From owner-freebsd-bugs Fri Apr 19 3:30:10 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 2DBAC37B419 for ; Fri, 19 Apr 2002 03:30:02 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g3JAU2S86159; Fri, 19 Apr 2002 03:30:02 -0700 (PDT) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 2742E37B416 for ; Fri, 19 Apr 2002 03:28:32 -0700 (PDT) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g3JASW685838; Fri, 19 Apr 2002 03:28:32 -0700 (PDT) (envelope-from nobody) Message-Id: <200204191028.g3JASW685838@freefall.freebsd.org> Date: Fri, 19 Apr 2002 03:28:32 -0700 (PDT) From: Petr Rehor To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: bin/37245: OpenSSH -R port forwarding works with ssh v1 but not with ssh v2 Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 37245 >Category: bin >Synopsis: OpenSSH -R port forwarding works with ssh v1 but not with ssh v2 >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Apr 19 03:30:02 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Petr Rehor >Release: FreeBSD 4.5-RELEASE-p2 i386 >Organization: ICZ Czech Republic >Environment: FreeBSD noc.decros.cz 4.5-RELEASE-p2 FreeBSD 4.5-RELEASE-p2 #0: Fri Mar 8 22:22:02 CET 2002 reho@noc.decros.cz:/usr/obj/usr/src/sys/NOC i386 >Description: OpenSSH 2.9 -R port forwarding works with ssh v1 but not with ssh v2. -L port forwarding works for both protocols. It's fixes in OpenSSH See: http://docs.freebsd.org/cgi/getmsg.cgi?fetch=75341+0+archive/2002/freebsd-security/20020113.freebsd-security http://www.freebsd.org/cgi/getmsg.cgi?fetch=81207+83038+/usr/local/www/db/text/2002/freebsd-security/20020113.freebsd-security Patch available from: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/channels.c.diff?r1=1.109.2.1&r2=1.109.2.2 >How-To-Repeat: ssh -2 -R PORT:localhost:PORT remote >Fix: =================================================================== RCS file: /usr/OpenBSD/cvs/src/usr.bin/ssh/channels.c,v retrieving revision 1.109.2.1 retrieving revision 1.109.2.2 diff -u -r1.109.2.1 -r1.109.2.2 --- src/usr.bin/ssh/channels.c 2001/06/12 22:31:48 1.109.2.1 +++ src/usr.bin/ssh/channels.c 2001/06/21 23:45:23 1.109.2.2 @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.109.2.1 2001/06/12 22:31:48 jason Exp $"); +RCSID("$OpenBSD: channels.c,v 1.109.2.2 2001/06/21 23:45:23 jason Exp $"); #include #include @@ -773,8 +773,9 @@ rtype = (c->type == SSH_CHANNEL_RPORT_LISTENER) ? "forwarded-tcpip" : "direct-tcpip"; - nextstate = (c->host_port == 0) ? SSH_CHANNEL_DYNAMIC : - SSH_CHANNEL_OPENING; + nextstate = (c->host_port == 0 && + c->type != SSH_CHANNEL_RPORT_LISTENER) ? + SSH_CHANNEL_DYNAMIC : SSH_CHANNEL_OPENING; addrlen = sizeof(addr); newsock = accept(c->sock, &addr, &addrlen); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message