RE: Remote port forwarding in a multiplexed connection: possible "clientspecified" bug

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



> Now the following mux command (on client with ControlMaster connected
> and running and ControlPath set appropriately):
> 
>     $ ssh -O forward -R ':0:localhost:3502' <hostaddr>
> 
> Port ... (set with an empty bind_address) should be bind to wildcard
> address, not localhost. The same -R option given for ControlMaster (or non-
> multiplexed ssh client) works as expected.

(Answering to myself...)

The reason seems to be that the unset bind_address (i.e. NULL) is transformed
into an empty string in mux.c:mux_client_forward():

	buffer_put_cstring(&m,
	    fwd->listen_host == NULL ? "" : fwd->listen_host);

Separation between an unset and an empty bind_address is now lost; ControlMaster
in turn nullifies such an empty listen_addr, resulting in a localhost bind. This happens
in mux.c:process_mux_open_fwd():

	if (*listen_addr == '\0') {
		free(listen_addr);
		listen_addr = NULL;
	}

I guess this is done because the Buffer (i.e. the underlying sshbuf) does not differentiate
NULL string from an empty one. And NULL is assumed/preferred here because it's safer.

--
Sami

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux