upstream commit

don't record duplicate LocalForward and RemoteForward entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation where the same forwards are added on the second pass through the configuration file. bz#2562; ok dtucker@ Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1
author: djm@openbsd.org <djm@openbsd.org> 2016-04-06 06:42:17 +0000
committer: Darren Tucker <dtucker@zip.com.au> 2016-04-08 14:26:06 +1000
commit: 0ccbd5eca0f0dd78e71a4b69c66f03a66908d558 (patch)
tree: d3b976a3f09569186f2a03d1b87c342432cd4f3c
parent: 574def0eb493cd6efeffd4ff2e9257abcffee0c8 (diff)
3 files changed, 56 insertions, 3 deletions
diff --git a/misc.c b/misc.c
index db5ff564e..9d59ca6b2 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.103 2016/04/02 14:37:42 krw Exp $ */
+/* $OpenBSD: misc.c,v 1.104 2016/04/06 06:42:17 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -1144,3 +1144,41 @@ sock_set_v6only(int s)
                error("setsockopt IPV6_V6ONLY: %s", strerror(errno));
 #endif
 }
+/*
+ * Compares two strings that maybe be NULL. Returns non-zero if strings
+ * are both NULL or are identical, returns zero otherwise.
+ */
+static int
+strcmp_maybe_null(const char *a, const char *b)
+{
+        if ((a == NULL && b != NULL) || (a != NULL && b == NULL))
+                return 0;
+        if (a != NULL && strcmp(a, b) != 0)
+                return 0;
+        return 1;
+}
+/*
+ * Compare two forwards, returning non-zero if they are identical or
+ * zero otherwise.
+ */
+int
+forward_equals(const struct Forward *a, const struct Forward *b)
+{
+        if (strcmp_maybe_null(a->listen_host, b->listen_host) == 0)
+                return 0;
+        if (a->listen_port != b->listen_port)
+                return 0;
+        if (strcmp_maybe_null(a->listen_path, b->listen_path) == 0)
+                return 0;
+        if (strcmp_maybe_null(a->connect_host, b->connect_host) == 0)
+                return 0;
+        if (a->connect_port != b->connect_port)
+                return 0;
+        if (strcmp_maybe_null(a->connect_path, b->connect_path) == 0)
+                return 0;
+        /* allocated_port and handle are not checked */
+        return 1;
+}
diff --git a/misc.h b/misc.h
index 434e06c01..01432ba8b 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.55 2016/03/02 22:42:40 dtucker Exp $ */
+/* $OpenBSD: misc.h,v 1.56 2016/04/06 06:42:17 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -27,6 +27,8 @@ struct Forward {
        int       handle;               /* Handle for dynamic listen ports */
 };
+int forward_equals(const struct Forward *, const struct Forward *);
 /* Common server and client forwarding options. */
 struct ForwardOptions {
        int      gateway_ports; /* Allow remote connects to forwarded ports. */
diff --git a/readconf.c b/readconf.c
index 69d4553af..c692f7dd2 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.250 2016/02/08 23:40:12 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.251 2016/04/06 06:42:17 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -294,12 +294,19 @@ void
 add_local_forward(Options *options, const struct Forward *newfwd)
 {
        struct Forward *fwd;
+        int i;
 #ifndef NO_IPPORT_RESERVED_CONCEPT
        extern uid_t original_real_uid;
        if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 &&
            newfwd->listen_path == NULL)
                fatal("Privileged ports can only be forwarded by root.");
 #endif
+        /* Don't add duplicates */
+        for (i = 0; i < options->num_local_forwards; i++) {
+                if (forward_equals(newfwd, options->local_forwards + i))
+                        return;
+        }
        options->local_forwards = xreallocarray(options->local_forwards,
            options->num_local_forwards + 1,
            sizeof(*options->local_forwards));
@@ -322,7 +329,13 @@ void
 add_remote_forward(Options *options, const struct Forward *newfwd)
 {
        struct Forward *fwd;
+        int i;
+        /* Don't add duplicates */
+        for (i = 0; i < options->num_remote_forwards; i++) {
+                if (forward_equals(newfwd, options->remote_forwards + i))
+                        return;
+        }
        options->remote_forwards = xreallocarray(options->remote_forwards,
            options->num_remote_forwards + 1,
            sizeof(*options->remote_forwards));
author	djm@openbsd.org <djm@openbsd.org>	2016-04-06 06:42:17 +0000
committer	Darren Tucker <dtucker@zip.com.au>	2016-04-08 14:26:06 +1000
commit	0ccbd5eca0f0dd78e71a4b69c66f03a66908d558 (patch)
tree	d3b976a3f09569186f2a03d1b87c342432cd4f3c
parent	574def0eb493cd6efeffd4ff2e9257abcffee0c8 (diff)

