[Bug 2335] New: Config parser accepts ip/port in ListenAddress and PermitOpen
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Jan 9 22:10:03 AEDT 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2335
Bug ID: 2335
Summary: Config parser accepts ip/port in ListenAddress and
PermitOpen
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: jjelen at redhat.com
Created attachment 2525
--> https://bugzilla.mindrot.org/attachment.cgi?id=2525&action=edit
Make config parser more strict to ip:port values
According to manual pages above mentioned options in sshd_config accept
only values in format ip:port, but parser used in code also accept
ip/port which can lead to unexpected results when someone doesn't
understand what he is doing. Great example is our bugzilla [1].
Shortly problem was using ListenAddress 192.168.1.0/24 which ended in
converting number 24 into port and in SELinux denial.
This behaviour can be prevented by appended patch, which is accepting
only valid values according to manual pages. This is done in function
hpdelim, which is used only for parsing above mentioned ListenAddress
and PermitOpen (same syntax according to man pages).
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1130733
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list