[Bug 1380] New: incorrect check for strlen(fwd->connect_host) in parse_forward()
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Oct 23 04:25:39 EST 2007
https://bugzilla.mindrot.org/show_bug.cgi?id=1380
Summary: incorrect check for strlen(fwd->connect_host) in
parse_forward()
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: ssh
AssignedTo: bitbucket at mindrot.org
ReportedBy: Jan.Pechanec at Sun.COM
there are 2 issues for hostname len check in parse_forward()
(a) the len is checked against NI_MAXHOST while it should be checked
against (SSH_CHANNEL_PATH_LEN - 1).
(b) the check should be also performed against listen_host when in
remote fwd mode; otherwise hostname of any length is sent over
The check against connect_host is already in
channel_setup_fwd_listener(). I think that correct way is to remove the
check from parse_forward() completely and put a new check against
listen_host to channel_request_remote_forwarding().
patch attached.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list