[PATCH] Make "-L" local ports bind to "127.0.0.1" in openssh-2.9p1
Markus Friedl
Markus.Friedl at informatik.uni-erlangen.de
Thu Jun 7 19:20:21 EST 2001
can anyone confirm this broken linux behaviour?
On Sat, Jun 09, 2001 at 07:48:06PM -0400, Albert John FitzPatrick III wrote:
> diff -u -r -N openssh-2.9p1/channels.c openssh-2.9p1-ajf.1/channels.c
> --- openssh-2.9p1/channels.c Tue Apr 17 14:14:35 2001
> +++ openssh-2.9p1-ajf.1/channels.c Wed Jun 6 23:25:36 2001
> @@ -1815,13 +1815,25 @@
> /*
> * getaddrinfo returns a loopback address if the hostname is
> * set to NULL and hints.ai_flags is not AI_PASSIVE
> + *
> + * Oh yeah? Setting hostname to NULL and hints.ai_flags to
> + * AI_PASSIVE on Red Hat Linux release 6.0 (Hedwig) with
> + * Linux kernel 2.2.14 does no such thing. On that system
> + * "::" and "0.0.0.0" (and maybe one other value which slips
> + * my memory) are returned. Setting hostname to "127.0.0.1"
> + * does the trick, at least for IPv4 uses; I don't know what
> + * it does for IPv6. Without this hack, local ("-L") tunnel
> + * end-points (which are supposed to be private unless "-g"
> + * or "-o 'GatewayPorts yes'" is specified when "ssh" is
> + * started) are [ab]usable by any host which has a route
> + * to/from the this host.
> */
> memset(&hints, 0, sizeof(hints));
> hints.ai_family = IPv4or6;
> hints.ai_flags = gateway_ports ? AI_PASSIVE : 0;
> hints.ai_socktype = SOCK_STREAM;
> snprintf(strport, sizeof strport, "%d", listen_port);
> - if (getaddrinfo(NULL, strport, &hints, &aitop) != 0)
> + if (getaddrinfo(gateway_ports ? NULL : "127.0.0.1", strport, &hints, &aitop) != 0)
> packet_disconnect("getaddrinfo: fatal error");
>
> for (ai = aitop; ai; ai = ai->ai_next) {
>
>
More information about the openssh-unix-dev
mailing list