tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2009/02/12 03:16:01 

[serverloop.c]
     tighten check for -R0:... forwarding: only allow dynamic allocation
     if want_reply is set in the packet
This commit is contained in:
Damien Miller 2009-02-14 16:33:09 +11:00
parent 4bf648f776
commit 330d58587f
2 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -10,6 +10,10 @@
support remote port forwarding with a zero listen port (-R0:...) to
dyamically allocate a listen port at runtime (this is actually
specified in rfc4254); bz#1003 ok markus@
- djm@cvs.openbsd.org 2009/02/12 03:16:01
[serverloop.c]
tighten check for -R0:... forwarding: only allow dynamic allocation
if want_reply is set in the packet
20090212
- (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically
@ -5136,5 +5140,5 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
$Id: ChangeLog,v 1.5187 2009/02/14 05:28:21 djm Exp $
$Id: ChangeLog,v 1.5188 2009/02/14 05:33:09 djm Exp $

11
serverloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: serverloop.c,v 1.156 2009/02/12 03:00:56 djm Exp $ */
/* $OpenBSD: serverloop.c,v 1.157 2009/02/12 03:16:01 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1117,10 +1117,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
/* check permissions */
if (!options.allow_tcp_forwarding ||
no_port_forwarding_flag
no_port_forwarding_flag ||
(!want_reply && listen_port == 0)
#ifndef NO_IPPORT_RESERVED_CONCEPT
|| (listen_port != 0 &&
listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
|| (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
#endif
) {
success = 0;
@ -1128,7 +1128,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
} else {
/* Start listening on the port */
success = channel_setup_remote_fwd_listener(
listen_address, listen_port, options.gateway_ports);
listen_address, listen_port,
&allocated_listen_port, options.gateway_ports);
}
xfree(listen_address);
} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {