diff options
author | Damien Miller <djm@mindrot.org> | 2014-07-04 08:59:41 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-07-04 08:59:41 +1000 |
commit | 602943d1179a08dfa70af94f62296ea5e3d6ebb8 (patch) | |
tree | 6da348f13d2130d4bd4702b083f530baaf732bdf | |
parent | 6b37fbb7921d156b31e2c8f39d9e1b6746c34983 (diff) |
- djm@cvs.openbsd.org 2014/07/03 22:33:41
[channels.c]
allow explicit ::1 and 127.0.0.1 forwarding bind addresses when
GatewayPorts=no; allows client to choose address family;
bz#2222 ok markus@
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | channels.c | 18 |
2 files changed, 20 insertions, 3 deletions
@@ -10,6 +10,11 @@ | |||
10 | [sshconnect.c] | 10 | [sshconnect.c] |
11 | when rekeying, skip file/DNS lookup if it is the same as the key sent | 11 | when rekeying, skip file/DNS lookup if it is the same as the key sent |
12 | during initial key exchange. bz#2154 patch from Iain Morgan; ok markus@ | 12 | during initial key exchange. bz#2154 patch from Iain Morgan; ok markus@ |
13 | - djm@cvs.openbsd.org 2014/07/03 22:33:41 | ||
14 | [channels.c] | ||
15 | allow explicit ::1 and 127.0.0.1 forwarding bind addresses when | ||
16 | GatewayPorts=no; allows client to choose address family; | ||
17 | bz#2222 ok markus@ | ||
13 | 18 | ||
14 | 20140703 | 19 | 20140703 |
15 | - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto | 20 | - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto |
diff --git a/channels.c b/channels.c index 7d0439e68..dc69d8072 100644 --- a/channels.c +++ b/channels.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.c,v 1.333 2014/06/27 16:41:56 markus Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.334 2014/07/03 22:33:41 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -2701,6 +2701,7 @@ channel_set_af(int af) | |||
2701 | * "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR | 2701 | * "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR |
2702 | * "" (empty string), "*" -> wildcard v4/v6 | 2702 | * "" (empty string), "*" -> wildcard v4/v6 |
2703 | * "localhost" -> loopback v4/v6 | 2703 | * "localhost" -> loopback v4/v6 |
2704 | * "127.0.0.1" / "::1" -> accepted even if gateway_ports isn't set | ||
2704 | */ | 2705 | */ |
2705 | static const char * | 2706 | static const char * |
2706 | channel_fwd_bind_addr(const char *listen_addr, int *wildcardp, | 2707 | channel_fwd_bind_addr(const char *listen_addr, int *wildcardp, |
@@ -2730,9 +2731,20 @@ channel_fwd_bind_addr(const char *listen_addr, int *wildcardp, | |||
2730 | "\"%s\" overridden by server " | 2731 | "\"%s\" overridden by server " |
2731 | "GatewayPorts", listen_addr); | 2732 | "GatewayPorts", listen_addr); |
2732 | } | 2733 | } |
2733 | } | 2734 | } else if (strcmp(listen_addr, "localhost") != 0 || |
2734 | else if (strcmp(listen_addr, "localhost") != 0) | 2735 | strcmp(listen_addr, "127.0.0.1") == 0 || |
2736 | strcmp(listen_addr, "::1") == 0) { | ||
2737 | /* Accept localhost address when GatewayPorts=yes */ | ||
2735 | addr = listen_addr; | 2738 | addr = listen_addr; |
2739 | } | ||
2740 | } else if (strcmp(listen_addr, "127.0.0.1") == 0 || | ||
2741 | strcmp(listen_addr, "::1") == 0) { | ||
2742 | /* | ||
2743 | * If a specific IPv4/IPv6 localhost address has been | ||
2744 | * requested then accept it even if gateway_ports is in | ||
2745 | * effect. This allows the client to prefer IPv4 or IPv6. | ||
2746 | */ | ||
2747 | addr = listen_addr; | ||
2736 | } | 2748 | } |
2737 | if (wildcardp != NULL) | 2749 | if (wildcardp != NULL) |
2738 | *wildcardp = wildcard; | 2750 | *wildcardp = wildcard; |