Hi guys, On Jan 29 23:34, Damien Miller wrote: > Changes since OpenSSH 6.4 > ========================= > [...] > Bugfixes: > > * ssh(1), sshd(8): Fix potential stack exhaustion caused by nested > certificates. > > * ssh(1): bz#1211: make BindAddress work with UsePrivilegedPort. there's a bug in this change. Try this as user root: $ ssh -V OpenSSH_6.5p1, [...] $ ssh -oUsePrivilegedPort=yes remote-machine getaddrinfo: (null): Name or service not known getaddrinfo: (null): Name or service not known ssh: connect to host remote-machine port 22: No such file or directory The bug is in sshconnect.c, function ssh_create_socket(). The only way to avoid a call to to getaddrinfo is if *either* options.bind_address is non-NULL, *or* UsePrivilegedPort is set to no: /* Bind the socket to an alternative local IP address */ if (options.bind_address == NULL && !privileged) return sock; However, if UsePrivilegedPort is set to yes, options.bind_address will be checked in the subsequent getaddrinfo call, even if it's NULL, because the -b option hasn't been used. The result is, both input parameters to getaddrinfo() are NULL, so getaddrinfo() returns with EAI_NONAME, thus breaking the UsePrivilegedPort functionality, unless -b is given as well. Here's a patch: Index: sshconnect.c =================================================================== RCS file: /cvs/openssh/sshconnect.c,v retrieving revision 1.217 diff -u -p -r1.217 sshconnect.c --- sshconnect.c 9 Jan 2014 23:59:24 -0000 1.217 +++ sshconnect.c 3 Feb 2014 10:44:20 -0000 @@ -269,7 +269,7 @@ static int ssh_create_socket(int privileged, struct addrinfo *ai) { int sock, r, gaierr; - struct addrinfo hints, *res; + struct addrinfo hints, *res = NULL; sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { @@ -282,17 +282,19 @@ ssh_create_socket(int privileged, struct if (options.bind_address == NULL && !privileged) return sock; - memset(&hints, 0, sizeof(hints)); - hints.ai_family = ai->ai_family; - hints.ai_socktype = ai->ai_socktype; - hints.ai_protocol = ai->ai_protocol; - hints.ai_flags = AI_PASSIVE; - gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res); - if (gaierr) { - error("getaddrinfo: %s: %s", options.bind_address, - ssh_gai_strerror(gaierr)); - close(sock); - return -1; + if (options.bind_address) { + memset(&hints, 0, sizeof(hints)); + hints.ai_family = ai->ai_family; + hints.ai_socktype = ai->ai_socktype; + hints.ai_protocol = ai->ai_protocol; + hints.ai_flags = AI_PASSIVE; + gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res); + if (gaierr) { + error("getaddrinfo: %s: %s", options.bind_address, + ssh_gai_strerror(gaierr)); + close(sock); + return -1; + } } /* * If we are running as root and want to connect to a privileged @@ -300,7 +302,7 @@ ssh_create_socket(int privileged, struct */ if (privileged) { PRIV_START; - r = bindresvport_sa(sock, res->ai_addr); + r = bindresvport_sa(sock, res ? res->ai_addr : NULL); PRIV_END; if (r < 0) { error("bindresvport_sa: af=%d %s", ai->ai_family, -- Corinna Vinschen Cygwin Maintainer Red Hat
Attachment:
pgpz8anutdzBq.pgp
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev