djm at mindrot
Sep 9, 2011, 3:44 AM
Views: 445
Permalink
|
|
Re: Dynamic port remote listener - a BUG?
[In reply to]
|
|
On Fri, 9 Sep 2011, Damien Miller wrote:
> On Fri, 9 Sep 2011, Damien Miller wrote:
>
> >
> > > Hello,
> > >
> > > Today I tried using "dynamically assigned" port for remote listener, by
> > > requesting listener on port 0. This is supposed to create a listener on a
> > > port choosen by server. Everything seemed OK (the choosen port was sent back
> > > to client), but forwarding was refused. So I checked the source.
> >
> > it works for me on both portable and OpenBSD, with -R forwardings on
> > the initial ssh commandline or set up using -O forward.
>
> there is a bug in there though - is more than one -R 0:... foward is
> created, the later ones will all direct their connections to the
> destination specified for the first -R0 forward.
>
> i'll look at it when i have slept...
Couldn't get to sleep.
The problem is our s->c forwarded-tcpip channel opens use a listen_port
of 0, which causes client_request_forwarded_tcpip()->
channel_connect_by_listen_address() to always return the same destination.
So we should set c->listening_port, but we need to fix up permitted_opens
when we receive the open confirmation message otherwise the client will
refuse the requests. I think this will break backwards compat for -R 0...
forwardings from a new server (>=openssh-6.0) to an older client, since
the older clients expect a listen_port of 0 in the channel open messages.
We could do a compat.[ch] hack or live with the breakage...
-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
|
