diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2023-06-20 23:59:34 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2023-06-20 23:59:34 +0000 |
commit | a48ec660a5e892eb6d8eeb2232ce798ea37ecd41 (patch) | |
tree | 0e2621bce0e8a0eb6b79e06fddf4584a8d68e9c5 /usr.bin/ssh | |
parent | 237f5b65791baccc19d9b706a42e06d5b9574cb9 (diff) |
prepare for support for connecting to unix domain sockets using ssh -W
by explicitly decoding PORT_STREAMLOCAL (a negative number) from the u32
that's passed over the multiplexing socket; previously code would just
cast, which is UB.
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r-- | usr.bin/ssh/mux.c | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/usr.bin/ssh/mux.c b/usr.bin/ssh/mux.c index 7abb5aaef33..9968bf92693 100644 --- a/usr.bin/ssh/mux.c +++ b/usr.bin/ssh/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.96 2023/03/08 04:43:12 guenther Exp $ */ +/* $OpenBSD: mux.c,v 1.97 2023/06/20 23:59:33 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> * @@ -26,6 +26,7 @@ #include <errno.h> #include <fcntl.h> #include <poll.h> +#include <limits.h> #include <signal.h> #include <stdarg.h> #include <stddef.h> @@ -947,19 +948,28 @@ mux_master_process_stdio_fwd(struct ssh *ssh, u_int rid, { Channel *nc; char *chost = NULL; - u_int cport, i, j; - int r, new_fd[2]; + u_int _cport, i, j; + int ok = 0, cport, r, new_fd[2]; struct mux_stdio_confirm_ctx *cctx; if ((r = sshbuf_skip_string(m)) != 0 || /* reserved */ (r = sshbuf_get_cstring(m, &chost, NULL)) != 0 || - (r = sshbuf_get_u32(m, &cport)) != 0) { + (r = sshbuf_get_u32(m, &_cport)) != 0) { free(chost); error_f("malformed message"); return -1; } + if (_cport == (u_int)PORT_STREAMLOCAL) + cport = PORT_STREAMLOCAL; + else if (_cport <= INT_MAX) + cport = (int)_cport; + else { + free(chost); + error_f("invalid port 0x%x", _cport); + return -1; + } - debug2_f("channel %d: stdio fwd to %s:%u", c->self, chost, cport); + debug2_f("channel %d: stdio fwd to %s:%d", c->self, chost, cport); /* Gather fds from client */ for(i = 0; i < 2; i++) { @@ -992,8 +1002,13 @@ mux_master_process_stdio_fwd(struct ssh *ssh, u_int rid, if (options.control_master == SSHCTL_MASTER_ASK || options.control_master == SSHCTL_MASTER_AUTO_ASK) { - if (!ask_permission("Allow forward to %s:%u? ", - chost, cport)) { + if (cport == PORT_STREAMLOCAL) { + ok = ask_permission("Allow forward to path %s", chost); + } else { + ok = ask_permission("Allow forward to [%s]:%d? ", + chost, cport); + } + if (!ok) { debug2_f("stdio fwd refused by user"); reply_error(reply, MUX_S_PERMISSION_DENIED, rid, "Permission denied"); |