6 files changed, 48 insertions, 32 deletions
diff --git a/ChangeLog b/ChangeLog
index d0f45b078..cac82b47d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -53,6 +53,10 @@
   - djm@cvs.openbsd.org 2010/06/23 02:59:02
     [ssh-keygen.c]
     fix printing of extensions in v01 certificates that I broke in r1.190
+   - djm@cvs.openbsd.org 2010/06/25 07:14:46
+     [channels.c mux.c readconf.c readconf.h ssh.h]
+     bz#1327: remove hardcoded limit of 100 permitopen clauses and port
+     forwards per direction; ok markus@ stevesk@
 20100622
 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
diff --git a/channels.c b/channels.c
index 0f750c4d4..2f2798ddd 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.304 2010/05/14 23:29:23 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.305 2010/06/25 07:14:45 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -114,10 +114,10 @@ typedef struct {
 } ForwardPermission;
 /* List of all permitted host/port pairs to connect by the user. */
-static ForwardPermission permitted_opens[SSH_MAX_FORWARDS_PER_DIRECTION];
+static ForwardPermission *permitted_opens = NULL;
 /* List of all permitted host/port pairs to connect by the admin. */
-static ForwardPermission permitted_adm_opens[SSH_MAX_FORWARDS_PER_DIRECTION];
+static ForwardPermission *permitted_adm_opens = NULL;
 /* Number of permitted host/port pairs in the array permitted by the user. */
 static int num_permitted_opens = 0;
@@ -2838,10 +2838,6 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
 {
        int type, success = 0;
-        /* Record locally that connection to this host/port is permitted. */
-        if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
-                fatal("channel_request_remote_forwarding: too many forwards");
        /* Send the forward request to the remote side. */
        if (compat20) {
                const char *address_to_bind;
@@ -2891,6 +2887,9 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
                }
        }
        if (success) {
+                /* Record that connection to this host/port is permitted. */
+                permitted_opens = xrealloc(permitted_opens,
+                    num_permitted_opens + 1, sizeof(*permitted_opens));
                permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect);
                permitted_opens[num_permitted_opens].port_to_connect = port_to_connect;
                permitted_opens[num_permitted_opens].listen_port = listen_port;
@@ -2988,10 +2987,10 @@ channel_permit_all_opens(void)
 void
 channel_add_permitted_opens(char *host, int port)
 {
-        if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
-                fatal("channel_add_permitted_opens: too many forwards");
        debug("allow port forwarding to host %s port %d", host, port);
+        permitted_opens = xrealloc(permitted_opens,
+            num_permitted_opens + 1, sizeof(*permitted_opens));
        permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host);
        permitted_opens[num_permitted_opens].port_to_connect = port;
        num_permitted_opens++;
@@ -3002,10 +3001,10 @@ channel_add_permitted_opens(char *host, int port)
 int
 channel_add_adm_permitted_opens(char *host, int port)
 {
-        if (num_adm_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
-                fatal("channel_add_adm_permitted_opens: too many forwards");
        debug("config allows port forwarding to host %s port %d", host, port);
+        permitted_adm_opens = xrealloc(permitted_adm_opens,
+            num_adm_permitted_opens + 1, sizeof(*permitted_adm_opens));
        permitted_adm_opens[num_adm_permitted_opens].host_to_connect
             = xstrdup(host);
        permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port;
@@ -3020,6 +3019,10 @@ channel_clear_permitted_opens(void)
        for (i = 0; i < num_permitted_opens; i++)
                if (permitted_opens[i].host_to_connect != NULL)
                        xfree(permitted_opens[i].host_to_connect);
+        if (num_permitted_opens > 0) {
+                xfree(permitted_opens);
+                permitted_opens = NULL;
+        }
        num_permitted_opens = 0;
 }
@@ -3031,6 +3034,10 @@ channel_clear_adm_permitted_opens(void)
        for (i = 0; i < num_adm_permitted_opens; i++)
                if (permitted_adm_opens[i].host_to_connect != NULL)
                        xfree(permitted_adm_opens[i].host_to_connect);
+        if (num_adm_permitted_opens > 0) {
+                xfree(permitted_adm_opens);
+                permitted_adm_opens = NULL;
+        }
        num_adm_permitted_opens = 0;
 }
diff --git a/mux.c b/mux.c
index 70c8d2ade..fdf0385e0 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.19 2010/06/17 07:07:30 djm Exp $ */
+/* $OpenBSD: mux.c,v 1.20 2010/06/25 07:14:46 djm Exp $ */
 /*
 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
 *
@@ -727,9 +727,7 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
        }
        if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) {
-                if (options.num_local_forwards + 1 >=
+                if (channel_setup_local_fwd_listener(fwd.listen_host,
-                    SSH_MAX_FORWARDS_PER_DIRECTION ||
-                    channel_setup_local_fwd_listener(fwd.listen_host,
                    fwd.listen_port, fwd.connect_host, fwd.connect_port,
                    options.gateway_ports) < 0) {
 fail:
@@ -744,16 +742,14 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
        } else {
                struct mux_channel_confirm_ctx *fctx;
-                if (options.num_remote_forwards + 1 >=
+                if (channel_request_remote_forwarding(fwd.listen_host,
-                    SSH_MAX_FORWARDS_PER_DIRECTION ||
-                    channel_request_remote_forwarding(fwd.listen_host,
                    fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0)
                        goto fail;
                add_remote_forward(&options, &fwd);
                fctx = xcalloc(1, sizeof(*fctx));
                fctx->cid = c->self;
                fctx->rid = rid;
-                fctx->fid = options.num_remote_forwards-1;
+                fctx->fid = options.num_remote_forwards - 1;
                client_register_global_confirm(mux_confirm_remote_forward,
                    fctx);
                freefwd = 0;
diff --git a/readconf.c b/readconf.c
index 4bc98b77e..aae9cef4b 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.184 2010/05/16 12:55:51 markus Exp $ */
+/* $OpenBSD: readconf.c,v 1.185 2010/06/25 07:14:46 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -255,8 +255,9 @@ add_local_forward(Options *options, const Forward *newfwd)
        if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)
                fatal("Privileged ports can only be forwarded by root.");
 #endif
-        if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
+        options->local_forwards = xrealloc(options->local_forwards,
-                fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
+            options->num_local_forwards + 1,
+            sizeof(*options->local_forwards));
        fwd = &options->local_forwards[options->num_local_forwards++];
        fwd->listen_host = newfwd->listen_host;
@@ -274,9 +275,10 @@ void
 add_remote_forward(Options *options, const Forward *newfwd)
 {
        Forward *fwd;
-        if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
-                fatal("Too many remote forwards (max %d).",
+        options->remote_forwards = xrealloc(options->remote_forwards,
-                    SSH_MAX_FORWARDS_PER_DIRECTION);
+            options->num_remote_forwards + 1,
+            sizeof(*options->remote_forwards));
        fwd = &options->remote_forwards[options->num_remote_forwards++];
        fwd->listen_host = newfwd->listen_host;
@@ -296,12 +298,20 @@ clear_forwardings(Options *options)
                        xfree(options->local_forwards[i].listen_host);
                xfree(options->local_forwards[i].connect_host);
        }
+        if (options->num_local_forwards > 0) {
+                xfree(options->local_forwards);
+                options->local_forwards = NULL;
+        }
        options->num_local_forwards = 0;
        for (i = 0; i < options->num_remote_forwards; i++) {
                if (options->remote_forwards[i].listen_host != NULL)
                        xfree(options->remote_forwards[i].listen_host);
                xfree(options->remote_forwards[i].connect_host);
        }
+        if (options->num_remote_forwards > 0) {
+                xfree(options->remote_forwards);
+                options->remote_forwards = NULL;
+        }
        options->num_remote_forwards = 0;
        options->tun_open = SSH_TUNMODE_NO;
 }
@@ -1048,7 +1058,9 @@ initialize_options(Options * options)
        options->user_hostfile = NULL;
        options->system_hostfile2 = NULL;
        options->user_hostfile2 = NULL;
+        options->local_forwards = NULL;
        options->num_local_forwards = 0;
+        options->remote_forwards = NULL;
        options->num_remote_forwards = 0;
        options->clear_forwardings = -1;
        options->log_level = SYSLOG_LEVEL_NOT_SET;
diff --git a/readconf.h b/readconf.h
index 4fb29e2fa..3c8eae9d2 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.83 2010/05/16 12:55:51 markus Exp $ */
+/* $OpenBSD: readconf.h,v 1.84 2010/06/25 07:14:46 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -94,11 +94,11 @@ typedef struct {
        /* Local TCP/IP forward requests. */
        int     num_local_forwards;
-        Forward local_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
+        Forward *local_forwards;
        /* Remote TCP/IP forward requests. */
        int     num_remote_forwards;
-        Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
+        Forward *remote_forwards;
        int     clear_forwardings;
        int     enable_ssh_keysign;
diff --git a/ssh.h b/ssh.h
index 186cfff96..c94633bdc 100644
--- a/ssh.h
+++ b/ssh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.h,v 1.78 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: ssh.h,v 1.79 2010/06/25 07:14:46 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,9 +18,6 @@
 /* Default port number. */
 #define SSH_DEFAULT_PORT        22
-/* Maximum number of TCP/IP ports forwarded per direction. */
-#define SSH_MAX_FORWARDS_PER_DIRECTION  100
 /*
 * Maximum number of RSA authentication identity files that can be specified
 * in configuration files or on the command line.

diff --git a/ChangeLog b/ChangeLog index d0f45b078..cac82b47d 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -53,6 +53,10 @@
53	- djm@cvs.openbsd.org 2010/06/23 02:59:02	53	- djm@cvs.openbsd.org 2010/06/23 02:59:02
54	[ssh-keygen.c]	54	[ssh-keygen.c]
55	fix printing of extensions in v01 certificates that I broke in r1.190	55	fix printing of extensions in v01 certificates that I broke in r1.190
		56	- djm@cvs.openbsd.org 2010/06/25 07:14:46
		57	[channels.c mux.c readconf.c readconf.h ssh.h]
		58	bz#1327: remove hardcoded limit of 100 permitopen clauses and port
		59	forwards per direction; ok markus@ stevesk@
56		60
57	20100622	61	20100622
58	- (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512	62	- (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512


diff --git a/channels.c b/channels.c index 0f750c4d4..2f2798ddd 100644 --- a/channels.c +++ b/channels.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: channels.c,v 1.304 2010/05/14 23:29:23 djm Exp $ */	1	/* $OpenBSD: channels.c,v 1.305 2010/06/25 07:14:45 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -114,10 +114,10 @@ typedef struct {
114	} ForwardPermission;	114	} ForwardPermission;
115		115
116	/* List of all permitted host/port pairs to connect by the user. */	116	/* List of all permitted host/port pairs to connect by the user. */
117	static ForwardPermission permitted_opens[SSH_MAX_FORWARDS_PER_DIRECTION];	117	static ForwardPermission *permitted_opens = NULL;
118		118
119	/* List of all permitted host/port pairs to connect by the admin. */	119	/* List of all permitted host/port pairs to connect by the admin. */
120	static ForwardPermission permitted_adm_opens[SSH_MAX_FORWARDS_PER_DIRECTION];	120	static ForwardPermission *permitted_adm_opens = NULL;
