2 files changed, 124 insertions, 70 deletions
diff --git a/ChangeLog b/ChangeLog
index e59bf4e9e..0039e9026 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20010412
+ - OpenBSD CVS Sync                            
+   - markus@cvs.openbsd.org 2001/04/10 07:46:58
+     [channels.c]                              
+     cleanup socks4 handling                   
 20010410
 - OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2001/04/08 20:52:55
@@ -4990,4 +4996,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1093 2001/04/10 02:48:50 mouring Exp $
+$Id: ChangeLog,v 1.1094 2001/04/11 15:57:50 mouring Exp $
diff --git a/channels.c b/channels.c
index 0e334db88..008ff64b9 100644
--- a/channels.c
+++ b/channels.c
@@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.103 2001/04/07 08:55:17 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.104 2001/04/10 07:46:58 markus Exp $");
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
@@ -542,88 +542,142 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset)
        }
 }
-#define SSH_SOCKS_HEAD 1+1+2+4
-void
+int
-channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
+channel_decode_helper(Channel *c, int start, int lookfor)
+{
+        u_char *p;
+        int i, have;
+        p = buffer_ptr(&c->input);
+        have = buffer_len(&c->input);
+        debug2("channel %d: decode_helper: start %d have %d lookfor %d",
+            c->self, start, have, lookfor);
+        if (have < start)
+                return 0;
+        for (i = start; i < have; i++) {
+                if (p[i] == lookfor) {
+                        debug2("channel %d: decode_helper: matched at %d",
+                            c->self, i);
+                        if (lookfor == '\0' ||
+                            (i+3 < have &&
+                            p[i+1] == '\n' &&
+                            p[i+2] == '\r' &&
+                            p[i+3] == '\n'))
+                                return i;
+                }
+                if (i > 4096) {
+                        /* the peer is probably sending garbage */
+                        debug("channel %d: decode_helper: too long",
+                            c->self);
+                        return -1;
+                }
+        }
+        return 0;       /* need more */
+}
+/* try to decode a socks4 header */
+int
+channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
 {
        u_char *p, *host;
-        int len, i, done, have;
+        int len, have, ret;
-        char username[256];
+        char username[256];     
        struct {
                u_int8_t version;
                u_int8_t command;
                u_int16_t dest_port;
-                struct in_addr dest_ip;
+                struct in_addr dest_addr;
        } s4_req, s4_rsp;
-        have = buffer_len(&c->input);
+        debug2("channel %d: decode socks4", c->self);
+        ret = channel_decode_helper(c, sizeof(s4_req), '\0');
-        debug("channel %d: pre_dynamic have: %d", c->self, have);
+        if (ret <= 0)
-        /*buffer_dump(&c->input);*/
+                return ret;
-        /* Check if the fixed size part of the packet is in buffer. */
-        if (have < SSH_SOCKS_HEAD + 1) {
-                /* need more */
-                FD_SET(c->sock, readset);
-                return;
-        }
-        /* Check for end of username */
-        p = buffer_ptr(&c->input);
-        done = 0;
-        for (i = SSH_SOCKS_HEAD; i < have; i++) {
-                if (p[i] == '\0') {
-                        done = 1;
-                        break;
-                }
-        }
-        if (!done) {
-                /* need more */
-                FD_SET(c->sock, readset);
-                return;
-        }
        buffer_get(&c->input, (char *)&s4_req.version, 1);
        buffer_get(&c->input, (char *)&s4_req.command, 1);
        buffer_get(&c->input, (char *)&s4_req.dest_port, 2);
-        buffer_get(&c->input, (char *)&s4_req.dest_ip, 4);
+        buffer_get(&c->input, (char *)&s4_req.dest_addr, 4);
        p = buffer_ptr(&c->input);
        len = strlen(p);
        have = buffer_len(&c->input);
-        debug2("channel %d: pre_dynamic user: %s/%d", c->self, p, len);
+        debug2("channel %d: pre_dynamic: user %s/%d", c->self, p, len);
        if (len > have)
-                fatal("channel %d: pre_dynamic: len %d > have %d",
+                fatal("channel %d: decode socks4: len %d > have %d",
                    c->self, len, have);
        strlcpy(username, p, sizeof(username));
        buffer_consume(&c->input, len);
        buffer_consume(&c->input, 1);           /* trailing '\0' */
-        host = inet_ntoa(s4_req.dest_ip);
+        host = inet_ntoa(s4_req.dest_addr);
        strlcpy(c->path, host, sizeof(c->path));
        c->host_port = ntohs(s4_req.dest_port);
        
-        debug("channel %d: dynamic request received: "
+        debug("channel %d: dynamic request: "
            "socks%x://%s@%s:%u/command?%u",
            c->self, s4_req.version, username, host, c->host_port,
            s4_req.command);
-        if ((s4_req.version != 4) || (s4_req.command != 1)) {
+        if (s4_req.command != 1) {
-                debug("channel %d: cannot handle: socks VN %d CN %d",
+                debug("channel %d: cannot handle: socks4 cn %d",
-                    c->self, s4_req.version, s4_req.command);
+                    c->self, s4_req.command);
-                channel_free(c->self);
+                return -1;
-                return;
        }
+        s4_rsp.version = 0;                     /* vn: 0 for reply */
-        s4_rsp.version = 0;                     /* VN: version of reply code */
+        s4_rsp.command = 90;                    /* cd: req granted */
-        s4_rsp.command = 90;                    /* CD: request granted */
        s4_rsp.dest_port = 0;                   /* ignored */
-        s4_rsp.dest_ip.s_addr = INADDR_ANY;     /* ignored */
+        s4_rsp.dest_addr.s_addr = INADDR_ANY;   /* ignored */
        buffer_append(&c->output, (char *)&s4_rsp, sizeof(s4_rsp));
+        return 1;
-        /* switch to next state */
-        c->type = SSH_CHANNEL_OPENING;
-        port_open_helper(c, "direct-tcpip");
 }
+/* dynamic port forwarding */
+void
+channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
+{
+        u_char *p;
+        int have, ret;
+        have = buffer_len(&c->input);
+        debug2("channel %d: pre_dynamic: have %d", c->self, have);
+        buffer_dump(&c->input);
+        /* check if the fixed size part of the packet is in buffer. */
+        if (have < 4) {
+                /* need more */
+                FD_SET(c->sock, readset);
+                return;
+        }
+        /* try to guess the protocol */
+        p = buffer_ptr(&c->input);
+        switch (p[0]) {
+        case 0x04:
+                ret = channel_decode_socks4(c, readset, writeset);
+                break;
+#if 0
+        case 'C':
+                ret = channel_decode_https(c, readset, writeset);
