diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | serverloop.c | 11 |
2 files changed, 11 insertions, 6 deletions
| @@ -10,6 +10,10 @@ | |||
| 10 | support remote port forwarding with a zero listen port (-R0:...) to | 10 | support remote port forwarding with a zero listen port (-R0:...) to |
| 11 | dyamically allocate a listen port at runtime (this is actually | 11 | dyamically allocate a listen port at runtime (this is actually |
| 12 | specified in rfc4254); bz#1003 ok markus@ | 12 | specified in rfc4254); bz#1003 ok markus@ |
| 13 | - djm@cvs.openbsd.org 2009/02/12 03:16:01 | ||
| 14 | [serverloop.c] | ||
| 15 | tighten check for -R0:... forwarding: only allow dynamic allocation | ||
| 16 | if want_reply is set in the packet | ||
| 13 | 17 | ||
| 14 | 20090212 | 18 | 20090212 |
| 15 | - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically | 19 | - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically |
| @@ -5136,5 +5140,5 @@ | |||
| 5136 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 5140 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
| 5137 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 5141 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
| 5138 | 5142 | ||
| 5139 | $Id: ChangeLog,v 1.5187 2009/02/14 05:28:21 djm Exp $ | 5143 | $Id: ChangeLog,v 1.5188 2009/02/14 05:33:09 djm Exp $ |
| 5140 | 5144 | ||
diff --git a/serverloop.c b/serverloop.c index 6244ad71c..81cafe6ad 100644 --- a/serverloop.c +++ b/serverloop.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: serverloop.c,v 1.156 2009/02/12 03:00:56 djm Exp $ */ | 1 | /* $OpenBSD: serverloop.c,v 1.157 2009/02/12 03:16:01 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -1117,10 +1117,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) | |||
| 1117 | 1117 | ||
| 1118 | /* check permissions */ | 1118 | /* check permissions */ |
| 1119 | if (!options.allow_tcp_forwarding || | 1119 | if (!options.allow_tcp_forwarding || |
| 1120 | no_port_forwarding_flag | 1120 | no_port_forwarding_flag || |
| 1121 | (!want_reply && listen_port == 0) | ||
| 1121 | #ifndef NO_IPPORT_RESERVED_CONCEPT | 1122 | #ifndef NO_IPPORT_RESERVED_CONCEPT |
| 1122 | || (listen_port != 0 && | 1123 | || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0) |
| 1123 | listen_port < IPPORT_RESERVED && pw->pw_uid != 0) | ||
| 1124 | #endif | 1124 | #endif |
| 1125 | ) { | 1125 | ) { |
| 1126 | success = 0; | 1126 | success = 0; |
| @@ -1128,7 +1128,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) | |||
| 1128 | } else { | 1128 | } else { |
| 1129 | /* Start listening on the port */ | 1129 | /* Start listening on the port */ |
| 1130 | success = channel_setup_remote_fwd_listener( | 1130 | success = channel_setup_remote_fwd_listener( |
| 1131 | listen_address, listen_port, options.gateway_ports); | 1131 | listen_address, listen_port, |
| 1132 | &allocated_listen_port, options.gateway_ports); | ||
| 1132 | } | 1133 | } |
| 1133 | xfree(listen_address); | 1134 | xfree(listen_address); |
| 1134 | } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { | 1135 | } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { |