summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--serverloop.c11
2 files changed, 11 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index d8f8f2610..e296e0441 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,10 @@
10 support remote port forwarding with a zero listen port (-R0:...) to 10 support remote port forwarding with a zero listen port (-R0:...) to
11 dyamically allocate a listen port at runtime (this is actually 11 dyamically allocate a listen port at runtime (this is actually
12 specified in rfc4254); bz#1003 ok markus@ 12 specified in rfc4254); bz#1003 ok markus@
13 - djm@cvs.openbsd.org 2009/02/12 03:16:01
14 [serverloop.c]
15 tighten check for -R0:... forwarding: only allow dynamic allocation
16 if want_reply is set in the packet
13 17
1420090212 1820090212
15 - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically 19 - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically
@@ -5136,5 +5140,5 @@
5136 OpenServer 6 and add osr5bigcrypt support so when someone migrates 5140 OpenServer 6 and add osr5bigcrypt support so when someone migrates
5137 passwords between UnixWare and OpenServer they will still work. OK dtucker@ 5141 passwords between UnixWare and OpenServer they will still work. OK dtucker@
5138 5142
5139$Id: ChangeLog,v 1.5187 2009/02/14 05:28:21 djm Exp $ 5143$Id: ChangeLog,v 1.5188 2009/02/14 05:33:09 djm Exp $
5140 5144
diff --git a/serverloop.c b/serverloop.c
index 6244ad71c..81cafe6ad 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: serverloop.c,v 1.156 2009/02/12 03:00:56 djm Exp $ */ 1/* $OpenBSD: serverloop.c,v 1.157 2009/02/12 03:16:01 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1117,10 +1117,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
1117 1117
1118 /* check permissions */ 1118 /* check permissions */
1119 if (!options.allow_tcp_forwarding || 1119 if (!options.allow_tcp_forwarding ||
1120 no_port_forwarding_flag 1120 no_port_forwarding_flag ||
1121 (!want_reply && listen_port == 0)
1121#ifndef NO_IPPORT_RESERVED_CONCEPT 1122#ifndef NO_IPPORT_RESERVED_CONCEPT
1122 || (listen_port != 0 && 1123 || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
1123 listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
1124#endif 1124#endif
1125 ) { 1125 ) {
1126 success = 0; 1126 success = 0;
@@ -1128,7 +1128,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
1128 } else { 1128 } else {
1129 /* Start listening on the port */ 1129 /* Start listening on the port */
1130 success = channel_setup_remote_fwd_listener( 1130 success = channel_setup_remote_fwd_listener(
1131 listen_address, listen_port, options.gateway_ports); 1131 listen_address, listen_port,
1132 &allocated_listen_port, options.gateway_ports);
1132 } 1133 }
1133 xfree(listen_address); 1134 xfree(listen_address);
1134 } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { 1135 } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {