Using realloc to remove MAX_LISTEN_SOCKS limit on sshd.c

Ben Lindstrom mouring at
Tue Dec 23 17:30:11 EST 2008

On Dec 21, 2008, at 11:34 AM, Peter Teoh wrote:

> Dan Armstrong wrote:
>> OpenSSH developers,
>> I have removed the fixed, arbitrary limit on the number of
>> ListenAddress allowed by using realloc to dynamically expand
>> listen_socks as needed.  This completely removes MAX_LISTEN_SOCKS  
>> from
>> the source.  I made this change on the version of OpenSSH shipped  
>> with
>> CentOS 5.2, version 4.3p2.  Please see the attached .c file and .diff
>> file.  Please add these changes to OpenSSH to save people from having
>> to predetermine their workload before compilation.  It can also save
>> some people some grief - I've been unable to login to a server  
>> because
>> of this one.
> Sorry if I may ask the risks of this option - will it not lead to any
> potential scenario of Denial of Service, if some how the number of
> ListenAddress can be arbitrarily increase without limit, and thus
> leading to realloc() allocating large amount of memory?

I can't see how this would be a "DoS", since ListenAddress must be set  
by the server on launch.  One can flood a single port just as easy as  
they can flood multiple ports.

I'm still trying to figure out why one would want OpenSSH listening on  
more than 15 ports/address combination.  Is it really worth the added  

- Ben

More information about the openssh-unix-dev mailing list