1 files changed, 11 insertions, 7 deletions

diff --git a/serverloop.c b/serverloop.c
index 77d9dee75..81cafe6ad 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.153 2008/06/30 12:15:39 djm Exp $ */
+/* $OpenBSD: serverloop.c,v 1.157 2009/02/12 03:16:01 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -942,7 +942,7 @@ server_request_direct_tcpip(void)
 {
         Channel *c;
         char *target, *originator;
-        int target_port, originator_port;
+        u_short target_port, originator_port;
 
         target = packet_get_string(NULL);
         target_port = packet_get_int();
@@ -1095,7 +1095,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
 {
         char *rtype;
         int want_reply;
-        int success = 0;
+        int success = 0, allocated_listen_port = 0;
 
         rtype = packet_get_string(NULL);
         want_reply = packet_get_char();
@@ -1117,7 +1117,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
 
                 /* check permissions */
                 if (!options.allow_tcp_forwarding ||
-                    no_port_forwarding_flag
+                    no_port_forwarding_flag ||
+                    (!want_reply && listen_port == 0)
 #ifndef NO_IPPORT_RESERVED_CONCEPT
                     || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
 #endif
@@ -1127,7 +1128,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
                 } else {
                         /* Start listening on the port */
                         success = channel_setup_remote_fwd_listener(
-                            listen_address, listen_port, options.gateway_ports);
+                            listen_address, listen_port,
+                            &allocated_listen_port, options.gateway_ports);
                 }
                 xfree(listen_address);
         } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
@@ -1149,6 +1151,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
         if (want_reply) {
                 packet_start(success ?
                     SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
+                if (success && allocated_listen_port > 0)
+                        packet_put_int(allocated_listen_port);
                 packet_send();
                 packet_write_wait();
         }
@@ -1202,9 +1206,9 @@ server_init_dispatch_20(void)
         dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &server_input_channel_req);
         dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
         dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);
-        dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &channel_input_status_confirm);
-        dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &channel_input_status_confirm);
         /* client_alive */
+        dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &server_input_keep_alive);
+        dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive);
         dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive);
         dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive);
         /* rekeying */