[Bug 2529] New: direct-streamlocal channel open doesn't match PROTOCOL documentation

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jan 22 16:49:54 AEDT 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2529

            Bug ID: 2529
           Summary: direct-streamlocal channel open doesn't match PROTOCOL
                    documentation
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: ronf at timeheart.net

I attempted to implement support for direct-streamlocal at openssh.com
channels in my own SSH implementation and found that the documentation
in the OpenSSH PROTOCOL file doesn't match the implementation in
OpenSSH. The PROTOCOL file describes the channel open message as:

        byte            SSH_MSG_CHANNEL_OPEN
        string          "direct-streamlocal at openssh.com"
        uint32          sender channel
        uint32          initial window size
        uint32          maximum packet size
        string          socket path

However, the implementation tacks some additional data to the end:

                packet_start(SSH2_MSG_CHANNEL_OPEN);
                packet_put_cstring(rtype);
                packet_put_int(c->self);
                packet_put_int(c->local_window_max);
                packet_put_int(c->local_maxpacket);
                if (strcmp(rtype, "direct-tcpip") == 0) {
                        /* target host, port */
                        packet_put_cstring(c->path);
                        packet_put_int(c->host_port);
                } else if (strcmp(rtype,
"direct-streamlocal at openssh.com") == 0) {
                        /* target path */
                        packet_put_cstring(c->path);
                } else if (strcmp(rtype,
"forwarded-streamlocal at openssh.com") == 0) {
                        /* listen path */
                        packet_put_cstring(c->path);
                } else {
                        /* listen address, port */
                        packet_put_cstring(c->path);
                        packet_put_int(local_port);
                }
                if (strcmp(rtype, "forwarded-streamlocal at openssh.com")
== 0) {
                        /* reserved for future owner/mode info */
                        packet_put_cstring("");
                } else {
-->                     /* originator host and port */
-->                     packet_put_cstring(remote_ipaddr);
-->                     packet_put_int((u_int)remote_port);
                }
                packet_send();

It correctly special-cases forwarded-streamlocal, but for all other
cases (including direct-streamlocal) it appends the remote IP add and
port, even though these values are not applicable in the
direct-streamlocal case.

This may be difficult to fix in a backward-compatible manner, since the
code in serverloop.c actually seems to be expecting to get a host &
port:

        target = packet_get_string(NULL);
        originator = packet_get_string(NULL);
        originator_port = packet_get_int();
        packet_check_eom();

So, perhaps the right thing here is to update the documentation in
PROTOCOL to match the current implementation. It seems odd to send this
information when it looks like it will always be an empty string and a
port of zero, though, especially given that "port" information makes no
sense for this type of connection.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list