Attachment #2340 for bug #1211




static int
ssh_create_socket(int privileged, struct addrinfo *ai)
{
	int sock, r, gaierr;
	struct addrinfo hints, *res;

	/*
	 * If we are running as root and want to connect to a privileged
	 * port, bind our own socket to a privileged port.
	 */
	if (privileged) {
		int p = IPPORT_RESERVED - 1;
		PRIV_START;
		sock = rresvport_af(&p, ai->ai_family);
		PRIV_END;
		if (sock < 0)
			error("rresvport: af=%d %.100s", ai->ai_family,
			    strerror(errno));
		else
			debug("Allocated local port %d.", p);
		return sock;
	}
	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
	if (sock < 0) {
		error("socket: %.100s", strerror(errno));

	fcntl(sock, F_SETFD, FD_CLOEXEC);

	/* Bind the socket to an alternative local IP address */
	if (options.bind_address == NULL && !privileged)
		return sock;

	memset(&hints, 0, sizeof(hints));

		close(sock);
		return -1;
	}
	/*
	 * If we are running as root and want to connect to a privileged
	 * port, bind our own socket to a privileged port.
	 */
	if (privileged) {
		PRIV_START;
		r = bindresvport_sa(sock, res->ai_addr);
		PRIV_END;
		if (r < 0) {
			error("bindresvport_sa: af=%d %.100s", ai->ai_family,
			    strerror(errno));
			goto fail;
		}
	} else {
		if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
			error("bind: %s: %s", options.bind_address,
			    strerror(errno));
 fail:
			close(sock);
			freeaddrinfo(res);
			return -1;
		}
	}
	freeaddrinfo(res);
	return sock;

Return to bug 1211

Lines 272-296 ssh_kill_proxy_command(void) Link Here

(-)sshconnect.c (-23 / +24 lines)
272	static int	272	static int
273	ssh_create_socket(int privileged, struct addrinfo *ai)	273	ssh_create_socket(int privileged, struct addrinfo *ai)
274	{	274	{
275	int sock, gaierr;	275	int sock, r, gaierr;
276	struct addrinfo hints, *res;	276	struct addrinfo hints, *res;
277		277
278	/*
279	* If we are running as root and want to connect to a privileged
280	* port, bind our own socket to a privileged port.
281	*/
282	if (privileged) {
283	int p = IPPORT_RESERVED - 1;
284	PRIV_START;
285	sock = rresvport_af(&p, ai->ai_family);
286	PRIV_END;
287	if (sock < 0)
288	error("rresvport: af=%d %.100s", ai->ai_family,
289	strerror(errno));
290	else
291	debug("Allocated local port %d.", p);
292	return sock;
293	}
294	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);	278	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
295	if (sock < 0) {	279	if (sock < 0) {
296	error("socket: %.100s", strerror(errno));	280	error("socket: %.100s", strerror(errno));
Lines 299-305 ssh_create_socket(int privileged, struct Link Here
299	fcntl(sock, F_SETFD, FD_CLOEXEC);	283	fcntl(sock, F_SETFD, FD_CLOEXEC);
300		284
301	/* Bind the socket to an alternative local IP address */	285	/* Bind the socket to an alternative local IP address */
302	if (options.bind_address == NULL)	286	if (options.bind_address == NULL && !privileged)
303	return sock;	287	return sock;
304		288
305	memset(&hints, 0, sizeof(hints));	289	memset(&hints, 0, sizeof(hints));
Lines 314-324 ssh_create_socket(int privileged, struct Link Here
314	close(sock);	298	close(sock);
315	return -1;	299	return -1;
316	}	300	}
317	if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {	301	/*
318	error("bind: %s: %s", options.bind_address, strerror(errno));	302	* If we are running as root and want to connect to a privileged
319	close(sock);	303	* port, bind our own socket to a privileged port.
320	freeaddrinfo(res);	304	*/
321	return -1;	305	if (privileged) {
		306	PRIV_START;
		307	r = bindresvport_sa(sock, res->ai_addr);
		308	PRIV_END;
		309	if (r < 0) {
		310	error("bindresvport_sa: af=%d %.100s", ai->ai_family,
		311	strerror(errno));
		312	goto fail;
		313	}
		314	} else {
		315	if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
		316	error("bind: %s: %s", options.bind_address,
		317	strerror(errno));
		318	fail:
		319	close(sock);
		320	freeaddrinfo(res);
		321	return -1;
		322	}
322	}	323	}
323	freeaddrinfo(res);	324	freeaddrinfo(res);
324	return sock;	325	return sock;