From 32fe2a9a9f594557e9fa87668fd44d4c6c3aa89e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 25 Jun 2010 07:14:47 +0000 Subject: bz#1327: remove hardcoded limit of 100 permitopen clauses and port forwards per direction; ok markus@ stevesk@ --- usr.bin/ssh/channels.c | 29 ++++++++++++++++++----------- usr.bin/ssh/mux.c | 12 ++++-------- usr.bin/ssh/readconf.c | 25 +++++++++++++++++++------ usr.bin/ssh/readconf.h | 6 +++--- usr.bin/ssh/ssh.h | 5 +---- 5 files changed, 45 insertions(+), 32 deletions(-) diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index b014706027e..08138ca5f56 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.304 2010/05/14 23:29:23 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.305 2010/06/25 07:14:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -110,10 +110,10 @@ typedef struct { } ForwardPermission; /* List of all permitted host/port pairs to connect by the user. */ -static ForwardPermission permitted_opens[SSH_MAX_FORWARDS_PER_DIRECTION]; +static ForwardPermission *permitted_opens = NULL; /* List of all permitted host/port pairs to connect by the admin. */ -static ForwardPermission permitted_adm_opens[SSH_MAX_FORWARDS_PER_DIRECTION]; +static ForwardPermission *permitted_adm_opens = NULL; /* Number of permitted host/port pairs in the array permitted by the user. */ static int num_permitted_opens = 0; @@ -2810,10 +2810,6 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port, { int type, success = 0; - /* Record locally that connection to this host/port is permitted. */ - if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) - fatal("channel_request_remote_forwarding: too many forwards"); - /* Send the forward request to the remote side. */ if (compat20) { const char *address_to_bind; @@ -2863,6 +2859,9 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port, } } if (success) { + /* Record that connection to this host/port is permitted. */ + permitted_opens = xrealloc(permitted_opens, + num_permitted_opens + 1, sizeof(*permitted_opens)); permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; permitted_opens[num_permitted_opens].listen_port = listen_port; @@ -2958,10 +2957,10 @@ channel_permit_all_opens(void) void channel_add_permitted_opens(char *host, int port) { - if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) - fatal("channel_add_permitted_opens: too many forwards"); debug("allow port forwarding to host %s port %d", host, port); + permitted_opens = xrealloc(permitted_opens, + num_permitted_opens + 1, sizeof(*permitted_opens)); permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host); permitted_opens[num_permitted_opens].port_to_connect = port; num_permitted_opens++; @@ -2972,10 +2971,10 @@ channel_add_permitted_opens(char *host, int port) int channel_add_adm_permitted_opens(char *host, int port) { - if (num_adm_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) - fatal("channel_add_adm_permitted_opens: too many forwards"); debug("config allows port forwarding to host %s port %d", host, port); + permitted_adm_opens = xrealloc(permitted_adm_opens, + num_adm_permitted_opens + 1, sizeof(*permitted_adm_opens)); permitted_adm_opens[num_adm_permitted_opens].host_to_connect = xstrdup(host); permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port; @@ -2990,6 +2989,10 @@ channel_clear_permitted_opens(void) for (i = 0; i < num_permitted_opens; i++) if (permitted_opens[i].host_to_connect != NULL) xfree(permitted_opens[i].host_to_connect); + if (num_permitted_opens > 0) { + xfree(permitted_opens); + permitted_opens = NULL; + } num_permitted_opens = 0; } @@ -3001,6 +3004,10 @@ channel_clear_adm_permitted_opens(void) for (i = 0; i < num_adm_permitted_opens; i++) if (permitted_adm_opens[i].host_to_connect != NULL) xfree(permitted_adm_opens[i].host_to_connect); + if (num_adm_permitted_opens > 0) { + xfree(permitted_adm_opens); + permitted_adm_opens = NULL; + } num_adm_permitted_opens = 0; } diff --git a/usr.bin/ssh/mux.c b/usr.bin/ssh/mux.c index 098979cb9c0..71557a8b37b 100644 --- a/usr.bin/ssh/mux.c +++ b/usr.bin/ssh/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.19 2010/06/17 07:07:30 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.20 2010/06/25 07:14:46 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -710,9 +710,7 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) } if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) { - if (options.num_local_forwards + 1 >= - SSH_MAX_FORWARDS_PER_DIRECTION || - channel_setup_local_fwd_listener(fwd.listen_host, + if (channel_setup_local_fwd_listener(fwd.listen_host, fwd.listen_port, fwd.connect_host, fwd.connect_port, options.gateway_ports) < 0) { fail: @@ -727,16 +725,14 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) } else { struct mux_channel_confirm_ctx *fctx; - if (options.num_remote_forwards + 1 >= - SSH_MAX_FORWARDS_PER_DIRECTION || - channel_request_remote_forwarding(fwd.listen_host, + if (channel_request_remote_forwarding(fwd.listen_host, fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0) goto fail; add_remote_forward(&options, &fwd); fctx = xcalloc(1, sizeof(*fctx)); fctx->cid = c->self; fctx->rid = rid; - fctx->fid = options.num_remote_forwards-1; + fctx->fid = options.num_remote_forwards - 1; client_register_global_confirm(mux_confirm_remote_forward, fctx); freefwd = 0; diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index eb51d242b89..c5474132f8e 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.184 2010/05/16 12:55:51 markus Exp $ */ +/* $OpenBSD: readconf.c,v 1.185 2010/06/25 07:14:46 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -248,10 +248,12 @@ add_local_forward(Options *options, const Forward *newfwd) { Forward *fwd; extern uid_t original_real_uid; + if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) fatal("Privileged ports can only be forwarded by root."); - if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) - fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); + options->local_forwards = xrealloc(options->local_forwards, + options->num_local_forwards + 1, + sizeof(*options->local_forwards)); fwd = &options->local_forwards[options->num_local_forwards++]; fwd->listen_host = newfwd->listen_host; @@ -269,9 +271,10 @@ void add_remote_forward(Options *options, const Forward *newfwd) { Forward *fwd; - if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) - fatal("Too many remote forwards (max %d).", - SSH_MAX_FORWARDS_PER_DIRECTION); + + options->remote_forwards = xrealloc(options->remote_forwards, + options->num_remote_forwards + 1, + sizeof(*options->remote_forwards)); fwd = &options->remote_forwards[options->num_remote_forwards++]; fwd->listen_host = newfwd->listen_host; @@ -291,12 +294,20 @@ clear_forwardings(Options *options) xfree(options->local_forwards[i].listen_host); xfree(options->local_forwards[i].connect_host); } + if (options->num_local_forwards > 0) { + xfree(options->local_forwards); + options->local_forwards = NULL; + } options->num_local_forwards = 0; for (i = 0; i < options->num_remote_forwards; i++) { if (options->remote_forwards[i].listen_host != NULL) xfree(options->remote_forwards[i].listen_host); xfree(options->remote_forwards[i].connect_host); } + if (options->num_remote_forwards > 0) { + xfree(options->remote_forwards); + options->remote_forwards = NULL; + } options->num_remote_forwards = 0; options->tun_open = SSH_TUNMODE_NO; } @@ -1043,7 +1054,9 @@ initialize_options(Options * options) options->user_hostfile = NULL; options->system_hostfile2 = NULL; options->user_hostfile2 = NULL; + options->local_forwards = NULL; options->num_local_forwards = 0; + options->remote_forwards = NULL; options->num_remote_forwards = 0; options->clear_forwardings = -1; options->log_level = SYSLOG_LEVEL_NOT_SET; diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h index 4fb29e2fa0d..3c8eae9d2d4 100644 --- a/usr.bin/ssh/readconf.h +++ b/usr.bin/ssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.83 2010/05/16 12:55:51 markus Exp $ */ +/* $OpenBSD: readconf.h,v 1.84 2010/06/25 07:14:46 djm Exp $ */ /* * Author: Tatu Ylonen @@ -94,11 +94,11 @@ typedef struct { /* Local TCP/IP forward requests. */ int num_local_forwards; - Forward local_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; + Forward *local_forwards; /* Remote TCP/IP forward requests. */ int num_remote_forwards; - Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; + Forward *remote_forwards; int clear_forwardings; int enable_ssh_keysign; diff --git a/usr.bin/ssh/ssh.h b/usr.bin/ssh/ssh.h index 56953ee293a..d23da14927f 100644 --- a/usr.bin/ssh/ssh.h +++ b/usr.bin/ssh/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.78 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: ssh.h,v 1.79 2010/06/25 07:14:46 djm Exp $ */ /* * Author: Tatu Ylonen @@ -18,9 +18,6 @@ /* Default port number. */ #define SSH_DEFAULT_PORT 22 -/* Maximum number of TCP/IP ports forwarded per direction. */ -#define SSH_MAX_FORWARDS_PER_DIRECTION 100 - /* * Maximum number of RSA authentication identity files that can be specified * in configuration files or on the command line. -- cgit v1.2.3