summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2023-06-20 23:59:34 +0000
committerDamien Miller <djm@cvs.openbsd.org>2023-06-20 23:59:34 +0000
commita48ec660a5e892eb6d8eeb2232ce798ea37ecd41 (patch)
tree0e2621bce0e8a0eb6b79e06fddf4584a8d68e9c5 /usr.bin/ssh
parent237f5b65791baccc19d9b706a42e06d5b9574cb9 (diff)
prepare for support for connecting to unix domain sockets using ssh -W
by explicitly decoding PORT_STREAMLOCAL (a negative number) from the u32 that's passed over the multiplexing socket; previously code would just cast, which is UB.
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/mux.c29
1 files changed, 22 insertions, 7 deletions
diff --git a/usr.bin/ssh/mux.c b/usr.bin/ssh/mux.c
index 7abb5aaef33..9968bf92693 100644
--- a/usr.bin/ssh/mux.c
+++ b/usr.bin/ssh/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.96 2023/03/08 04:43:12 guenther Exp $ */
+/* $OpenBSD: mux.c,v 1.97 2023/06/20 23:59:33 djm Exp $ */
/*
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
*
@@ -26,6 +26,7 @@
#include <errno.h>
#include <fcntl.h>
#include <poll.h>
+#include <limits.h>
#include <signal.h>
#include <stdarg.h>
#include <stddef.h>
@@ -947,19 +948,28 @@ mux_master_process_stdio_fwd(struct ssh *ssh, u_int rid,
{
Channel *nc;
char *chost = NULL;
- u_int cport, i, j;
- int r, new_fd[2];
+ u_int _cport, i, j;
+ int ok = 0, cport, r, new_fd[2];
struct mux_stdio_confirm_ctx *cctx;
if ((r = sshbuf_skip_string(m)) != 0 || /* reserved */
(r = sshbuf_get_cstring(m, &chost, NULL)) != 0 ||
- (r = sshbuf_get_u32(m, &cport)) != 0) {
+ (r = sshbuf_get_u32(m, &_cport)) != 0) {
free(chost);
error_f("malformed message");
return -1;
}
+ if (_cport == (u_int)PORT_STREAMLOCAL)
+ cport = PORT_STREAMLOCAL;
+ else if (_cport <= INT_MAX)
+ cport = (int)_cport;
+ else {
+ free(chost);
+ error_f("invalid port 0x%x", _cport);
+ return -1;
+ }
- debug2_f("channel %d: stdio fwd to %s:%u", c->self, chost, cport);
+ debug2_f("channel %d: stdio fwd to %s:%d", c->self, chost, cport);
/* Gather fds from client */
for(i = 0; i < 2; i++) {
@@ -992,8 +1002,13 @@ mux_master_process_stdio_fwd(struct ssh *ssh, u_int rid,
if (options.control_master == SSHCTL_MASTER_ASK ||
options.control_master == SSHCTL_MASTER_AUTO_ASK) {
- if (!ask_permission("Allow forward to %s:%u? ",
- chost, cport)) {
+ if (cport == PORT_STREAMLOCAL) {
+ ok = ask_permission("Allow forward to path %s", chost);
+ } else {
+ ok = ask_permission("Allow forward to [%s]:%d? ",
+ chost, cport);
+ }
+ if (!ok) {
debug2_f("stdio fwd refused by user");
reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
"Permission denied");