Announce: OpenSSH 6.5 released
Corinna Vinschen
vinschen at redhat.com
Thu Feb 6 20:41:17 EST 2014
Ping?
Is there anything wrong with my analysis or the patch?
Thanks,
Corinna
On Feb 3 11:44, Corinna Vinschen wrote:
> Hi guys,
>
> On Jan 29 23:34, Damien Miller wrote:
> > Changes since OpenSSH 6.4
> > =========================
> > [...]
> > Bugfixes:
> >
> > * ssh(1), sshd(8): Fix potential stack exhaustion caused by nested
> > certificates.
> >
> > * ssh(1): bz#1211: make BindAddress work with UsePrivilegedPort.
>
> there's a bug in this change.
>
> Try this as user root:
>
> $ ssh -V
> OpenSSH_6.5p1, [...]
> $ ssh -oUsePrivilegedPort=yes remote-machine
> getaddrinfo: (null): Name or service not known
> getaddrinfo: (null): Name or service not known
> ssh: connect to host remote-machine port 22: No such file or directory
>
> The bug is in sshconnect.c, function ssh_create_socket(). The only
> way to avoid a call to to getaddrinfo is if *either* options.bind_address
> is non-NULL, *or* UsePrivilegedPort is set to no:
>
> /* Bind the socket to an alternative local IP address */
> if (options.bind_address == NULL && !privileged)
> return sock;
>
> However, if UsePrivilegedPort is set to yes, options.bind_address will be
> checked in the subsequent getaddrinfo call, even if it's NULL, because the
> -b option hasn't been used.
>
> The result is, both input parameters to getaddrinfo() are NULL, so
> getaddrinfo() returns with EAI_NONAME, thus breaking the UsePrivilegedPort
> functionality, unless -b is given as well.
>
> Here's a patch:
>
> Index: sshconnect.c
> ===================================================================
> RCS file: /cvs/openssh/sshconnect.c,v
> retrieving revision 1.217
> diff -u -p -r1.217 sshconnect.c
> --- sshconnect.c 9 Jan 2014 23:59:24 -0000 1.217
> +++ sshconnect.c 3 Feb 2014 10:44:20 -0000
> @@ -269,7 +269,7 @@ static int
> ssh_create_socket(int privileged, struct addrinfo *ai)
> {
> int sock, r, gaierr;
> - struct addrinfo hints, *res;
> + struct addrinfo hints, *res = NULL;
>
> sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
> if (sock < 0) {
> @@ -282,17 +282,19 @@ ssh_create_socket(int privileged, struct
> if (options.bind_address == NULL && !privileged)
> return sock;
>
> - memset(&hints, 0, sizeof(hints));
> - hints.ai_family = ai->ai_family;
> - hints.ai_socktype = ai->ai_socktype;
> - hints.ai_protocol = ai->ai_protocol;
> - hints.ai_flags = AI_PASSIVE;
> - gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
> - if (gaierr) {
> - error("getaddrinfo: %s: %s", options.bind_address,
> - ssh_gai_strerror(gaierr));
> - close(sock);
> - return -1;
> + if (options.bind_address) {
> + memset(&hints, 0, sizeof(hints));
> + hints.ai_family = ai->ai_family;
> + hints.ai_socktype = ai->ai_socktype;
> + hints.ai_protocol = ai->ai_protocol;
> + hints.ai_flags = AI_PASSIVE;
> + gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
> + if (gaierr) {
> + error("getaddrinfo: %s: %s", options.bind_address,
> + ssh_gai_strerror(gaierr));
> + close(sock);
> + return -1;
> + }
> }
> /*
> * If we are running as root and want to connect to a privileged
> @@ -300,7 +302,7 @@ ssh_create_socket(int privileged, struct
> */
> if (privileged) {
> PRIV_START;
> - r = bindresvport_sa(sock, res->ai_addr);
> + r = bindresvport_sa(sock, res ? res->ai_addr : NULL);
> PRIV_END;
> if (r < 0) {
> error("bindresvport_sa: af=%d %s", ai->ai_family,
>
>
>
>
> --
> Corinna Vinschen
> Cygwin Maintainer
> Red Hat
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140206/346b52a8/attachment-0001.bin>
More information about the openssh-unix-dev
mailing list