1012 – Trouble creating remote port forwarding to ssh.com 2.4.0 server.

Bug 1012 - Trouble creating remote port forwarding to ssh.com 2.4.0 server.

Summary: Trouble creating remote port forwarding to ssh.com 2.4.0 server.

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh (show other bugs)
Version:	4.0p1
Hardware:	All All

Importance:	P2 normal
Assignee:	Damien Miller

URL:
Keywords:	patch

Depends on:
Blocks:	V_4_5
	Show dependency tree / graph

Reported:	2005-04-08 02:48 AEST by David Rothenberger
Modified:	2008-04-04 09:55 AEDT (History)
CC List:	0 users

See Also:

Attachments
Default to 0.0.0.0 as bind address for ssh.com 2.4.0 servers. (1.72 KB, patch) 2005-04-08 02:50 AEST, David Rothenberger	no flags	Details \| Diff
Updated and tweaked patch (1.96 KB, patch) 2005-10-12 22:29 AEST, Damien Miller	dtucker: ok+	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description David Rothenberger 2005-04-08 02:48:41 AEST

I'm having a problem with OpenSSH_4.0p1 when trying to do remote port
forwards to a server running SSH Secure Shell 2.4.0. The problem appears
to be that 2.4.0 chokes on bind addresses that aren't numeric addresses,
such as "localhost" and "".

The following commands are failing for me from the 4.0p1 client to the
2.4.0 server:

  ssh -R 50000:localhost:50000 server
  ssh -R localhost:50000:localhost:50000 server
  ssh -R :50000:localhost:50000 server
  ssh -R \*:50000:localhost:50000 server

although these commands work just fine:

  ssh -R 127.0.0.1:50000:localhost:50000 server
  ssh -R 0.0.0.0:50000:localhost:50000 server
  ssh -R 192.168.1.1:50000:localhost:50000 server

Comment 1 David Rothenberger 2005-04-08 02:50:57 AEST

Created attachment 870 [details]
Default to 0.0.0.0 as bind address for ssh.com 2.4.0 servers.

The attached patch solves the problem for me. It sends "0.0.0.0" as the
address_to_bind for these cases

  ssh -R 50000:localhost:50000 server
  ssh -R :50000:localhost:50000 server
  ssh -R \*:50000:localhost:50000 server

but still passes through the specified address for cases like

  ssh -R 192.168.1.1:50000:localhost:50000 server

Comment 2 Damien Miller 2005-04-18 15:49:42 AEST

Comment on attachment 870 [details]
Default to 0.0.0.0 as bind address for ssh.com 2.4.0 servers.

>diff -Naur openssh-4.0p1-1/channels.c openssh-4.0p1-2/channels.c
>--- openssh-4.0p1-1/channels.c	2005-03-01 02:24:33.000000000 -0800
>+++ openssh-4.0p1-2/channels.c	2005-04-04 17:27:44.230250000 -0700
>@@ -2370,9 +2370,15 @@
> 	if (compat20) {
> 		const char *address_to_bind;
> 		if (listen_host == NULL)
>-			address_to_bind = "localhost";
>+			if (datafellows & SSH_BUG_NUMERICRFWDADDR)
>+				address_to_bind = "0.0.0.0";

I think that should be "127.0.0.1", not "0.0.0.0". Or did you have a 
specific reason for changing this?

Comment 3 David Rothenberger 2005-04-19 02:29:11 AEST

(In reply to comment #2)
> (From update of attachment 870 [details] [edit])
> >diff -Naur openssh-4.0p1-1/channels.c openssh-4.0p1-2/channels.c
> >--- openssh-4.0p1-1/channels.c	2005-03-01 02:24:33.000000000 -0800
> >+++ openssh-4.0p1-2/channels.c	2005-04-04 17:27:44.230250000 -0700
> >@@ -2370,9 +2370,15 @@
> > 	if (compat20) {
> > 		const char *address_to_bind;
> > 		if (listen_host == NULL)
> >-			address_to_bind = "localhost";
> >+			if (datafellows & SSH_BUG_NUMERICRFWDADDR)
> >+				address_to_bind = "0.0.0.0";
> 
> I think that should be "127.0.0.1", not "0.0.0.0". Or did you have a 
> specific reason for changing this?

I did have 127.0.0.1 at first, but I changed it for two reasons. One was that I
think 0.0.0.0 was the old pre-4.0 behavior. The second was that I think
127.0.0.1 will only work for IPv4. I'm no expert here, and I'm not even sure
ssh.com 2.4 works with IPv6.

I have no problem with changing this to 127.0.0.1 if the above reasons make no
sense.

Comment 4 Damien Miller 2005-10-12 22:29:24 AEST

Created attachment 989 [details]
Updated and tweaked patch

This makes the client default to requesting locahost (127.0.0.1) forwarding to servers with the bug, unless they explicitly request a wildcard forward.

Comment 5 Darren Tucker 2005-10-13 00:09:13 AEST

Comment on attachment 989 [details]
Updated and tweaked patch

Looks OK to me (I don't have a server to test against, though).

Comment 6 Darren Tucker 2005-10-13 00:12:14 AEST

Comment on attachment 989 [details]
Updated and tweaked patch

> 		{ "2.3.*",		SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
> 					SSH_BUG_FIRSTKEX },
> 		{ "2.4",		SSH_OLD_SESSIONID },	/* Van Dyke */
>-		{ "2.*",		SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX },
>+		{ "2.*",		SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX|
>+					SSH_BUG_RFWD_ADDR },

Since the compat checks are first-match, shouldn't the other 2.x entries have the SSH_BUG_RFWD_ADDR flag too?

Comment 7 David Rothenberger 2006-08-31 02:02:36 AEST

I'm still interested in seeing this fixed. I see that it was bumped from the 4.3 release to the 4.4. release and now to the 4.5 release.

Is there anything I can do to get this patch committed? Any testing?

(In reply to comment #6)
> Since the compat checks are first-match, shouldn't the other 2.x
> entries have the SSH_BUG_RFWD_ADDR flag too?

I only have 2.4.0 servers to test against. The current match is fine with those servers (I guess because 2.4.0 doesn't match 2.4). Should I try with the SSH_BUG_RFWD_ADDR flag in the other 2.x entries?

Comment 8 Damien Miller 2006-08-31 13:59:38 AEST

sorry that this slipped, I'll try to commit it as soon as the OpenBSD tree unlocks.

Comment 9 David Rothenberger 2006-12-02 03:17:57 AEDT

Has the OpenBSD tree unlocked yet? Any change this can go into the new OpenSSH release?

Comment 10 Damien Miller 2006-12-12 14:59:39 AEDT

patch applied, will be in 4.6/4.6p1

Comment 11 Damien Miller 2008-04-04 09:55:04 AEDT

Close resolved bugs after release.