[PATCH] Make "-L" local ports bind to "127.0.0.1" in openssh-2.9p1

[Albert John FitzPatrick III]

diff -u -r -N openssh-2.9p1/channels.c openssh-2.9p1-ajf.1/channels.c
--- openssh-2.9p1/channels.c	Tue Apr 17 14:14:35 2001
+++ openssh-2.9p1-ajf.1/channels.c	Wed Jun  6 23:25:36 2001
@@ -1815,13 +1815,25 @@
 	/*
 	 * getaddrinfo returns a loopback address if the hostname is
 	 * set to NULL and hints.ai_flags is not AI_PASSIVE
+	 *
+	 * Oh yeah?  Setting hostname to NULL and hints.ai_flags to
+	 * AI_PASSIVE on Red Hat Linux release 6.0 (Hedwig) with
+	 * Linux kernel 2.2.14 does no such thing.  On that system
+	 * "::" and "0.0.0.0" (and maybe one other value which slips
+	 * my memory) are returned.  Setting hostname to "127.0.0.1"
+	 * does the trick, at least for IPv4 uses; I don't know what
+	 * it does for IPv6.  Without this hack, local ("-L") tunnel
+	 * end-points (which are supposed to be private unless "-g"
+	 * or "-o 'GatewayPorts yes'" is specified when "ssh" is
+	 * started) are [ab]usable by any host which has a route
+	 * to/from the this host.
 	 */
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = IPv4or6;
 	hints.ai_flags = gateway_ports ? AI_PASSIVE : 0;
 	hints.ai_socktype = SOCK_STREAM;
 	snprintf(strport, sizeof strport, "%d", listen_port);
-	if (getaddrinfo(NULL, strport, &hints, &aitop) != 0)
+	if (getaddrinfo(gateway_ports ? NULL : "127.0.0.1", strport, &hints, &aitop) != 0)
 		packet_disconnect("getaddrinfo: fatal error");
 
 	for (ai = aitop; ai; ai = ai->ai_next) {