diff options
| author | Damien Miller <djm@mindrot.org> | 2014-07-04 08:59:41 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-07-04 08:59:41 +1000 |
| commit | 602943d1179a08dfa70af94f62296ea5e3d6ebb8 (patch) | |
| tree | 6da348f13d2130d4bd4702b083f530baaf732bdf /channels.c | |
| parent | 6b37fbb7921d156b31e2c8f39d9e1b6746c34983 (diff) | |
- djm@cvs.openbsd.org 2014/07/03 22:33:41
[channels.c]
allow explicit ::1 and 127.0.0.1 forwarding bind addresses when
GatewayPorts=no; allows client to choose address family;
bz#2222 ok markus@
Diffstat (limited to 'channels.c')
| -rw-r--r-- | channels.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/channels.c b/channels.c index 7d0439e68..dc69d8072 100644 --- a/channels.c +++ b/channels.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: channels.c,v 1.333 2014/06/27 16:41:56 markus Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.334 2014/07/03 22:33:41 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -2701,6 +2701,7 @@ channel_set_af(int af) | |||
| 2701 | * "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR | 2701 | * "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR |
| 2702 | * "" (empty string), "*" -> wildcard v4/v6 | 2702 | * "" (empty string), "*" -> wildcard v4/v6 |
| 2703 | * "localhost" -> loopback v4/v6 | 2703 | * "localhost" -> loopback v4/v6 |
| 2704 | * "127.0.0.1" / "::1" -> accepted even if gateway_ports isn't set | ||
| 2704 | */ | 2705 | */ |
| 2705 | static const char * | 2706 | static const char * |
| 2706 | channel_fwd_bind_addr(const char *listen_addr, int *wildcardp, | 2707 | channel_fwd_bind_addr(const char *listen_addr, int *wildcardp, |
| @@ -2730,9 +2731,20 @@ channel_fwd_bind_addr(const char *listen_addr, int *wildcardp, | |||
| 2730 | "\"%s\" overridden by server " | 2731 | "\"%s\" overridden by server " |
| 2731 | "GatewayPorts", listen_addr); | 2732 | "GatewayPorts", listen_addr); |
| 2732 | } | 2733 | } |
| 2733 | } | 2734 | } else if (strcmp(listen_addr, "localhost") != 0 || |
| 2734 | else if (strcmp(listen_addr, "localhost") != 0) | 2735 | strcmp(listen_addr, "127.0.0.1") == 0 || |
| 2736 | strcmp(listen_addr, "::1") == 0) { | ||
| 2737 | /* Accept localhost address when GatewayPorts=yes */ | ||
| 2735 | addr = listen_addr; | 2738 | addr = listen_addr; |
| 2739 | } | ||
| 2740 | } else if (strcmp(listen_addr, "127.0.0.1") == 0 || | ||
| 2741 | strcmp(listen_addr, "::1") == 0) { | ||
| 2742 | /* | ||
| 2743 | * If a specific IPv4/IPv6 localhost address has been | ||
| 2744 | * requested then accept it even if gateway_ports is in | ||
| 2745 | * effect. This allows the client to prefer IPv4 or IPv6. | ||
| 2746 | */ | ||
| 2747 | addr = listen_addr; | ||
| 2736 | } | 2748 | } |
| 2737 | if (wildcardp != NULL) | 2749 | if (wildcardp != NULL) |
| 2738 | *wildcardp = wildcard; | 2750 | *wildcardp = wildcard; |