diff --git a/misc.c b/misc.c index db5ff564e..9d59ca6b2 100644 --- a/misc.c +++ b/misc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: misc.c,v 1.103 2016/04/02 14:37:42 krw Exp $ */	1	/* $OpenBSD: misc.c,v 1.104 2016/04/06 06:42:17 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	* Copyright (c) 2005,2006 Damien Miller. All rights reserved.	4	* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -1144,3 +1144,41 @@ sock_set_v6only(int s)
1144	error("setsockopt IPV6_V6ONLY: %s", strerror(errno));	1144	error("setsockopt IPV6_V6ONLY: %s", strerror(errno));
1145	#endif	1145	#endif
1146	}	1146	}
		1147
		1148	/*
		1149	* Compares two strings that maybe be NULL. Returns non-zero if strings
		1150	* are both NULL or are identical, returns zero otherwise.
		1151	*/
		1152	static int
		1153	strcmp_maybe_null(const char a, const char b)
		1154	{
		1155	if ((a == NULL && b != NULL) \|\| (a != NULL && b == NULL))
		1156	return 0;
		1157	if (a != NULL && strcmp(a, b) != 0)
		1158	return 0;
		1159	return 1;
		1160	}
		1161
		1162	/*
		1163	* Compare two forwards, returning non-zero if they are identical or
		1164	* zero otherwise.
		1165	*/
		1166	int
		1167	forward_equals(const struct Forward a, const struct Forward b)
		1168	{
		1169	if (strcmp_maybe_null(a->listen_host, b->listen_host) == 0)
		1170	return 0;
		1171	if (a->listen_port != b->listen_port)
		1172	return 0;
		1173	if (strcmp_maybe_null(a->listen_path, b->listen_path) == 0)
		1174	return 0;
		1175	if (strcmp_maybe_null(a->connect_host, b->connect_host) == 0)
		1176	return 0;
		1177	if (a->connect_port != b->connect_port)
		1178	return 0;
		1179	if (strcmp_maybe_null(a->connect_path, b->connect_path) == 0)
		1180	return 0;
		1181	/* allocated_port and handle are not checked */
		1182	return 1;
		1183	}
		1184


diff --git a/misc.h b/misc.h index 434e06c01..01432ba8b 100644 --- a/misc.h +++ b/misc.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: misc.h,v 1.55 2016/03/02 22:42:40 dtucker Exp $ */	1	/* $OpenBSD: misc.h,v 1.56 2016/04/06 06:42:17 djm Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -27,6 +27,8 @@ struct Forward {
27	int handle; /* Handle for dynamic listen ports */	27	int handle; /* Handle for dynamic listen ports */
28	};	28	};
29		29
		30	int forward_equals(const struct Forward , const struct Forward );
		31
30	/* Common server and client forwarding options. */	32	/* Common server and client forwarding options. */
31	struct ForwardOptions {	33	struct ForwardOptions {
32	int gateway_ports; /* Allow remote connects to forwarded ports. */	34	int gateway_ports; /* Allow remote connects to forwarded ports. */


diff --git a/readconf.c b/readconf.c index 69d4553af..c692f7dd2 100644 --- a/readconf.c +++ b/readconf.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: readconf.c,v 1.250 2016/02/08 23:40:12 djm Exp $ */	1	/* $OpenBSD: readconf.c,v 1.251 2016/04/06 06:42:17 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -294,12 +294,19 @@ void
294	add_local_forward(Options options, const struct Forward newfwd)	294	add_local_forward(Options options, const struct Forward newfwd)
295	{	295	{
296	struct Forward *fwd;	296	struct Forward *fwd;
		297	int i;
297	#ifndef NO_IPPORT_RESERVED_CONCEPT	298	#ifndef NO_IPPORT_RESERVED_CONCEPT
298	extern uid_t original_real_uid;	299	extern uid_t original_real_uid;
		300
299	if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 &&	301	if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 &&
300	newfwd->listen_path == NULL)	302	newfwd->listen_path == NULL)
301	fatal("Privileged ports can only be forwarded by root.");	303	fatal("Privileged ports can only be forwarded by root.");
302	#endif	304	#endif
		305	/* Don't add duplicates */
		306	for (i = 0; i < options->num_local_forwards; i++) {
		307	if (forward_equals(newfwd, options->local_forwards + i))
		308	return;
		309	}
303	options->local_forwards = xreallocarray(options->local_forwards,	310	options->local_forwards = xreallocarray(options->local_forwards,
304	options->num_local_forwards + 1,	311	options->num_local_forwards + 1,
305	sizeof(*options->local_forwards));	312	sizeof(*options->local_forwards));
@@ -322,7 +329,13 @@ void
322	add_remote_forward(Options options, const struct Forward newfwd)	329	add_remote_forward(Options options, const struct Forward newfwd)
323	{	330	{
324	struct Forward *fwd;	331	struct Forward *fwd;
		332	int i;
325		333
		334	/* Don't add duplicates */
		335	for (i = 0; i < options->num_remote_forwards; i++) {
		336	if (forward_equals(newfwd, options->remote_forwards + i))
		337	return;
		338	}
326	options->remote_forwards = xreallocarray(options->remote_forwards,	339	options->remote_forwards = xreallocarray(options->remote_forwards,
327	options->num_remote_forwards + 1,	340	options->num_remote_forwards + 1,
328	sizeof(*options->remote_forwards));	341	sizeof(*options->remote_forwards));