Bugzilla – Attachment 2340 Details for
Bug 1211
option BindAddress is ignored by option UsePrivilegedPort
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
update to -current
use-priv-bindaddr.diff (text/plain), 2.14 KB, created by
Damien Miller
on 2013-09-19 11:07:10 AEST
(
hide
)
Description:
update to -current
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2013-09-19 11:07:10 AEST
Size:
2.14 KB
patch
obsolete
>Index: sshconnect.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshconnect.c,v >retrieving revision 1.239 >diff -u -p -r1.239 sshconnect.c >--- sshconnect.c 20 Aug 2013 00:11:38 -0000 1.239 >+++ sshconnect.c 19 Sep 2013 01:05:20 -0000 >@@ -272,25 +272,9 @@ ssh_kill_proxy_command(void) > static int > ssh_create_socket(int privileged, struct addrinfo *ai) > { >- int sock, gaierr; >+ int sock, r, gaierr; > struct addrinfo hints, *res; > >- /* >- * If we are running as root and want to connect to a privileged >- * port, bind our own socket to a privileged port. >- */ >- if (privileged) { >- int p = IPPORT_RESERVED - 1; >- PRIV_START; >- sock = rresvport_af(&p, ai->ai_family); >- PRIV_END; >- if (sock < 0) >- error("rresvport: af=%d %.100s", ai->ai_family, >- strerror(errno)); >- else >- debug("Allocated local port %d.", p); >- return sock; >- } > sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); > if (sock < 0) { > error("socket: %.100s", strerror(errno)); >@@ -299,7 +283,7 @@ ssh_create_socket(int privileged, struct > fcntl(sock, F_SETFD, FD_CLOEXEC); > > /* Bind the socket to an alternative local IP address */ >- if (options.bind_address == NULL) >+ if (options.bind_address == NULL && !privileged) > return sock; > > memset(&hints, 0, sizeof(hints)); >@@ -314,11 +298,28 @@ ssh_create_socket(int privileged, struct > close(sock); > return -1; > } >- if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) { >- error("bind: %s: %s", options.bind_address, strerror(errno)); >- close(sock); >- freeaddrinfo(res); >- return -1; >+ /* >+ * If we are running as root and want to connect to a privileged >+ * port, bind our own socket to a privileged port. >+ */ >+ if (privileged) { >+ PRIV_START; >+ r = bindresvport_sa(sock, res->ai_addr); >+ PRIV_END; >+ if (r < 0) { >+ error("bindresvport_sa: af=%d %.100s", ai->ai_family, >+ strerror(errno)); >+ goto fail; >+ } >+ } else { >+ if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) { >+ error("bind: %s: %s", options.bind_address, >+ strerror(errno)); >+ fail: >+ close(sock); >+ freeaddrinfo(res); >+ return -1; >+ } > } > freeaddrinfo(res); > return sock;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2340">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
dtucker
:
ok+
Actions:
View
|
Diff
Attachments on
bug 1211
:
1165
|
1166
| 2340