Re: Announce: OpenSSH 6.5 released

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Ping?

Is there anything wrong with my analysis or the patch?


Thanks,
Corinna

On Feb  3 11:44, Corinna Vinschen wrote:
> Hi guys,
> 
> On Jan 29 23:34, Damien Miller wrote:
> > Changes since OpenSSH 6.4
> > =========================
> > [...]
> > Bugfixes:
> > 
> >  * ssh(1), sshd(8): Fix potential stack exhaustion caused by nested
> >    certificates.
> > 
> >  * ssh(1): bz#1211: make BindAddress work with UsePrivilegedPort.
> 
> there's a bug in this change.
> 
> Try this as user root:
> 
>   $ ssh -V
>   OpenSSH_6.5p1, [...]
>   $ ssh -oUsePrivilegedPort=yes remote-machine
>   getaddrinfo: (null): Name or service not known
>   getaddrinfo: (null): Name or service not known
>   ssh: connect to host remote-machine port 22: No such file or directory
> 
> The bug is in sshconnect.c, function ssh_create_socket().  The only
> way to avoid a call to to getaddrinfo is if *either* options.bind_address
> is non-NULL, *or* UsePrivilegedPort is set to no:
> 
>   /* Bind the socket to an alternative local IP address */
>   if (options.bind_address == NULL && !privileged)
> 	  return sock;
> 
> However, if UsePrivilegedPort is set to yes, options.bind_address will be
> checked in the subsequent getaddrinfo call, even if it's NULL, because the
> -b option hasn't been used.
> 
> The result is, both input parameters to getaddrinfo() are NULL, so
> getaddrinfo() returns with EAI_NONAME, thus breaking the UsePrivilegedPort
> functionality, unless -b is given as well.
> 
> Here's a patch:
> 
> Index: sshconnect.c
> ===================================================================
> RCS file: /cvs/openssh/sshconnect.c,v
> retrieving revision 1.217
> diff -u -p -r1.217 sshconnect.c
> --- sshconnect.c	9 Jan 2014 23:59:24 -0000	1.217
> +++ sshconnect.c	3 Feb 2014 10:44:20 -0000
> @@ -269,7 +269,7 @@ static int
>  ssh_create_socket(int privileged, struct addrinfo *ai)
>  {
>  	int sock, r, gaierr;
> -	struct addrinfo hints, *res;
> +	struct addrinfo hints, *res = NULL;
>  
>  	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
>  	if (sock < 0) {
> @@ -282,17 +282,19 @@ ssh_create_socket(int privileged, struct
>  	if (options.bind_address == NULL && !privileged)
>  		return sock;
>  
> -	memset(&hints, 0, sizeof(hints));
> -	hints.ai_family = ai->ai_family;
> -	hints.ai_socktype = ai->ai_socktype;
> -	hints.ai_protocol = ai->ai_protocol;
> -	hints.ai_flags = AI_PASSIVE;
> -	gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
> -	if (gaierr) {
> -		error("getaddrinfo: %s: %s", options.bind_address,
> -		    ssh_gai_strerror(gaierr));
> -		close(sock);
> -		return -1;
> +	if (options.bind_address) {
> +		memset(&hints, 0, sizeof(hints));
> +		hints.ai_family = ai->ai_family;
> +		hints.ai_socktype = ai->ai_socktype;
> +		hints.ai_protocol = ai->ai_protocol;
> +		hints.ai_flags = AI_PASSIVE;
> +		gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
> +		if (gaierr) {
> +			error("getaddrinfo: %s: %s", options.bind_address,
> +			    ssh_gai_strerror(gaierr));
> +			close(sock);
> +			return -1;
> +		}
>  	}
>  	/*
>  	 * If we are running as root and want to connect to a privileged
> @@ -300,7 +302,7 @@ ssh_create_socket(int privileged, struct
>  	 */
>  	if (privileged) {
>  		PRIV_START;
> -		r = bindresvport_sa(sock, res->ai_addr);
> +		r = bindresvport_sa(sock, res ? res->ai_addr : NULL);
>  		PRIV_END;
>  		if (r < 0) {
>  			error("bindresvport_sa: af=%d %s", ai->ai_family,
> 
> 
> 
> 
> -- 
> Corinna Vinschen
> Cygwin Maintainer
> Red Hat



> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


-- 
Corinna Vinschen
Cygwin Maintainer
Red Hat

Attachment: pgpuAmg08WmIT.pgp
Description: PGP signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux