Ping? Is there anything wrong with my analysis or the patch? Thanks, Corinna On Feb 3 11:44, Corinna Vinschen wrote: > Hi guys, > > On Jan 29 23:34, Damien Miller wrote: > > Changes since OpenSSH 6.4 > > ========================= > > [...] > > Bugfixes: > > > > * ssh(1), sshd(8): Fix potential stack exhaustion caused by nested > > certificates. > > > > * ssh(1): bz#1211: make BindAddress work with UsePrivilegedPort. > > there's a bug in this change. > > Try this as user root: > > $ ssh -V > OpenSSH_6.5p1, [...] > $ ssh -oUsePrivilegedPort=yes remote-machine > getaddrinfo: (null): Name or service not known > getaddrinfo: (null): Name or service not known > ssh: connect to host remote-machine port 22: No such file or directory > > The bug is in sshconnect.c, function ssh_create_socket(). The only > way to avoid a call to to getaddrinfo is if *either* options.bind_address > is non-NULL, *or* UsePrivilegedPort is set to no: > > /* Bind the socket to an alternative local IP address */ > if (options.bind_address == NULL && !privileged) > return sock; > > However, if UsePrivilegedPort is set to yes, options.bind_address will be > checked in the subsequent getaddrinfo call, even if it's NULL, because the > -b option hasn't been used. > > The result is, both input parameters to getaddrinfo() are NULL, so > getaddrinfo() returns with EAI_NONAME, thus breaking the UsePrivilegedPort > functionality, unless -b is given as well. > > Here's a patch: > > Index: sshconnect.c > =================================================================== > RCS file: /cvs/openssh/sshconnect.c,v > retrieving revision 1.217 > diff -u -p -r1.217 sshconnect.c > --- sshconnect.c 9 Jan 2014 23:59:24 -0000 1.217 > +++ sshconnect.c 3 Feb 2014 10:44:20 -0000 > @@ -269,7 +269,7 @@ static int > ssh_create_socket(int privileged, struct addrinfo *ai) > { > int sock, r, gaierr; > - struct addrinfo hints, *res; > + struct addrinfo hints, *res = NULL; > > sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); > if (sock < 0) { > @@ -282,17 +282,19 @@ ssh_create_socket(int privileged, struct > if (options.bind_address == NULL && !privileged) > return sock; > > - memset(&hints, 0, sizeof(hints)); > - hints.ai_family = ai->ai_family; > - hints.ai_socktype = ai->ai_socktype; > - hints.ai_protocol = ai->ai_protocol; > - hints.ai_flags = AI_PASSIVE; > - gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res); > - if (gaierr) { > - error("getaddrinfo: %s: %s", options.bind_address, > - ssh_gai_strerror(gaierr)); > - close(sock); > - return -1; > + if (options.bind_address) { > + memset(&hints, 0, sizeof(hints)); > + hints.ai_family = ai->ai_family; > + hints.ai_socktype = ai->ai_socktype; > + hints.ai_protocol = ai->ai_protocol; > + hints.ai_flags = AI_PASSIVE; > + gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res); > + if (gaierr) { > + error("getaddrinfo: %s: %s", options.bind_address, > + ssh_gai_strerror(gaierr)); > + close(sock); > + return -1; > + } > } > /* > * If we are running as root and want to connect to a privileged > @@ -300,7 +302,7 @@ ssh_create_socket(int privileged, struct > */ > if (privileged) { > PRIV_START; > - r = bindresvport_sa(sock, res->ai_addr); > + r = bindresvport_sa(sock, res ? res->ai_addr : NULL); > PRIV_END; > if (r < 0) { > error("bindresvport_sa: af=%d %s", ai->ai_family, > > > > > -- > Corinna Vinschen > Cygwin Maintainer > Red Hat > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev -- Corinna Vinschen Cygwin Maintainer Red Hat
Attachment:
pgpuAmg08WmIT.pgp
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev