4 files changed, 16 insertions, 7 deletions

diff --git a/misc.c b/misc.c
index 9421b4d39..07d4179e4 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.105 2016/07/15 00:24:30 djm Exp $ */
+/* $OpenBSD: misc.c,v 1.106 2016/10/23 22:04:05 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -1243,3 +1243,11 @@ forward_equals(const struct Forward *a, const struct Forward *b)
         return 1;
 }
 
+/* returns 1 if bind to specified port by specified user is permitted */
+int
+bind_permitted(int port, uid_t uid)
+{
+        if (port < IPPORT_RESERVED && uid != 0)
+                return 0;
+        return 1;
+}
diff --git a/misc.h b/misc.h
index 8f954198b..3578e8ef5 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.59 2016/09/12 01:22:38 deraadt Exp $ */
+/* $OpenBSD: misc.h,v 1.60 2016/10/23 22:04:05 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -30,6 +30,7 @@ struct Forward {
 };
 
 int forward_equals(const struct Forward *, const struct Forward *);
+int bind_permitted(int, uid_t);
 
 /* Common server and client forwarding options. */
 struct ForwardOptions {
diff --git a/readconf.c b/readconf.c
index 351a22c32..1be564856 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.260 2016/08/25 23:56:51 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.261 2016/10/23 22:04:05 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -312,7 +312,7 @@ add_local_forward(Options *options, const struct Forward *newfwd)
         extern uid_t original_real_uid;
         int i;
 
-        if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 &&
+        if (bind_permitted(newfwd->listen_port, original_real_uid) &&
             newfwd->listen_path == NULL)
                 fatal("Privileged ports can only be forwarded by root.");
         /* Don't add duplicates */
diff --git a/serverloop.c b/serverloop.c
index 87e619fe4..4a9a16d41 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.186 2016/09/12 01:22:38 deraadt Exp $ */
+/* $OpenBSD: serverloop.c,v 1.187 2016/10/23 22:04:05 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -724,8 +724,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
                 if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
                     no_port_forwarding_flag ||
                     (!want_reply && fwd.listen_port == 0) ||
-                    (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED &&
-                    pw->pw_uid != 0)) {
+                    (fwd.listen_port != 0 &&
+                     !bind_permitted(fwd.listen_port, pw->pw_uid))) {
                         success = 0;
                         packet_send_debug("Server has disabled port forwarding.");
                 } else {