121		121
122	/* Number of permitted host/port pairs in the array permitted by the user. */	122	/* Number of permitted host/port pairs in the array permitted by the user. */
123	static int num_permitted_opens = 0;	123	static int num_permitted_opens = 0;
@@ -2838,10 +2838,6 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
2838	{	2838	{
2839	int type, success = 0;	2839	int type, success = 0;
2840		2840
2841	/* Record locally that connection to this host/port is permitted. */
2842	if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
2843	fatal("channel_request_remote_forwarding: too many forwards");
2844
2845	/* Send the forward request to the remote side. */	2841	/* Send the forward request to the remote side. */
2846	if (compat20) {	2842	if (compat20) {
2847	const char *address_to_bind;	2843	const char *address_to_bind;
@@ -2891,6 +2887,9 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
2891	}	2887	}
2892	}	2888	}
2893	if (success) {	2889	if (success) {
		2890	/* Record that connection to this host/port is permitted. */
		2891	permitted_opens = xrealloc(permitted_opens,
		2892	num_permitted_opens + 1, sizeof(*permitted_opens));
2894	permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect);	2893	permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect);
2895	permitted_opens[num_permitted_opens].port_to_connect = port_to_connect;	2894	permitted_opens[num_permitted_opens].port_to_connect = port_to_connect;
2896	permitted_opens[num_permitted_opens].listen_port = listen_port;	2895	permitted_opens[num_permitted_opens].listen_port = listen_port;
@@ -2988,10 +2987,10 @@ channel_permit_all_opens(void)
2988	void	2987	void
2989	channel_add_permitted_opens(char *host, int port)	2988	channel_add_permitted_opens(char *host, int port)
2990	{	2989	{
2991	if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
2992	fatal("channel_add_permitted_opens: too many forwards");
2993	debug("allow port forwarding to host %s port %d", host, port);	2990	debug("allow port forwarding to host %s port %d", host, port);
2994		2991
		2992	permitted_opens = xrealloc(permitted_opens,
		2993	num_permitted_opens + 1, sizeof(*permitted_opens));
2995	permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host);	2994	permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host);
2996	permitted_opens[num_permitted_opens].port_to_connect = port;	2995	permitted_opens[num_permitted_opens].port_to_connect = port;
2997	num_permitted_opens++;	2996	num_permitted_opens++;
@@ -3002,10 +3001,10 @@ channel_add_permitted_opens(char *host, int port)
3002	int	3001	int
3003	channel_add_adm_permitted_opens(char *host, int port)	3002	channel_add_adm_permitted_opens(char *host, int port)
3004	{	3003	{
3005	if (num_adm_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
3006	fatal("channel_add_adm_permitted_opens: too many forwards");
3007	debug("config allows port forwarding to host %s port %d", host, port);	3004	debug("config allows port forwarding to host %s port %d", host, port);
3008		3005
		3006	permitted_adm_opens = xrealloc(permitted_adm_opens,
		3007	num_adm_permitted_opens + 1, sizeof(*permitted_adm_opens));
3009	permitted_adm_opens[num_adm_permitted_opens].host_to_connect	3008	permitted_adm_opens[num_adm_permitted_opens].host_to_connect
3010	= xstrdup(host);	3009	= xstrdup(host);
3011	permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port;	3010	permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port;
@@ -3020,6 +3019,10 @@ channel_clear_permitted_opens(void)
3020	for (i = 0; i < num_permitted_opens; i++)	3019	for (i = 0; i < num_permitted_opens; i++)
3021	if (permitted_opens[i].host_to_connect != NULL)	3020	if (permitted_opens[i].host_to_connect != NULL)
3022	xfree(permitted_opens[i].host_to_connect);	3021	xfree(permitted_opens[i].host_to_connect);
		3022	if (num_permitted_opens > 0) {
		3023	xfree(permitted_opens);
		3024	permitted_opens = NULL;
		3025	}
3023	num_permitted_opens = 0;	3026	num_permitted_opens = 0;
3024	}	3027	}
3025		3028
@@ -3031,6 +3034,10 @@ channel_clear_adm_permitted_opens(void)
