From 232cfb1b1d0dccee68b1d433e0b4e1aa74919fc9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 26 Jun 2010 09:50:30 +1000 Subject: - djm@cvs.openbsd.org 2010/06/25 07:14:46 [channels.c mux.c readconf.c readconf.h ssh.h] bz#1327: remove hardcoded limit of 100 permitopen clauses and port forwards per direction; ok markus@ stevesk@ --- ChangeLog | 4 ++++ channels.c | 29 ++++++++++++++++++----------- mux.c | 12 ++++-------- readconf.c | 24 ++++++++++++++++++------ readconf.h | 6 +++--- ssh.h | 5 +---- 6 files changed, 48 insertions(+), 32 deletions(-) diff --git a/ChangeLog b/ChangeLog index d0f45b07..cac82b47 100644 --- a/ChangeLog +++ b/ChangeLog @@ -53,6 +53,10 @@ - djm@cvs.openbsd.org 2010/06/23 02:59:02 [ssh-keygen.c] fix printing of extensions in v01 certificates that I broke in r1.190 + - djm@cvs.openbsd.org 2010/06/25 07:14:46 + [channels.c mux.c readconf.c readconf.h ssh.h] + bz#1327: remove hardcoded limit of 100 permitopen clauses and port + forwards per direction; ok markus@ stevesk@ 20100622 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 diff --git a/channels.c b/channels.c index 0f750c4d..2f2798dd 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.304 2010/05/14 23:29:23 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.305 2010/06/25 07:14:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -114,10 +114,10 @@ typedef struct { } ForwardPermission; /* List of all permitted host/port pairs to connect by the user. */ -static ForwardPermission permitted_opens[SSH_MAX_FORWARDS_PER_DIRECTION]; +static ForwardPermission *permitted_opens = NULL; /* List of all permitted host/port pairs to connect by the admin. */ -static ForwardPermission permitted_adm_opens[SSH_MAX_FORWARDS_PER_DIRECTION]; +static ForwardPermission *permitted_adm_opens = NULL; /* Number of permitted host/port pairs in the array permitted by the user. */ static int num_permitted_opens = 0; @@ -2838,10 +2838,6 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port, { int type, success = 0; - /* Record locally that connection to this host/port is permitted. */ - if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) - fatal("channel_request_remote_forwarding: too many forwards"); - /* Send the forward request to the remote side. */ if (compat20) { const char *address_to_bind; @@ -2891,6 +2887,9 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port, } } if (success) { + /* Record that connection to this host/port is permitted. */ + permitted_opens = xrealloc(permitted_opens, + num_permitted_opens + 1, sizeof(*permitted_opens)); permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; permitted_opens[num_permitted_opens].listen_port = listen_port; @@ -2988,10 +2987,10 @@ channel_permit_all_opens(void) void channel_add_permitted_opens(char *host, int port) { - if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) - fatal("channel_add_permitted_opens: too many forwards"); debug("allow port forwarding to host %s port %d", host, port); + permitted_opens = xrealloc(permitted_opens, + num_permitted_opens + 1, sizeof(*permitted_opens)); permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host); permitted_opens[num_permitted_opens].port_to_connect = port; num_permitted_opens++; @@ -3002,10 +3001,10 @@ channel_add_permitted_opens(char *host, int port) int channel_add_adm_permitted_opens(char *host, int port) { - if (num_adm_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) - fatal("channel_add_adm_permitted_opens: too many forwards"); debug("config allows port forwarding to host %s port %d", host, port); + permitted_adm_opens = xrealloc(permitted_adm_opens, + num_adm_permitted_opens + 1, sizeof(*permitted_adm_opens)); permitted_adm_opens[num_adm_permitted_opens].host_to_connect = xstrdup(host); permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port; @@ -3020,6 +3019,10 @@ channel_clear_permitted_opens(void) for (i = 0; i < num_permitted_opens; i++) if (permitted_opens[i].host_to_connect != NULL) xfree(permitted_opens[i].host_to_connect); + if (num_permitted_opens > 0) { + xfree(permitted_opens); + permitted_opens = NULL; + } num_permitted_opens = 0; } @@ -3031,6 +3034,10 @@ channel_clear_adm_permitted_opens(void) for (i = 0; i < num_adm_permitted_opens; i++) if (permitted_adm_opens[i].host_to_connect != NULL) xfree(permitted_adm_opens[i].host_to_connect); + if (num_adm_permitted_opens > 0) { + xfree(permitted_adm_opens); + permitted_adm_opens = NULL; + } num_adm_permitted_opens = 0; } diff --git a/mux.c b/mux.c index 70c8d2ad..fdf0385e 100644 --- a/mux.c +++ b/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.19 2010/06/17 07:07:30 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.20 2010/06/25 07:14:46 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -727,9 +727,7 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) } if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) { - if (options.num_local_forwards + 1 >= - SSH_MAX_FORWARDS_PER_DIRECTION || - channel_setup_local_fwd_listener(fwd.listen_host, + if (channel_setup_local_fwd_listener(fwd.listen_host, fwd.listen_port, fwd.connect_host, fwd.connect_port, options.gateway_ports) < 0) { fail: @@ -744,16 +742,14 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) } else { struct mux_channel_confirm_ctx *fctx; - if (options.num_remote_forwards + 1 >= - SSH_MAX_FORWARDS_PER_DIRECTION || - channel_request_remote_forwarding(fwd.listen_host, + if (channel_request_remote_forwarding(fwd.listen_host, fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0) goto fail; add_remote_forward(&options, &fwd); fctx = xcalloc(1, sizeof(*fctx)); fctx->cid = c->self; fctx->rid = rid; - fctx->fid = options.num_remote_forwards-1; + fctx->fid = options.num_remote_forwards - 1; client_register_global_confirm(mux_confirm_remote_forward, fctx); freefwd = 0; diff --git a/readconf.c b/readconf.c index 4bc98b77..aae9cef4 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.184 2010/05/16 12:55:51 markus Exp $ */ +/* $OpenBSD: readconf.c,v 1.185 2010/06/25 07:14:46 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -255,8 +255,9 @@ add_local_forward(Options *options, const Forward *newfwd) if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) fatal("Privileged ports can only be forwarded by root."); #endif - if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) - fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); + options->local_forwards = xrealloc(options->local_forwards, + options->num_local_forwards + 1, + sizeof(*options->local_forwards)); fwd = &options->local_forwards[options->num_local_forwards++]; fwd->listen_host = newfwd->listen_host; @@ -274,9 +275,10 @@ void add_remote_forward(Options *options, const Forward *newfwd) { Forward *fwd; - if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) - fatal("Too many remote forwards (max %d).", - SSH_MAX_FORWARDS_PER_DIRECTION); + + options->remote_forwards = xrealloc(options->remote_forwards, + options->num_remote_forwards + 1, + sizeof(*options->remote_forwards)); fwd = &options->remote_forwards[options->num_remote_forwards++]; fwd->listen_host = newfwd->listen_host; @@ -296,12 +298,20 @@ clear_forwardings(Options *options) xfree(options->local_forwards[i].listen_host); xfree(options->local_forwards[i].connect_host); } + if (options->num_local_forwards > 0) { + xfree(options->local_forwards); + options->local_forwards = NULL; + } options->num_local_forwards = 0; for (i = 0; i < options->num_remote_forwards; i++) { if (options->remote_forwards[i].listen_host != NULL) xfree(options->remote_forwards[i].listen_host); xfree(options->remote_forwards[i].connect_host); } + if (options->num_remote_forwards > 0) { + xfree(options->remote_forwards); + options->remote_forwards = NULL; + } options->num_remote_forwards = 0; options->tun_open = SSH_TUNMODE_NO; } @@ -1048,7 +1058,9 @@ initialize_options(Options * options) options->user_hostfile = NULL; options->system_hostfile2 = NULL; options->user_hostfile2 = NULL; + options->local_forwards = NULL; options->num_local_forwards = 0; + options->remote_forwards = NULL; options->num_remote_forwards = 0; options->clear_forwardings = -1; options->log_level = SYSLOG_LEVEL_NOT_SET; diff --git a/readconf.h b/readconf.h index 4fb29e2f..3c8eae9d 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.83 2010/05/16 12:55:51 markus Exp $ */ +/* $OpenBSD: readconf.h,v 1.84 2010/06/25 07:14:46 djm Exp $ */ /* * Author: Tatu Ylonen @@ -94,11 +94,11 @@ typedef struct { /* Local TCP/IP forward requests. */ int num_local_forwards; - Forward local_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; + Forward *local_forwards; /* Remote TCP/IP forward requests. */ int num_remote_forwards; - Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; + Forward *remote_forwards; int clear_forwardings; int enable_ssh_keysign; diff --git a/ssh.h b/ssh.h index 186cfff9..c94633bd 100644 --- a/ssh.h +++ b/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.78 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: ssh.h,v 1.79 2010/06/25 07:14:46 djm Exp $ */ /* * Author: Tatu Ylonen @@ -18,9 +18,6 @@ /* Default port number. */ #define SSH_DEFAULT_PORT 22 -/* Maximum number of TCP/IP ports forwarded per direction. */ -#define SSH_MAX_FORWARDS_PER_DIRECTION 100 - /* * Maximum number of RSA authentication identity files that can be specified * in configuration files or on the command line. -- cgit v1.2.3