- stevesk@cvs.openbsd.org 2001/08/30 16:04:35

[readconf.c ssh.1] validate ports for LocalForward/RemoteForward. add host/port alternative syntax for IPv6 (like -L/-R). ok markus@
2001-09-12 18:01:59 +00:00 · 2001-09-12 18:01:59 +00:00 · 62c25a43db
parent 6e69d532dc
commit 62c25a43db
3 changed files with 39 additions and 37 deletions
--- a/7
+++ b/7
@ -61,6 +61,11 @@
   - naddy@cvs.openbsd.org 2001/08/30 15:42:36
     [ssh.1]
     add -D to synopsis line; ok markus@
+   - stevesk@cvs.openbsd.org 2001/08/30 16:04:35
+     [readconf.c ssh.1]
+     validate ports for LocalForward/RemoteForward.
+     add host/port alternative syntax for IPv6 (like -L/-R).
+     ok markus@

 20010815
 - (bal) Fixed stray code in readconf.c that went in by mistake.
@ -6384,4 +6389,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1

-$Id: ChangeLog,v 1.1503 2001/09/12 17:59:59 mouring Exp $
+$Id: ChangeLog,v 1.1504 2001/09/12 18:01:59 mouring Exp $
--- a/readconf.c
+++ b/readconf.c
@ -12,7 +12,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.87 2001/08/28 09:51:26 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.88 2001/08/30 16:04:35 stevesk Exp $");

 #include "ssh.h"
 #include "xmalloc.h"
@ -260,6 +260,7 @@ process_config_line(Options *options, const char *host,
 	char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg;
 	int opcode, *intptr, value;
 	u_short fwd_port, fwd_host_port;
+	char sfwd_host_port[6];

 	s = line;
 	/* Get the keyword. (Each line is supposed to begin with a keyword). */
@ -577,42 +578,34 @@ parse_int:
 			*intptr = (LogLevel) value;
 		break;

+	case oLocalForward:
 	case oRemoteForward:
 		arg = strdelim(&s);
 		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.", filename, linenum);
-		fwd_port = a2port(arg);
-		if (fwd_port == 0)
-			fatal("%.200s line %d: Badly formatted port number.",
-			      filename, linenum);
+			fatal("%.200s line %d: Missing port argument.",
+			    filename, linenum);
+		if ((fwd_port = a2port(arg)) == 0)
+			fatal("%.200s line %d: Bad listen port.",
+			    filename, linenum);
 		arg = strdelim(&s);
 		if (!arg || *arg == '\0')
 			fatal("%.200s line %d: Missing second argument.",
-			      filename, linenum);
-		if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2)
-			fatal("%.200s line %d: Badly formatted host:port.",
-			      filename, linenum);
-		if (*activep)
-			add_remote_forward(options, fwd_port, buf, fwd_host_port);
-		break;
-
-	case oLocalForward:
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.", filename, linenum);
-		fwd_port = a2port(arg);
-		if (fwd_port == 0)
-			fatal("%.200s line %d: Badly formatted port number.",
-			      filename, linenum);
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing second argument.",
-			      filename, linenum);
-		if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2)
-			fatal("%.200s line %d: Badly formatted host:port.",
-			      filename, linenum);
-		if (*activep)
-			add_local_forward(options, fwd_port, buf, fwd_host_port);
+			    filename, linenum);
+		if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
+		    sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
+			fatal("%.200s line %d: Bad forwarding specification.",
+			    filename, linenum);
+		if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
+			fatal("%.200s line %d: Bad forwarding port.",
+			    filename, linenum);
+		if (*activep) {
+			if (opcode == oLocalForward)
+				add_local_forward(options, fwd_port, buf,
+				    fwd_host_port);
+			else if (opcode == oRemoteForward)
+				add_remote_forward(options, fwd_port, buf,
+				    fwd_host_port);
+		}
 		break;

 	case oDynamicForward:
--- a/ssh.1
+++ b/ssh.1
@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.135 2001/08/30 15:42:36 naddy Exp $
+.\" $OpenBSD: ssh.1,v 1.136 2001/08/30 16:04:35 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@ -943,9 +943,11 @@ or
 .Dq no .
 .It Cm LocalForward
 Specifies that a TCP/IP port on the local machine be forwarded over
-the secure channel to given host:port from the remote machine.
+the secure channel to the specified host and port from the remote machine.
 The first argument must be a port number, and the second must be
-host:port.
+.Ar host:port .
+IPv6 addresses can be specified with an alternative syntax:
+.Ar host/port .
 Multiple forwardings may be specified, and additional
 forwardings can be given on the command line.
 Only the superuser can forward privileged ports.
@ -1037,9 +1039,11 @@ The default is
 This option applies to protocol version 2 only.
 .It Cm RemoteForward
 Specifies that a TCP/IP port on the remote machine be forwarded over
-the secure channel to given host:port from the local machine.
+the secure channel to the specified host and port from the local machine.
 The first argument must be a port number, and the second must be
-host:port.
+.Ar host:port .
+IPv6 addresses can be specified with an alternative syntax:
+.Ar host/port .
 Multiple forwardings may be specified, and additional
 forwardings can be given on the command line.
 Only the superuser can forward privileged ports.