- djm@cvs.openbsd.org 2010/06/25 07:14:46

[channels.c mux.c readconf.c readconf.h ssh.h]
     bz#1327: remove hardcoded limit of 100 permitopen clauses and port
     forwards per direction; ok markus@ stevesk@

ChangeLog

@@ -53,6 +53,10 @@
    - djm@cvs.openbsd.org 2010/06/23 02:59:02
      [ssh-keygen.c]
      fix printing of extensions in v01 certificates that I broke in r1.190
+   - djm@cvs.openbsd.org 2010/06/25 07:14:46
+     [channels.c mux.c readconf.c readconf.h ssh.h]
+     bz#1327: remove hardcoded limit of 100 permitopen clauses and port
+     forwards per direction; ok markus@ stevesk@
 
 20100622
  - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512

channels.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.304 2010/05/14 23:29:23 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.305 2010/06/25 07:14:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -114,10 +114,10 @@ typedef struct {
 } ForwardPermission;
 
 /* List of all permitted host/port pairs to connect by the user. */
-static ForwardPermission permitted_opens[SSH_MAX_FORWARDS_PER_DIRECTION];
+static ForwardPermission *permitted_opens = NULL;
 
 /* List of all permitted host/port pairs to connect by the admin. */
-static ForwardPermission permitted_adm_opens[SSH_MAX_FORWARDS_PER_DIRECTION];
+static ForwardPermission *permitted_adm_opens = NULL;
 
 /* Number of permitted host/port pairs in the array permitted by the user. */
 static int num_permitted_opens = 0;
@@ -2838,10 +2838,6 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
 {
 	int type, success = 0;
 
-	/* Record locally that connection to this host/port is permitted. */
-	if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
-		fatal("channel_request_remote_forwarding: too many forwards");
-
 	/* Send the forward request to the remote side. */
 	if (compat20) {
 		const char *address_to_bind;
@@ -2891,6 +2887,9 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
 		}
 	}
 	if (success) {
+		/* Record that connection to this host/port is permitted. */
+		permitted_opens = xrealloc(permitted_opens,
+		    num_permitted_opens + 1, sizeof(*permitted_opens));
 		permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect);
 		permitted_opens[num_permitted_opens].port_to_connect = port_to_connect;
 		permitted_opens[num_permitted_opens].listen_port = listen_port;
@@ -2988,10 +2987,10 @@ channel_permit_all_opens(void)
 void
 channel_add_permitted_opens(char *host, int port)
 {
-	if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
-		fatal("channel_add_permitted_opens: too many forwards");
 	debug("allow port forwarding to host %s port %d", host, port);
 
+	permitted_opens = xrealloc(permitted_opens,
+	    num_permitted_opens + 1, sizeof(*permitted_opens));
 	permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host);
 	permitted_opens[num_permitted_opens].port_to_connect = port;
 	num_permitted_opens++;
@@ -3002,10 +3001,10 @@ channel_add_permitted_opens(char *host, int port)
 int
 channel_add_adm_permitted_opens(char *host, int port)
 {
-	if (num_adm_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
-		fatal("channel_add_adm_permitted_opens: too many forwards");
 	debug("config allows port forwarding to host %s port %d", host, port);
 
+	permitted_adm_opens = xrealloc(permitted_adm_opens,
+	    num_adm_permitted_opens + 1, sizeof(*permitted_adm_opens));
 	permitted_adm_opens[num_adm_permitted_opens].host_to_connect
 	     = xstrdup(host);
 	permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port;
@@ -3020,6 +3019,10 @@ channel_clear_permitted_opens(void)
 	for (i = 0; i < num_permitted_opens; i++)
 		if (permitted_opens[i].host_to_connect != NULL)
 			xfree(permitted_opens[i].host_to_connect);
+	if (num_permitted_opens > 0) {
+		xfree(permitted_opens);
+		permitted_opens = NULL;
+	}
 	num_permitted_opens = 0;
 }
 
@@ -3031,6 +3034,10 @@ channel_clear_adm_permitted_opens(void)
 	for (i = 0; i < num_adm_permitted_opens; i++)
 		if (permitted_adm_opens[i].host_to_connect != NULL)
 			xfree(permitted_adm_opens[i].host_to_connect);
+	if (num_adm_permitted_opens > 0) {
+		xfree(permitted_adm_opens);
+		permitted_adm_opens = NULL;
+	}
 	num_adm_permitted_opens = 0;
 }
 

mux.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.19 2010/06/17 07:07:30 djm Exp $ */
+/* $OpenBSD: mux.c,v 1.20 2010/06/25 07:14:46 djm Exp $ */
 /*
  * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
  *
@@ -727,9 +727,7 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
 	}
 
 	if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) {
-		if (options.num_local_forwards + 1 >=
-		    SSH_MAX_FORWARDS_PER_DIRECTION ||
-		    channel_setup_local_fwd_listener(fwd.listen_host,
+		if (channel_setup_local_fwd_listener(fwd.listen_host,
 		    fwd.listen_port, fwd.connect_host, fwd.connect_port,
 		    options.gateway_ports) < 0) {
  fail:
@@ -744,16 +742,14 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
 	} else {
 		struct mux_channel_confirm_ctx *fctx;
 