+                break;
+        case 0x05:
+                ret = channel_decode_socks5(c, readset, writeset);
+                break;
+#endif
+        default:
+                ret = -1;
+                break;
+        }
+        if (ret < 0) {
+                channel_free(c->self);
+        } else if (ret == 0) {
+                debug2("channel %d: pre_dynamic: need more", c->self);
+                /* need more */
+                FD_SET(c->sock, readset);
+        } else {
+                /* switch to the next state */
+                c->type = SSH_CHANNEL_OPENING;
+                port_open_helper(c, "direct-tcpip");
+        }
+}
 /* This is our fake X11 server socket. */
 void
@@ -846,16 +900,11 @@ channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
                if (len <= 0) {
                        debug("channel %d: read<=0 rfd %d len %d",
                            c->self, c->rfd, len);
-                        if (c->type == SSH_CHANNEL_DYNAMIC) {
+                        if (c->type != SSH_CHANNEL_OPEN) {
-                                /*
+                                debug("channel %d: not open", c->self);
-                                 * we are not yet connected to a remote peer,
-                                 * so the connection-close protocol won't work
-                                 */
-                                debug("channel %d: dynamic: closed", c->self);
                                channel_free(c->self);
                                return -1;
-                        }
+                        } else if (compat13) {
-                        if (compat13) {
                                buffer_consume(&c->output, buffer_len(&c->output));
                                c->type = SSH_CHANNEL_INPUT_DRAINING;
                                debug("Channel %d status set to input draining.", c->self);
@@ -890,7 +939,11 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
                if (len < 0 && (errno == EINTR || errno == EAGAIN))
                        return 1;
                if (len <= 0) {
-                        if (compat13) {
+                        if (c->type != SSH_CHANNEL_OPEN) {
+                                debug("channel %d: not open", c->self);
+                                channel_free(c->self);
+                                return -1;
+                        } else if (compat13) {
                                buffer_consume(&c->output, buffer_len(&c->output));
                                debug("Channel %d status set to input draining.", c->self);
                                c->type = SSH_CHANNEL_INPUT_DRAINING;
@@ -967,7 +1020,8 @@ channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset)
 int
 channel_check_window(Channel *c)
 {
-        if (!(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) &&
+        if (c->type == SSH_CHANNEL_OPEN &&
+            !(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) &&
            c->local_window < c->local_window_max/2 &&
            c->local_consumed > 0) {
                packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
@@ -1016,12 +1070,6 @@ channel_post_output_drain_13(Channel *c, fd_set * readset, fd_set * writeset)
 }
 void
-channel_post_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
-{
-        channel_handle_rfd(c, readset, writeset);
-}
-void
 channel_handler_init_20(void)
 {
        channel_pre[SSH_CHANNEL_OPEN] =                 &channel_pre_open_20;
@@ -1039,7 +1087,7 @@ channel_handler_init_20(void)
        channel_post[SSH_CHANNEL_X11_LISTENER] =        &channel_post_x11_listener;
        channel_post[SSH_CHANNEL_AUTH_SOCKET] =         &channel_post_auth_listener;
        channel_post[SSH_CHANNEL_CONNECTING] =          &channel_post_connecting;
-        channel_post[SSH_CHANNEL_DYNAMIC] =             &channel_post_dynamic;
+        channel_post[SSH_CHANNEL_DYNAMIC] =             &channel_post_open_2;
 }
 void
@@ -1061,7 +1109,7 @@ channel_handler_init_13(void)
        channel_post[SSH_CHANNEL_AUTH_SOCKET] =         &channel_post_auth_listener;
        channel_post[SSH_CHANNEL_OUTPUT_DRAINING] =     &channel_post_output_drain_13;
        channel_post[SSH_CHANNEL_CONNECTING] =          &channel_post_connecting;
-        channel_post[SSH_CHANNEL_DYNAMIC] =             &channel_post_dynamic;
+        channel_post[SSH_CHANNEL_DYNAMIC] =             &channel_post_open_1;
 }
 void
@@ -1080,7 +1128,7 @@ channel_handler_init_15(void)
        channel_post[SSH_CHANNEL_AUTH_SOCKET] =         &channel_post_auth_listener;
        channel_post[SSH_CHANNEL_OPEN] =                &channel_post_open_1;
        channel_post[SSH_CHANNEL_CONNECTING] =          &channel_post_connecting;
-        channel_post[SSH_CHANNEL_DYNAMIC] =             &channel_post_dynamic;
+        channel_post[SSH_CHANNEL_DYNAMIC] =             &channel_post_open_1;
 }
 void

diff --git a/ChangeLog b/ChangeLog index e59bf4e9e..0039e9026 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,3 +1,9 @@
		1	20010412
		2	- OpenBSD CVS Sync
		3	- markus@cvs.openbsd.org 2001/04/10 07:46:58
		4	[channels.c]
		5	cleanup socks4 handling
		6
1	20010410	7	20010410
2	- OpenBSD CVS Sync	8	- OpenBSD CVS Sync
3	- deraadt@cvs.openbsd.org 2001/04/08 20:52:55	9	- deraadt@cvs.openbsd.org 2001/04/08 20:52:55
@@ -4990,4 +4996,4 @@
4990	- Wrote replacements for strlcpy and mkdtemp	4996	- Wrote replacements for strlcpy and mkdtemp
4991	- Released 1.0pre1	4997	- Released 1.0pre1
4992		4998
4993	$Id: ChangeLog,v 1.1093 2001/04/10 02:48:50 mouring Exp $	4999	$Id: ChangeLog,v 1.1094 2001/04/11 15:57:50 mouring Exp $


diff --git a/channels.c b/channels.c index 0e334db88..008ff64b9 100644 --- a/channels.c +++ b/channels.c
@@ -40,7 +40,7 @@
40	*/	40	*/
41		41
42	#include "includes.h"	42	#include "includes.h"
43	RCSID("$OpenBSD: channels.c,v 1.103 2001/04/07 08:55:17 markus Exp $");	43	RCSID("$OpenBSD: channels.c,v 1.104 2001/04/10 07:46:58 markus Exp $");
44		44
45	#include <openssl/rsa.h>	45	#include <openssl/rsa.h>
46	#include <openssl/dsa.h>	46	#include <openssl/dsa.h>
@@ -542,88 +542,142 @@ channel_pre_x11_open(Channel c, fd_set readset, fd_set * writeset)
542	}	542	}
543	}	543	}
544		544
545	#define SSH_SOCKS_HEAD 1+1+2+4
546		545
547	void	546	int
548	channel_pre_dynamic(Channel c, fd_set readset, fd_set * writeset)	547	channel_decode_helper(Channel *c, int start, int lookfor)
		548	{
		549	u_char *p;
		550	int i, have;
		551
		552	p = buffer_ptr(&c->input);
		553	have = buffer_len(&c->input);
		554	debug2("channel %d: decode_helper: start %d have %d lookfor %d",
		555	c->self, start, have, lookfor);
		556	if (have < start)
		557	return 0;
		558	for (i = start; i < have; i++) {
		559	if (p[i] == lookfor) {
		560	debug2("channel %d: decode_helper: matched at %d",
		561	c->self, i);
		562	if (lookfor == '\0' \|\|
		563	(i+3 < have &&
		564	p[i+1] == '\n' &&
		565	p[i+2] == '\r' &&
		566	p[i+3] == '\n'))
		567	return i;
		568	}
		569	if (i > 4096) {
		570	/* the peer is probably sending garbage */
		571	debug("channel %d: decode_helper: too long",
		572	c->self);
		573	return -1;
		574	}
		575	}
		576	return 0; /* need more */
		577	}
		578
		579	/* try to decode a socks4 header */
		580	int
		581	channel_decode_socks4(Channel c, fd_set readset, fd_set * writeset)
549	{	582	{
550	u_char p, host;	583	u_char p, host;
551	int len, i, done, have;	584	int len, have, ret;
552	char username[256];	585	char username[256];
553	struct {	586	struct {
554	u_int8_t version;	587	u_int8_t version;
555	u_int8_t command;	588	u_int8_t command;
556	u_int16_t dest_port;	589	u_int16_t dest_port;
557	struct in_addr dest_ip;	590	struct in_addr dest_addr;
558	} s4_req, s4_rsp;	591	} s4_req, s4_rsp;
559		592
560	have = buffer_len(&c->input);	593	debug2("channel %d: decode socks4", c->self);
561		594	ret = channel_decode_helper(c, sizeof(s4_req), '\0');
562	debug("channel %d: pre_dynamic have: %d", c->self, have);	595	if (ret <= 0)
563	/buffer_dump(&c->input);/	596	return ret;
564
565	/* Check if the fixed size part of the packet is in buffer. */
566	if (have < SSH_SOCKS_HEAD + 1) {
567	/* need more */
568	FD_SET(c->sock, readset);
569	return;
570	}
571	/* Check for end of username */
572	p = buffer_ptr(&c->input);
573	done = 0;
574	for (i = SSH_SOCKS_HEAD; i < have; i++) {
575	if (p[i] == '\0') {
576	done = 1;
577	break;
578	}
579	}
580	if (!done) {
581	/* need more */
582	FD_SET(c->sock, readset);
583	return;
584	}
585	buffer_get(&c->input, (char *)&s4_req.version, 1);	597	buffer_get(&c->input, (char *)&s4_req.version, 1);
586	buffer_get(&c->input, (char *)&s4_req.command, 1);	598	buffer_get(&c->input, (char *)&s4_req.command, 1);
587	buffer_get(&c->input, (char *)&s4_req.dest_port, 2);	599	buffer_get(&c->input, (char *)&s4_req.dest_port, 2);
588	buffer_get(&c->input, (char *)&s4_req.dest_ip, 4);	600	buffer_get(&c->input, (char *)&s4_req.dest_addr, 4);
589	p = buffer_ptr(&c->input);	601	p = buffer_ptr(&c->input);
590	len = strlen(p);	602	len = strlen(p);
591	have = buffer_len(&c->input);	603	have = buffer_len(&c->input);
592	debug2("channel %d: pre_dynamic user: %s/%d", c->self, p, len);	604	debug2("channel %d: pre_dynamic: user %s/%d", c->self, p, len);
593	if (len > have)	605	if (len > have)
594	fatal("channel %d: pre_dynamic: len %d > have %d",	606	fatal("channel %d: decode socks4: len %d > have %d",
595	c->self, len, have);	607	c->self, len, have);
596	strlcpy(username, p, sizeof(username));	608	strlcpy(username, p, sizeof(username));
597	buffer_consume(&c->input, len);	609	buffer_consume(&c->input, len);
598	buffer_consume(&c->input, 1); /* trailing '\0' */	610	buffer_consume(&c->input, 1); /* trailing '\0' */
599		611
600	host = inet_ntoa(s4_req.dest_ip);	612	host = inet_ntoa(s4_req.dest_addr);
601	strlcpy(c->path, host, sizeof(c->path));	613	strlcpy(c->path, host, sizeof(c->path));
602	c->host_port = ntohs(s4_req.dest_port);	614	c->host_port = ntohs(s4_req.dest_port);
603		615
604	debug("channel %d: dynamic request received: "	616	debug("channel %d: dynamic request: "
605	"socks%x://%s@%s:%u/command?%u",	617	"socks%x://%s@%s:%u/command?%u",
606	c->self, s4_req.version, username, host, c->host_port,	618	c->self, s4_req.version, username, host, c->host_port,
607	s4_req.command);	619	s4_req.command);
608		620
609	if ((s4_req.version != 4) \|\| (s4_req.command != 1)) {	621	if (s4_req.command != 1) {
610	debug("channel %d: cannot handle: socks VN %d CN %d",	622	debug("channel %d: cannot handle: socks4 cn %d",
