Bug 1734 - IPv6 address in port forward options (-L) requires square brackets
Summary: IPv6 address in port forward options (-L) requires square brackets
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 5.4p1
Hardware: All All
: P2 minor
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_5_6
  Show dependency treegraph
 
Reported: 2010-03-11 20:44 AEDT by jsburwell
Modified: 2010-08-27 10:27 AEST (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description jsburwell 2010-03-11 20:44:54 AEDT
This could be a documentation bug.  The manual page states:

IPv6 addresses can be specified with an alternative syntax:
    [bind_address/]port/host/hostport or by enclosing the address in square brackets.

Keyword here is "or."  I've found that the syntax REQUIRES square brackets around an IPv6 address regardless of which syntax is used.  That is, if the old "colon" separator is used, or the "slash" separator is used.  The man page implies that if you use the alternative (slash) syntax, the square brackets may be omitted.

This is tested on several OS and versions of OpenSSH:

Ubuntu Server 9.10
ssh -v -6 -L 5902/::1/5902 host.example.com
OpenSSH_5.1p1 Debian-6ubuntu2, OpenSSL 0.9.8g 19 Oct 2007
Bad local forwarding specification '5902/::1/5902'

Gentoo Linux
ssh -v -6 -L 5902/::1/5902 host.example.com
OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
Bad local forwarding specification '5902/::1/5902'

Cygwin 1.7.1
ssh -v -6 -L 5902/::1/5902 host.example.com
OpenSSH_5.4p1, OpenSSL 0.9.8m 25 Feb 2010
Bad local forwarding specification '5902/::1/5902'


Using square brackets works with either syntax (brackets escaped for shell of course):

ssh -6 -L 5902/\[::1\]/5902 host.example.com
jim@host.example.com's password: 

ssh -6 -L 5902:\[::1\]:5902 host.example.com
jim@host.example.com's password:
Comment 1 Damien Miller 2010-04-09 11:42:11 AEST
The cause of this seems to be misc.c:hpdelim():

   373          if (*s == '[') {
   374                  if ((s = strchr(s, ']')) == NULL)
   375                          return NULL;
   376                  else
   377                          s++;
   378          } else if ((s = strpbrk(s, ":/")) == NULL)

Consider a forwarding string of 2222/::1/22. hpdelim() will correctly extract the first argument, but when called again will break inside the IPv6 address. This must have been broken for some time, since I don't think this code has been touched in a while. 

Perhaps it would be better to just remove the promise of '/' separating the strings and just require square brackets?
Comment 2 jsburwell 2010-04-09 11:50:52 AEST
(In reply to comment #1)
> The cause of this seems to be misc.c:hpdelim():
> 
>    373          if (*s == '[') {
>    374                  if ((s = strchr(s, ']')) == NULL)
>    375                          return NULL;
>    376                  else
>    377                          s++;
>    378          } else if ((s = strpbrk(s, ":/")) == NULL)
> 
> Consider a forwarding string of 2222/::1/22. hpdelim() will correctly
> extract the first argument, but when called again will break inside the
> IPv6 address. This must have been broken for some time, since I don't
> think this code has been touched in a while. 
> 
> Perhaps it would be better to just remove the promise of '/' separating
> the strings and just require square brackets?

Perhaps.  But it's a bit annoying to have to type the escaped square brackets.  Maybe use something shells don't treat as special instead?  But then doing something like that would be just as much effort as fixing the bug.  :-)
Comment 3 Damien Miller 2010-06-18 10:15:20 AEST
You shouldn't need to escape the square brackets for shells unless you happen to have files in the local directory that match the pattern generated, since they should pass patterns that fail to match through verbatim.
Comment 4 Damien Miller 2010-08-05 13:07:48 AEST
I have removed mention of the alternate syntax from our manpages. It is non-standard, rarely used and was implemented at a time before [addr]:port was supported in OpenSSH or as popular.
Comment 5 Darren Tucker 2010-08-27 10:27:56 AEST
With the release of OpenSSH 5.6p1 this bug is now considered closed.  If you have further problems please reopen or file a new bug as appropriate.