[Bug 1380] New: incorrect check for strlen(fwd->connect_host) in parse_forward()

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Oct 23 04:25:39 EST 2007


https://bugzilla.mindrot.org/show_bug.cgi?id=1380

           Summary: incorrect check for strlen(fwd->connect_host) in
                    parse_forward()
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 4.7p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P3
         Component: ssh
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: Jan.Pechanec at Sun.COM


there are 2 issues for hostname len check in parse_forward()

(a) the len is checked against NI_MAXHOST while it should be checked
against (SSH_CHANNEL_PATH_LEN - 1).

(b) the check should be also performed against listen_host when in
remote fwd mode; otherwise hostname of any length is sent over

The check against connect_host is already in
channel_setup_fwd_listener(). I think that correct way is to remove the
check from parse_forward() completely and put a new check against
listen_host to channel_request_remote_forwarding().

patch attached.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list