611	c->self, s4_req.version, s4_req.command);	623	c->self, s4_req.command);
612	channel_free(c->self);	624	return -1;
613	return;
614	}	625	}
615		626	s4_rsp.version = 0; /* vn: 0 for reply */
616	s4_rsp.version = 0; /* VN: version of reply code */	627	s4_rsp.command = 90; /* cd: req granted */
617	s4_rsp.command = 90; /* CD: request granted */
618	s4_rsp.dest_port = 0; /* ignored */	628	s4_rsp.dest_port = 0; /* ignored */
619	s4_rsp.dest_ip.s_addr = INADDR_ANY; /* ignored */	629	s4_rsp.dest_addr.s_addr = INADDR_ANY; /* ignored */
620	buffer_append(&c->output, (char *)&s4_rsp, sizeof(s4_rsp));	630	buffer_append(&c->output, (char *)&s4_rsp, sizeof(s4_rsp));
621		631	return 1;
622	/* switch to next state */
623	c->type = SSH_CHANNEL_OPENING;
624	port_open_helper(c, "direct-tcpip");
625	}	632	}
626		633
		634	/* dynamic port forwarding */
		635	void
		636	channel_pre_dynamic(Channel c, fd_set readset, fd_set * writeset)
		637	{
		638	u_char *p;
		639	int have, ret;
		640
		641	have = buffer_len(&c->input);
		642
		643	debug2("channel %d: pre_dynamic: have %d", c->self, have);
		644	buffer_dump(&c->input);
		645	/* check if the fixed size part of the packet is in buffer. */
		646	if (have < 4) {
		647	/* need more */
		648	FD_SET(c->sock, readset);
		649	return;
		650	}
		651	/* try to guess the protocol */
		652	p = buffer_ptr(&c->input);
		653	switch (p[0]) {
		654	case 0x04:
		655	ret = channel_decode_socks4(c, readset, writeset);
		656	break;
		657	#if 0
		658	case 'C':
		659	ret = channel_decode_https(c, readset, writeset);
		660	break;
		661	case 0x05:
		662	ret = channel_decode_socks5(c, readset, writeset);
		663	break;
		664	#endif
		665	default:
		666	ret = -1;
		667	break;
		668	}
		669	if (ret < 0) {
		670	channel_free(c->self);
		671	} else if (ret == 0) {
		672	debug2("channel %d: pre_dynamic: need more", c->self);
		673	/* need more */
		674	FD_SET(c->sock, readset);
		675	} else {
		676	/* switch to the next state */
		677	c->type = SSH_CHANNEL_OPENING;
		678	port_open_helper(c, "direct-tcpip");
		679	}
		680	}
627		681
628	/* This is our fake X11 server socket. */	682	/* This is our fake X11 server socket. */
629	void	683	void
@@ -846,16 +900,11 @@ channel_handle_rfd(Channel c, fd_set readset, fd_set * writeset)
846	if (len <= 0) {	900	if (len <= 0) {
847	debug("channel %d: read<=0 rfd %d len %d",	901	debug("channel %d: read<=0 rfd %d len %d",
848	c->self, c->rfd, len);	902	c->self, c->rfd, len);
849	if (c->type == SSH_CHANNEL_DYNAMIC) {	903	if (c->type != SSH_CHANNEL_OPEN) {
850	/*	904	debug("channel %d: not open", c->self);
851	* we are not yet connected to a remote peer,
852	* so the connection-close protocol won't work
853	*/
854	debug("channel %d: dynamic: closed", c->self);
855	channel_free(c->self);	905	channel_free(c->self);
856	return -1;	906	return -1;
857	}	907	} else if (compat13) {
858	if (compat13) {
859	buffer_consume(&c->output, buffer_len(&c->output));	908	buffer_consume(&c->output, buffer_len(&c->output));
860	c->type = SSH_CHANNEL_INPUT_DRAINING;	909	c->type = SSH_CHANNEL_INPUT_DRAINING;
861	debug("Channel %d status set to input draining.", c->self);	910	debug("Channel %d status set to input draining.", c->self);
@@ -890,7 +939,11 @@ channel_handle_wfd(Channel c, fd_set readset, fd_set * writeset)
890	if (len < 0 && (errno == EINTR \|\| errno == EAGAIN))	939	if (len < 0 && (errno == EINTR \|\| errno == EAGAIN))
891	return 1;	940	return 1;
892	if (len <= 0) {	941	if (len <= 0) {
