diff --git a/ChangeLog b/ChangeLog index 4855b0eaa..9d14eab10 100644 --- a/ChangeLog +++ b/ChangeLog @@ -52,6 +52,9 @@ - stevesk@cvs.openbsd.org 2001/08/29 23:13:10 [ssh.1 ssh.c] document -D and DynamicForward; ok markus@ + - stevesk@cvs.openbsd.org 2001/08/29 23:27:23 + [ssh.c] + validate ports for -L/-R; ok markus@ 20010815 - (bal) Fixed stray code in readconf.c that went in by mistake. @@ -6375,4 +6378,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1500 2001/09/12 17:54:24 mouring Exp $ +$Id: ChangeLog,v 1.1501 2001/09/12 17:56:15 mouring Exp $ diff --git a/ssh.c b/ssh.c index 4fcaaeae5..d500e8493 100644 --- a/ssh.c +++ b/ssh.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.140 2001/08/29 23:13:10 stevesk Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.141 2001/08/29 23:27:23 stevesk Exp $"); #include #include @@ -258,6 +258,7 @@ main(int ac, char **av) { int i, opt, exit_status, cerr; u_short fwd_port, fwd_host_port; + char sfwd_port[6], sfwd_host_port[6]; char *p, *cp, buf[256]; struct stat st; struct passwd *pw; @@ -470,33 +471,31 @@ again: case 'l': options.user = optarg; break; - case 'R': - if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf, - &fwd_host_port) != 3 && - sscanf(optarg, "%hu:%255[^:]:%hu", &fwd_port, buf, - &fwd_host_port) != 3) { - fprintf(stderr, - "Bad forwarding specification '%s'.\n", - optarg); - usage(); - /* NOTREACHED */ - } - add_remote_forward(&options, fwd_port, buf, - fwd_host_port); - break; + case 'L': - if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf, - &fwd_host_port) != 3 && - sscanf(optarg, "%hu:%255[^:]:%hu", &fwd_port, buf, - &fwd_host_port) != 3) { + case 'R': + if (sscanf(optarg, "%5[0-9]:%255[^:]:%5[0-9]", + sfwd_port, buf, sfwd_host_port) != 3 && + sscanf(optarg, "%5[0-9]/%255[^/]/%5[0-9]", + sfwd_port, buf, sfwd_host_port) != 3) { fprintf(stderr, - "Bad forwarding specification '%s'.\n", + "Bad forwarding specification '%s'\n", optarg); usage(); /* NOTREACHED */ } - add_local_forward(&options, fwd_port, buf, - fwd_host_port); + if ((fwd_port = a2port(sfwd_port)) == 0 || + (fwd_host_port = a2port(sfwd_host_port)) == 0) { + fprintf(stderr, + "Bad forwarding port(s) '%s'\n", optarg); + exit(1); + } + if (opt == 'L') + add_local_forward(&options, fwd_port, buf, + fwd_host_port); + else if (opt == 'R') + add_remote_forward(&options, fwd_port, buf, + fwd_host_port); break; case 'D':