diff options
author | Damien Miller <djm@mindrot.org> | 2010-06-26 09:50:30 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-06-26 09:50:30 +1000 |
commit | 232cfb1b1d0dccee68b1d433e0b4e1aa74919fc9 (patch) | |
tree | 80907fc629d104e69a7886cff390cabfba077e7b /channels.c | |
parent | d834d3583427981a395f8fc53346f9473b2e902c (diff) |
- djm@cvs.openbsd.org 2010/06/25 07:14:46
[channels.c mux.c readconf.c readconf.h ssh.h]
bz#1327: remove hardcoded limit of 100 permitopen clauses and port
forwards per direction; ok markus@ stevesk@
Diffstat (limited to 'channels.c')
-rw-r--r-- | channels.c | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/channels.c b/channels.c index 0f750c4d4..2f2798ddd 100644 --- a/channels.c +++ b/channels.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.c,v 1.304 2010/05/14 23:29:23 djm Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.305 2010/06/25 07:14:45 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -114,10 +114,10 @@ typedef struct { | |||
114 | } ForwardPermission; | 114 | } ForwardPermission; |
115 | 115 | ||
116 | /* List of all permitted host/port pairs to connect by the user. */ | 116 | /* List of all permitted host/port pairs to connect by the user. */ |
117 | static ForwardPermission permitted_opens[SSH_MAX_FORWARDS_PER_DIRECTION]; | 117 | static ForwardPermission *permitted_opens = NULL; |
118 | 118 | ||
119 | /* List of all permitted host/port pairs to connect by the admin. */ | 119 | /* List of all permitted host/port pairs to connect by the admin. */ |
120 | static ForwardPermission permitted_adm_opens[SSH_MAX_FORWARDS_PER_DIRECTION]; | 120 | static ForwardPermission *permitted_adm_opens = NULL; |
121 | 121 | ||
122 | /* Number of permitted host/port pairs in the array permitted by the user. */ | 122 | /* Number of permitted host/port pairs in the array permitted by the user. */ |
123 | static int num_permitted_opens = 0; | 123 | static int num_permitted_opens = 0; |
@@ -2838,10 +2838,6 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port, | |||
2838 | { | 2838 | { |
2839 | int type, success = 0; | 2839 | int type, success = 0; |
2840 | 2840 | ||
2841 | /* Record locally that connection to this host/port is permitted. */ | ||
2842 | if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) | ||
2843 | fatal("channel_request_remote_forwarding: too many forwards"); | ||
2844 | |||
2845 | /* Send the forward request to the remote side. */ | 2841 | /* Send the forward request to the remote side. */ |
2846 | if (compat20) { | 2842 | if (compat20) { |
2847 | const char *address_to_bind; | 2843 | const char *address_to_bind; |
@@ -2891,6 +2887,9 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port, | |||
2891 | } | 2887 | } |
2892 | } | 2888 | } |
2893 | if (success) { | 2889 | if (success) { |
2890 | /* Record that connection to this host/port is permitted. */ | ||
2891 | permitted_opens = xrealloc(permitted_opens, | ||
2892 | num_permitted_opens + 1, sizeof(*permitted_opens)); | ||
2894 | permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); | 2893 | permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); |
2895 | permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; | 2894 | permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; |
2896 | permitted_opens[num_permitted_opens].listen_port = listen_port; | 2895 | permitted_opens[num_permitted_opens].listen_port = listen_port; |
@@ -2988,10 +2987,10 @@ channel_permit_all_opens(void) | |||
2988 | void | 2987 | void |
2989 | channel_add_permitted_opens(char *host, int port) | 2988 | channel_add_permitted_opens(char *host, int port) |
2990 | { | 2989 | { |
2991 | if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) | ||
2992 | fatal("channel_add_permitted_opens: too many forwards"); | ||
2993 | debug("allow port forwarding to host %s port %d", host, port); | 2990 | debug("allow port forwarding to host %s port %d", host, port); |
2994 | 2991 | ||
2992 | permitted_opens = xrealloc(permitted_opens, | ||
2993 | num_permitted_opens + 1, sizeof(*permitted_opens)); | ||
2995 | permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host); | 2994 | permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host); |
2996 | permitted_opens[num_permitted_opens].port_to_connect = port; | 2995 | permitted_opens[num_permitted_opens].port_to_connect = port; |
2997 | num_permitted_opens++; | 2996 | num_permitted_opens++; |
@@ -3002,10 +3001,10 @@ channel_add_permitted_opens(char *host, int port) | |||
3002 | int | 3001 | int |
3003 | channel_add_adm_permitted_opens(char *host, int port) | 3002 | channel_add_adm_permitted_opens(char *host, int port) |
3004 | { | 3003 | { |
3005 | if (num_adm_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) | ||
3006 | fatal("channel_add_adm_permitted_opens: too many forwards"); | ||
3007 | debug("config allows port forwarding to host %s port %d", host, port); | 3004 | debug("config allows port forwarding to host %s port %d", host, port); |
3008 | 3005 | ||
3006 | permitted_adm_opens = xrealloc(permitted_adm_opens, | ||
3007 | num_adm_permitted_opens + 1, sizeof(*permitted_adm_opens)); | ||
3009 | permitted_adm_opens[num_adm_permitted_opens].host_to_connect | 3008 | permitted_adm_opens[num_adm_permitted_opens].host_to_connect |
3010 | = xstrdup(host); | 3009 | = xstrdup(host); |
3011 | permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port; | 3010 | permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port; |
@@ -3020,6 +3019,10 @@ channel_clear_permitted_opens(void) | |||
3020 | for (i = 0; i < num_permitted_opens; i++) | 3019 | for (i = 0; i < num_permitted_opens; i++) |
3021 | if (permitted_opens[i].host_to_connect != NULL) | 3020 | if (permitted_opens[i].host_to_connect != NULL) |
3022 | xfree(permitted_opens[i].host_to_connect); | 3021 | xfree(permitted_opens[i].host_to_connect); |
3022 | if (num_permitted_opens > 0) { | ||
3023 | xfree(permitted_opens); | ||
3024 | permitted_opens = NULL; | ||
3025 | } | ||
3023 | num_permitted_opens = 0; | 3026 | num_permitted_opens = 0; |
3024 | } | 3027 | } |
3025 | 3028 | ||
@@ -3031,6 +3034,10 @@ channel_clear_adm_permitted_opens(void) | |||
3031 | for (i = 0; i < num_adm_permitted_opens; i++) | 3034 | for (i = 0; i < num_adm_permitted_opens; i++) |
3032 | if (permitted_adm_opens[i].host_to_connect != NULL) | 3035 | if (permitted_adm_opens[i].host_to_connect != NULL) |
3033 | xfree(permitted_adm_opens[i].host_to_connect); | 3036 | xfree(permitted_adm_opens[i].host_to_connect); |
3037 | if (num_adm_permitted_opens > 0) { | ||
3038 | xfree(permitted_adm_opens); | ||
3039 | permitted_adm_opens = NULL; | ||
3040 | } | ||
3034 | num_adm_permitted_opens = 0; | 3041 | num_adm_permitted_opens = 0; |
3035 | } | 3042 | } |
3036 | 3043 | ||