-		if (options.num_remote_forwards + 1 >=
-		    SSH_MAX_FORWARDS_PER_DIRECTION ||
-		    channel_request_remote_forwarding(fwd.listen_host,
+		if (channel_request_remote_forwarding(fwd.listen_host,
 		    fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0)
 			goto fail;
 		add_remote_forward(&options, &fwd);
 		fctx = xcalloc(1, sizeof(*fctx));
 		fctx->cid = c->self;
 		fctx->rid = rid;
-		fctx->fid = options.num_remote_forwards-1;
+		fctx->fid = options.num_remote_forwards - 1;
 		client_register_global_confirm(mux_confirm_remote_forward,
 		    fctx);
 		freefwd = 0;

readconf.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.184 2010/05/16 12:55:51 markus Exp $ */
+/* $OpenBSD: readconf.c,v 1.185 2010/06/25 07:14:46 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -255,8 +255,9 @@ add_local_forward(Options *options, const Forward *newfwd)
 	if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)
 		fatal("Privileged ports can only be forwarded by root.");
 #endif
-	if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
-		fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
+	options->local_forwards = xrealloc(options->local_forwards,
+	    options->num_local_forwards + 1,
+	    sizeof(*options->local_forwards));
 	fwd = &options->local_forwards[options->num_local_forwards++];
 
 	fwd->listen_host = newfwd->listen_host;
@@ -274,9 +275,10 @@ void
 add_remote_forward(Options *options, const Forward *newfwd)
 {
 	Forward *fwd;
-	if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
-		fatal("Too many remote forwards (max %d).",
-		    SSH_MAX_FORWARDS_PER_DIRECTION);
+
+	options->remote_forwards = xrealloc(options->remote_forwards,
+	    options->num_remote_forwards + 1,
+	    sizeof(*options->remote_forwards));
 	fwd = &options->remote_forwards[options->num_remote_forwards++];
 
 	fwd->listen_host = newfwd->listen_host;
@@ -296,12 +298,20 @@ clear_forwardings(Options *options)
 			xfree(options->local_forwards[i].listen_host);
 		xfree(options->local_forwards[i].connect_host);
 	}
+	if (options->num_local_forwards > 0) {
+		xfree(options->local_forwards);
+		options->local_forwards = NULL;
+	}
 	options->num_local_forwards = 0;
 	for (i = 0; i < options->num_remote_forwards; i++) {
 		if (options->remote_forwards[i].listen_host != NULL)
 			xfree(options->remote_forwards[i].listen_host);
 		xfree(options->remote_forwards[i].connect_host);
 	}
+	if (options->num_remote_forwards > 0) {
+		xfree(options->remote_forwards);
+		options->remote_forwards = NULL;
+	}
 	options->num_remote_forwards = 0;
 	options->tun_open = SSH_TUNMODE_NO;
 }
@@ -1048,7 +1058,9 @@ initialize_options(Options * options)
 	options->user_hostfile = NULL;
 	options->system_hostfile2 = NULL;
 	options->user_hostfile2 = NULL;
+	options->local_forwards = NULL;
 	options->num_local_forwards = 0;
+	options->remote_forwards = NULL;
 	options->num_remote_forwards = 0;
 	options->clear_forwardings = -1;
 	options->log_level = SYSLOG_LEVEL_NOT_SET;

readconf.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.83 2010/05/16 12:55:51 markus Exp $ */
+/* $OpenBSD: readconf.h,v 1.84 2010/06/25 07:14:46 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -94,11 +94,11 @@ typedef struct {
 
 	/* Local TCP/IP forward requests. */
 	int     num_local_forwards;
-	Forward local_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
+	Forward *local_forwards;
 
 	/* Remote TCP/IP forward requests. */
 	int     num_remote_forwards;
-	Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
+	Forward *remote_forwards;
 	int	clear_forwardings;
 
 	int	enable_ssh_keysign;

ssh.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.h,v 1.78 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: ssh.h,v 1.79 2010/06/25 07:14:46 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,9 +18,6 @@
 /* Default port number. */
 #define SSH_DEFAULT_PORT	22
 
-/* Maximum number of TCP/IP ports forwarded per direction. */
-#define SSH_MAX_FORWARDS_PER_DIRECTION	100
-
 /*
  * Maximum number of RSA authentication identity files that can be specified
  * in configuration files or on the command line.