[openssh-commits] [openssh] 01/04: upstream: prepare for support for connecting to unix domain sockets
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Jun 21 15:14:05 AEST 2023
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 8d33f2aa6bb895a7f85a47189913639086347b75
Author: djm at openbsd.org <djm at openbsd.org>
Date: Tue Jun 20 23:59:33 2023 +0000
upstream: prepare for support for connecting to unix domain sockets
using ssh -W by explicitly decoding PORT_STREAMLOCAL (a negative number) from
the u32 that's passed over the multiplexing socket; previously code would
just cast, which is UB.
OpenBSD-Commit-ID: e5ac5f40d354096c51e8c118a5c1b2d2b7a31384
---
mux.c | 29 ++++++++++++++++++++++-------
1 file changed, 22 insertions(+), 7 deletions(-)
diff --git a/mux.c b/mux.c
index b3ffde9f..416fef8e 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.96 2023/03/08 04:43:12 guenther Exp $ */
+/* $OpenBSD: mux.c,v 1.97 2023/06/20 23:59:33 djm Exp $ */
/*
* Copyright (c) 2002-2008 Damien Miller <djm at openbsd.org>
*
@@ -26,6 +26,7 @@
#include <errno.h>
#include <fcntl.h>
+#include <limits.h>
#include <signal.h>
#include <stdarg.h>
#include <stddef.h>
@@ -960,19 +961,28 @@ mux_master_process_stdio_fwd(struct ssh *ssh, u_int rid,
{
Channel *nc;
char *chost = NULL;
- u_int cport, i, j;
- int r, new_fd[2];
+ u_int _cport, i, j;
+ int ok = 0, cport, r, new_fd[2];
struct mux_stdio_confirm_ctx *cctx;
if ((r = sshbuf_skip_string(m)) != 0 || /* reserved */
(r = sshbuf_get_cstring(m, &chost, NULL)) != 0 ||
- (r = sshbuf_get_u32(m, &cport)) != 0) {
+ (r = sshbuf_get_u32(m, &_cport)) != 0) {
free(chost);
error_f("malformed message");
return -1;
}
+ if (_cport == (u_int)PORT_STREAMLOCAL)
+ cport = PORT_STREAMLOCAL;
+ else if (_cport <= INT_MAX)
+ cport = (int)_cport;
+ else {
+ free(chost);
+ error_f("invalid port 0x%x", _cport);
+ return -1;
+ }
- debug2_f("channel %d: stdio fwd to %s:%u", c->self, chost, cport);
+ debug2_f("channel %d: stdio fwd to %s:%d", c->self, chost, cport);
/* Gather fds from client */
for(i = 0; i < 2; i++) {
@@ -1005,8 +1015,13 @@ mux_master_process_stdio_fwd(struct ssh *ssh, u_int rid,
if (options.control_master == SSHCTL_MASTER_ASK ||
options.control_master == SSHCTL_MASTER_AUTO_ASK) {
- if (!ask_permission("Allow forward to %s:%u? ",
- chost, cport)) {
+ if (cport == PORT_STREAMLOCAL) {
+ ok = ask_permission("Allow forward to path %s", chost);
+ } else {
+ ok = ask_permission("Allow forward to [%s]:%d? ",
+ chost, cport);
+ }
+ if (!ok) {
debug2_f("stdio fwd refused by user");
reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
"Permission denied");
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list