3031	for (i = 0; i < num_adm_permitted_opens; i++)	3034	for (i = 0; i < num_adm_permitted_opens; i++)
3032	if (permitted_adm_opens[i].host_to_connect != NULL)	3035	if (permitted_adm_opens[i].host_to_connect != NULL)
3033	xfree(permitted_adm_opens[i].host_to_connect);	3036	xfree(permitted_adm_opens[i].host_to_connect);
		3037	if (num_adm_permitted_opens > 0) {
		3038	xfree(permitted_adm_opens);
		3039	permitted_adm_opens = NULL;
		3040	}
3034	num_adm_permitted_opens = 0;	3041	num_adm_permitted_opens = 0;
3035	}	3042	}
3036		3043


diff --git a/mux.c b/mux.c index 70c8d2ade..fdf0385e0 100644 --- a/mux.c +++ b/mux.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: mux.c,v 1.19 2010/06/17 07:07:30 djm Exp $ */	1	/* $OpenBSD: mux.c,v 1.20 2010/06/25 07:14:46 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>	3	* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
4	*	4	*
@@ -727,9 +727,7 @@ process_mux_open_fwd(u_int rid, Channel c, Buffer m, Buffer *r)
727	}	727	}
728		728
729	if (ftype == MUX_FWD_LOCAL \|\| ftype == MUX_FWD_DYNAMIC) {	729	if (ftype == MUX_FWD_LOCAL \|\| ftype == MUX_FWD_DYNAMIC) {
730	if (options.num_local_forwards + 1 >=	730	if (channel_setup_local_fwd_listener(fwd.listen_host,
731	SSH_MAX_FORWARDS_PER_DIRECTION \|\|
732	channel_setup_local_fwd_listener(fwd.listen_host,
733	fwd.listen_port, fwd.connect_host, fwd.connect_port,	731	fwd.listen_port, fwd.connect_host, fwd.connect_port,
734	options.gateway_ports) < 0) {	732	options.gateway_ports) < 0) {
735	fail:	733	fail:
@@ -744,16 +742,14 @@ process_mux_open_fwd(u_int rid, Channel c, Buffer m, Buffer *r)
744	} else {	742	} else {
745	struct mux_channel_confirm_ctx *fctx;	743	struct mux_channel_confirm_ctx *fctx;
746		744
747	if (options.num_remote_forwards + 1 >=	745	if (channel_request_remote_forwarding(fwd.listen_host,
748	SSH_MAX_FORWARDS_PER_DIRECTION \|\|
749	channel_request_remote_forwarding(fwd.listen_host,
750	fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0)	746	fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0)
751	goto fail;	747	goto fail;
752	add_remote_forward(&options, &fwd);	748	add_remote_forward(&options, &fwd);
753	fctx = xcalloc(1, sizeof(*fctx));	749	fctx = xcalloc(1, sizeof(*fctx));
754	fctx->cid = c->self;	750	fctx->cid = c->self;
755	fctx->rid = rid;	751	fctx->rid = rid;
756	fctx->fid = options.num_remote_forwards-1;	752	fctx->fid = options.num_remote_forwards - 1;
757	client_register_global_confirm(mux_confirm_remote_forward,	753	client_register_global_confirm(mux_confirm_remote_forward,
758	fctx);	754	fctx);
759	freefwd = 0;	755	freefwd = 0;


diff --git a/readconf.c b/readconf.c index 4bc98b77e..aae9cef4b 100644 --- a/readconf.c +++ b/readconf.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: readconf.c,v 1.184 2010/05/16 12:55:51 markus Exp $ */	1	/* $OpenBSD: readconf.c,v 1.185 2010/06/25 07:14:46 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -255,8 +255,9 @@ add_local_forward(Options options, const Forward newfwd)
255	if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)	255	if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)
256	fatal("Privileged ports can only be forwarded by root.");	256	fatal("Privileged ports can only be forwarded by root.");
257	#endif	257	#endif
258	if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)	258	options->local_forwards = xrealloc(options->local_forwards,
259	fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);	259	options->num_local_forwards + 1,
		260	sizeof(*options->local_forwards));
260	fwd = &options->local_forwards[options->num_local_forwards++];	261	fwd = &options->local_forwards[options->num_local_forwards++];
261		262
262	fwd->listen_host = newfwd->listen_host;	263	fwd->listen_host = newfwd->listen_host;
@@ -274,9 +275,10 @@ void
274	add_remote_forward(Options options, const Forward newfwd)	275	add_remote_forward(Options options, const Forward newfwd)
275	{	276	{
276	Forward *fwd;	277	Forward *fwd;
277	if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)	278
278	fatal("Too many remote forwards (max %d).",	279	options->remote_forwards = xrealloc(options->remote_forwards,
