diff options
| author | Kevin Steves <stevesk@cvs.openbsd.org> | 2001-08-30 16:04:36 +0000 |
|---|---|---|
| committer | Kevin Steves <stevesk@cvs.openbsd.org> | 2001-08-30 16:04:36 +0000 |
| commit | 27f25df6fe54ef44a3bea46d6e1a4278f5416fdf (patch) | |
| tree | 193a087dc16769ce164c5f6bf7f9fcd14f257fe4 | |
| parent | 69b54d454d308c57732f785c7cd70bd639c81bca (diff) | |
validate ports for LocalForward/RemoteForward.
add host/port alternative syntax for IPv6 (like -L/-R).
ok markus@
| -rw-r--r-- | usr.bin/ssh/readconf.c | 55 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.1 | 14 |
2 files changed, 33 insertions, 36 deletions
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index f6630de78a9..67a79f893d0 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.87 2001/08/28 09:51:26 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.88 2001/08/30 16:04:35 stevesk Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -258,6 +258,7 @@ process_config_line(Options *options, const char *host, char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg; int opcode, *intptr, value; u_short fwd_port, fwd_host_port; + char sfwd_host_port[6]; s = line; /* Get the keyword. (Each line is supposed to begin with a keyword). */ @@ -575,42 +576,34 @@ parse_int: *intptr = (LogLevel) value; break; - case oRemoteForward: - arg = strdelim(&s); - if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing argument.", filename, linenum); - fwd_port = a2port(arg); - if (fwd_port == 0) - fatal("%.200s line %d: Badly formatted port number.", - filename, linenum); - arg = strdelim(&s); - if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing second argument.", - filename, linenum); - if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2) - fatal("%.200s line %d: Badly formatted host:port.", - filename, linenum); - if (*activep) - add_remote_forward(options, fwd_port, buf, fwd_host_port); - break; - case oLocalForward: + case oRemoteForward: arg = strdelim(&s); if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing argument.", filename, linenum); - fwd_port = a2port(arg); - if (fwd_port == 0) - fatal("%.200s line %d: Badly formatted port number.", - filename, linenum); + fatal("%.200s line %d: Missing port argument.", + filename, linenum); + if ((fwd_port = a2port(arg)) == 0) + fatal("%.200s line %d: Bad listen port.", + filename, linenum); arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing second argument.", - filename, linenum); - if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2) - fatal("%.200s line %d: Badly formatted host:port.", - filename, linenum); - if (*activep) - add_local_forward(options, fwd_port, buf, fwd_host_port); + filename, linenum); + if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 && + sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2) + fatal("%.200s line %d: Bad forwarding specification.", + filename, linenum); + if ((fwd_host_port = a2port(sfwd_host_port)) == 0) + fatal("%.200s line %d: Bad forwarding port.", + filename, linenum); + if (*activep) { + if (opcode == oLocalForward) + add_local_forward(options, fwd_port, buf, + fwd_host_port); + else if (opcode == oRemoteForward) + add_remote_forward(options, fwd_port, buf, + fwd_host_port); + } break; case oDynamicForward: diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index 90e32ebd6e1..d7529d7a944 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.135 2001/08/30 15:42:36 naddy Exp $ +.\" $OpenBSD: ssh.1,v 1.136 2001/08/30 16:04:35 stevesk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -943,9 +943,11 @@ or .Dq no . .It Cm LocalForward Specifies that a TCP/IP port on the local machine be forwarded over -the secure channel to given host:port from the remote machine. +the secure channel to the specified host and port from the remote machine. The first argument must be a port number, and the second must be -host:port. +.Ar host:port . +IPv6 addresses can be specified with an alternative syntax: +.Ar host/port . Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. @@ -1037,9 +1039,11 @@ The default is This option applies to protocol version 2 only. .It Cm RemoteForward Specifies that a TCP/IP port on the remote machine be forwarded over -the secure channel to given host:port from the local machine. +the secure channel to the specified host and port from the local machine. The first argument must be a port number, and the second must be -host:port. +.Ar host:port . +IPv6 addresses can be specified with an alternative syntax: +.Ar host/port . Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. |