893	if (compat13) {	942	if (c->type != SSH_CHANNEL_OPEN) {
		943	debug("channel %d: not open", c->self);
		944	channel_free(c->self);
		945	return -1;
		946	} else if (compat13) {
894	buffer_consume(&c->output, buffer_len(&c->output));	947	buffer_consume(&c->output, buffer_len(&c->output));
895	debug("Channel %d status set to input draining.", c->self);	948	debug("Channel %d status set to input draining.", c->self);
896	c->type = SSH_CHANNEL_INPUT_DRAINING;	949	c->type = SSH_CHANNEL_INPUT_DRAINING;
@@ -967,7 +1020,8 @@ channel_handle_efd(Channel c, fd_set readset, fd_set * writeset)
967	int	1020	int
968	channel_check_window(Channel *c)	1021	channel_check_window(Channel *c)
969	{	1022	{
970	if (!(c->flags & (CHAN_CLOSE_SENT\|CHAN_CLOSE_RCVD)) &&	1023	if (c->type == SSH_CHANNEL_OPEN &&
		1024	!(c->flags & (CHAN_CLOSE_SENT\|CHAN_CLOSE_RCVD)) &&
971	c->local_window < c->local_window_max/2 &&	1025	c->local_window < c->local_window_max/2 &&
972	c->local_consumed > 0) {	1026	c->local_consumed > 0) {
973	packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);	1027	packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
@@ -1016,12 +1070,6 @@ channel_post_output_drain_13(Channel c, fd_set readset, fd_set * writeset)
1016	}	1070	}
1017		1071
1018	void	1072	void
1019	channel_post_dynamic(Channel c, fd_set readset, fd_set * writeset)
1020	{
1021	channel_handle_rfd(c, readset, writeset);
1022	}
1023
1024	void
1025	channel_handler_init_20(void)	1073	channel_handler_init_20(void)
1026	{	1074	{
1027	channel_pre[SSH_CHANNEL_OPEN] = &channel_pre_open_20;	1075	channel_pre[SSH_CHANNEL_OPEN] = &channel_pre_open_20;
@@ -1039,7 +1087,7 @@ channel_handler_init_20(void)
1039	channel_post[SSH_CHANNEL_X11_LISTENER] = &channel_post_x11_listener;	1087	channel_post[SSH_CHANNEL_X11_LISTENER] = &channel_post_x11_listener;
1040	channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;	1088	channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;
1041	channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting;	1089	channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting;
1042	channel_post[SSH_CHANNEL_DYNAMIC] = &channel_post_dynamic;	1090	channel_post[SSH_CHANNEL_DYNAMIC] = &channel_post_open_2;
1043	}	1091	}
1044		1092
1045	void	1093	void
@@ -1061,7 +1109,7 @@ channel_handler_init_13(void)
1061	channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;	1109	channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;
1062	channel_post[SSH_CHANNEL_OUTPUT_DRAINING] = &channel_post_output_drain_13;	1110	channel_post[SSH_CHANNEL_OUTPUT_DRAINING] = &channel_post_output_drain_13;
1063	channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting;	1111	channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting;
1064	channel_post[SSH_CHANNEL_DYNAMIC] = &channel_post_dynamic;	1112	channel_post[SSH_CHANNEL_DYNAMIC] = &channel_post_open_1;
1065	}	1113	}
1066		1114
1067	void	1115	void
@@ -1080,7 +1128,7 @@ channel_handler_init_15(void)
1080	channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;	1128	channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;
1081	channel_post[SSH_CHANNEL_OPEN] = &channel_post_open_1;	1129	channel_post[SSH_CHANNEL_OPEN] = &channel_post_open_1;
1082	channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting;	1130	channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting;
1083	channel_post[SSH_CHANNEL_DYNAMIC] = &channel_post_dynamic;	1131	channel_post[SSH_CHANNEL_DYNAMIC] = &channel_post_open_1;
1084	}	1132	}
1085		1133
1086	void	1134	void