279	SSH_MAX_FORWARDS_PER_DIRECTION);	280	options->num_remote_forwards + 1,
		281	sizeof(*options->remote_forwards));
280	fwd = &options->remote_forwards[options->num_remote_forwards++];	282	fwd = &options->remote_forwards[options->num_remote_forwards++];
281		283
282	fwd->listen_host = newfwd->listen_host;	284	fwd->listen_host = newfwd->listen_host;
@@ -296,12 +298,20 @@ clear_forwardings(Options *options)
296	xfree(options->local_forwards[i].listen_host);	298	xfree(options->local_forwards[i].listen_host);
297	xfree(options->local_forwards[i].connect_host);	299	xfree(options->local_forwards[i].connect_host);
298	}	300	}
		301	if (options->num_local_forwards > 0) {
		302	xfree(options->local_forwards);
		303	options->local_forwards = NULL;
		304	}
299	options->num_local_forwards = 0;	305	options->num_local_forwards = 0;
300	for (i = 0; i < options->num_remote_forwards; i++) {	306	for (i = 0; i < options->num_remote_forwards; i++) {
301	if (options->remote_forwards[i].listen_host != NULL)	307	if (options->remote_forwards[i].listen_host != NULL)
302	xfree(options->remote_forwards[i].listen_host);	308	xfree(options->remote_forwards[i].listen_host);
303	xfree(options->remote_forwards[i].connect_host);	309	xfree(options->remote_forwards[i].connect_host);
304	}	310	}
		311	if (options->num_remote_forwards > 0) {
		312	xfree(options->remote_forwards);
		313	options->remote_forwards = NULL;
		314	}
305	options->num_remote_forwards = 0;	315	options->num_remote_forwards = 0;
306	options->tun_open = SSH_TUNMODE_NO;	316	options->tun_open = SSH_TUNMODE_NO;
307	}	317	}
@@ -1048,7 +1058,9 @@ initialize_options(Options * options)
1048	options->user_hostfile = NULL;	1058	options->user_hostfile = NULL;
1049	options->system_hostfile2 = NULL;	1059	options->system_hostfile2 = NULL;
1050	options->user_hostfile2 = NULL;	1060	options->user_hostfile2 = NULL;
		1061	options->local_forwards = NULL;
1051	options->num_local_forwards = 0;	1062	options->num_local_forwards = 0;
		1063	options->remote_forwards = NULL;
1052	options->num_remote_forwards = 0;	1064	options->num_remote_forwards = 0;
1053	options->clear_forwardings = -1;	1065	options->clear_forwardings = -1;
1054	options->log_level = SYSLOG_LEVEL_NOT_SET;	1066	options->log_level = SYSLOG_LEVEL_NOT_SET;


diff --git a/readconf.h b/readconf.h index 4fb29e2fa..3c8eae9d2 100644 --- a/readconf.h +++ b/readconf.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: readconf.h,v 1.83 2010/05/16 12:55:51 markus Exp $ */	1	/* $OpenBSD: readconf.h,v 1.84 2010/06/25 07:14:46 djm Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -94,11 +94,11 @@ typedef struct {
94		94
95	/* Local TCP/IP forward requests. */	95	/* Local TCP/IP forward requests. */
96	int num_local_forwards;	96	int num_local_forwards;
97	Forward local_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];	97	Forward *local_forwards;
98		98
99	/* Remote TCP/IP forward requests. */	99	/* Remote TCP/IP forward requests. */
100	int num_remote_forwards;	100	int num_remote_forwards;
101	Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];	101	Forward *remote_forwards;
102	int clear_forwardings;	102	int clear_forwardings;
103		103
104	int enable_ssh_keysign;	104	int enable_ssh_keysign;


diff --git a/ssh.h b/ssh.h index 186cfff96..c94633bdc 100644 --- a/ssh.h +++ b/ssh.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh.h,v 1.78 2006/08/03 03:34:42 deraadt Exp $ */	1	/* $OpenBSD: ssh.h,v 1.79 2010/06/25 07:14:46 djm Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,9 +18,6 @@
18	/* Default port number. */	18	/* Default port number. */
19	#define SSH_DEFAULT_PORT 22	19	#define SSH_DEFAULT_PORT 22
20		20
21	/* Maximum number of TCP/IP ports forwarded per direction. */
22	#define SSH_MAX_FORWARDS_PER_DIRECTION 100
23
24	/*	21	/*
25	* Maximum number of RSA authentication identity files that can be specified	22	* Maximum number of RSA authentication identity files that can be specified
26	* in configuration files or on the command line.	23	* in configuration files or on the command line.