i].host);	245	xfree(options->local_forwards[i].listen_host);
		246	xfree(options->local_forwards[i].connect_host);
		247	}
242	options->num_local_forwards = 0;	248	options->num_local_forwards = 0;
243	for (i = 0; i < options->num_remote_forwards; i++)	249	for (i = 0; i < options->num_remote_forwards; i++) {
244	xfree(options->remote_forwards[i].host);	250	xfree(options->remote_forwards[i].listen_host);
		251	xfree(options->remote_forwards[i].connect_host);
		252	}
245	options->num_remote_forwards = 0;	253	options->num_remote_forwards = 0;
246	}	254	}
247		255
Lines 273-282 Link Here
273	char line, const char filename, int linenum,	281	char line, const char filename, int linenum,
274	int *activep)	282	int *activep)
275	{	283	{
276	char buf[256], s, string, *charptr, endofnumber, keyword, arg;	284	char s, string, *charptr, endofnumber, keyword, arg, *arg2;
277	int opcode, *intptr, value;	285	int opcode, *intptr, value, i;
278	u_short fwd_port, fwd_host_port;	286	u_short fwd_lport, fwd_cport;
279	char sfwd_host_port[6];	287	char fwd_lhost, fwd_chost, *fwdarg[4];
280		288
281	s = line;	289	s = line;
282	/* Get the keyword. (Each line is supposed to begin with a keyword). */	290	/* Get the keyword. (Each line is supposed to begin with a keyword). */
Lines 604-630 Link Here
604	if (!arg \|\| *arg == '\0')	612	if (!arg \|\| *arg == '\0')
605	fatal("%.200s line %d: Missing port argument.",	613	fatal("%.200s line %d: Missing port argument.",
606	filename, linenum);	614	filename, linenum);
607	if ((fwd_port = a2port(arg)) == 0)	615	arg2 = strdelim(&s); /* optional second arg */
608	fatal("%.200s line %d: Bad listen port.",	616
609	filename, linenum);	617	for (i = 0; i < 4; ++i) {
610	arg = strdelim(&s);	618	fwdarg[i] = hpdelim(&arg);
611	if (!arg \|\| *arg == '\0')	619	if (!fwdarg[i])
612	fatal("%.200s line %d: Missing second argument.",	620	break;
613	filename, linenum);	621	if (i<2 && !arg && arg2) {
614	if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&	622	arg = arg2;
615	sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)	623	arg2 = NULL;
		624	}
		625	}
		626	switch(i) {
		627	case 3:
		628	fwd_lhost = "";
		629	fwd_lport = a2port(fwdarg[0]);
		630	fwd_chost = cleanhostname(fwdarg[1]);
		631	fwd_cport = a2port(fwdarg[2]);
		632	break;
		633	case 4:
		634	fwd_lhost = cleanhostname(fwdarg[0]);
		635	fwd_lport = a2port(fwdarg[1]);
		636	fwd_chost = cleanhostname(fwdarg[2]);
		637	fwd_cport = a2port(fwdarg[3]);
		638
		639	break;
		640	default:
616	fatal("%.200s line %d: Bad forwarding specification.",	641	fatal("%.200s line %d: Bad forwarding specification.",
617	filename, linenum);	642	filename, linenum);
618	if ((fwd_host_port = a2port(sfwd_host_port)) == 0)	643	/* NOTREACHED */
		644	}
		645
		646	if (fwd_lport == 0)
		647	fatal("%.200s line %d: Bad listen port.",
		648	filename, linenum);
		649	if (fwd_cport == 0)
619	fatal("%.200s line %d: Bad forwarding port.",	650	fatal("%.200s line %d: Bad forwarding port.",
620	filename, linenum);	651	filename, linenum);
		652
621	if (*activep) {	653	if (*activep) {
622	if (opcode == oLocalForward)	654	if (opcode == oLocalForward)
623	add_local_forward(options, fwd_port, buf,	655	add_local_forward(options,
624	fwd_host_port);	656	fwd_lhost, fwd_lport,
		657	fwd_chost, fwd_cport);
625	else if (opcode == oRemoteForward)	658	else if (opcode == oRemoteForward)
626	add_remote_forward(options, fwd_port, buf,	659	add_remote_forward(options,
627	fwd_host_port);	660	fwd_lhost, fwd_lport,
		661	fwd_chost, fwd_cport);
628	}	662	}
629	break;	663	break;
630		664
Lines 633-644 Link Here
633	if (!arg \|\| *arg == '\0')	667	if (!arg \|\| *arg == '\0')
634	fatal("%.200s line %d: Missing port argument.",	668	fatal("%.200s line %d: Missing port argument.",
635	filename, linenum);	669	filename, linenum);
636	fwd_port = a2port(arg);	670	fwd_lport = 0;
637	if (fwd_port == 0)	671	fwd_lhost = hpdelim(&arg);
		672	if (!fwd_lhost)
		673	fatal("%.200s line %d: Bad forwarding specification.",
		674	filename, linenum);
		675	if (arg) {
		676	fwd_lport = a2port(arg);
		677	fwd_lhost = cleanhostname(fwd_lhost);
		678	} else {
		679	fwd_lport = a2port(fwd_lhost);
		680	fwd_lhost = "";
		681	}
		682	if (fwd_lport == 0)
638	fatal("%.200s line %d: Badly formatted port number.",	683	fatal("%.200s line %d: Badly formatted port number.",
639	filename, linenum);	684	filename, linenum);
640	if (*activep)	685	if (*activep)
641	add_local_forward(options, fwd_port, "socks4", 0);	686	add_local_forward(options, fwd_lhost, fwd_lport,
		687	"socks4", 0);
642	break;	688	break;
643		689
644	case oClearAllForwardings:	690	case oClearAllForwardings: