bin/100424: SSH option BindAddress is ignored by option UsePrivilegedPort.

mitrohin a.s. swp at swp.pp.ru
Mon Jul 17 07:00:36 UTC 2006 

>Number:         100424
>Category:       bin
>Synopsis:       SSH option BindAddress is ignored by option UsePrivilegedPort.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 17 07:00:34 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     mitrohin a.s.
>Release:        FreeBSD 6.1-STABLE i386
>Organization:
Barnaul State Pedagogical University
>Environment:
System: FreeBSD swp.pp.ru 6.1-STABLE FreeBSD 6.1-STABLE #1: Wed Jun 28 13:37:54 NOVST 2006 swp at swp.pp.ru:/usr/src/sys/i386/compile/ck_smpkernel_amr i386


>Description:
Unable bind socket to lo0 aliased ip 83.246.x.x with ssh options BindAddress 
and UsePrivilegedPort simultaneously.

	
>How-To-Repeat:
on server:
~# sshd -D -p 11111

on client:
~# ssh -vvv -o UsePrivilegedPort=yes -b ${client_bind_address} \
	-p 11111 ${server_connect_address}

debug2: ssh_connect: needpriv 1
write(2,"debug2: ssh_connect: needpriv 1"...,33) = 33 (0x21)
debug1: Connecting to 83.246.139.224 [83.246.139.224] port 11111.
write(2,"debug1: Connecting to 83.246.139"...,67) = 67 (0x43)
seteuid(0x0)                                     = 0 (0x0)
socket(PF_INET,SOCK_STREAM,0)                    = 3 (0x3)
getsockopt(0x3,0x0,0x13,0xbfbfdd74,0xbfbfdd78)   = 0 (0x0)
setsockopt(0x3,0x0,0x13,0xbfbfdd70,0x4)          = 0 (0x0)
bind(3,{ AF_INET 0.0.0.0:0 },16)                 = 0 (0x0)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - XXX
getsockname(3,{ AF_INET 0.0.0.0:619 },0xbfbfdd7c) = 0 (0x0)
seteuid(0x0)                                     = 0 (0x0)
debug1: Allocated local port 619.
write(2,"debug1: Allocated local port 619"...,35) = 35 (0x23)
connect(3,{ AF_INET 83.246.139.224:11111 },16)   ERR#61 'Connection refused'
debug1: connect to address 83.246.139.224 port 11111: Connection refused
write(2,"debug1: connect to address 83.24"...,74) = 74 (0x4a)
close(3)                                         = 0 (0x0)
ssh: connect to host 83.246.139.224 port 11111: Connection refused
write(2,"ssh: connect to host 83.246.139."...,68) = 68 (0x44)
madvise(0x806a000,0x1000,0x5)                    = 0 (0x0)
exit(0x1)
process exit, rval = 256

>Fix:
Index: crypto/openssh/sshconnect.c
===================================================================
RCS file: /usr/cvs/freebsd/ncvs/src/crypto/openssh/sshconnect.c,v
retrieving revision 1.29.2.1
diff -u -r1.29.2.1 sshconnect.c
--- crypto/openssh/sshconnect.c	11 Sep 2005 16:50:35 -0000	1.29.2.1
+++ crypto/openssh/sshconnect.c	17 Jul 2006 05:29:41 -0000
@@ -153,29 +153,15 @@
 	int sock, gaierr;
 	struct addrinfo hints, *res;
 
-	/*
-	 * If we are running as root and want to connect to a privileged
-	 * port, bind our own socket to a privileged port.
-	 */
-	if (privileged) {
-		int p = IPPORT_RESERVED - 1;
-		PRIV_START;
-		sock = rresvport_af(&p, ai->ai_family);
-		PRIV_END;
-		if (sock < 0)
-			error("rresvport: af=%d %.100s", ai->ai_family,
-			    strerror(errno));
-		else
-			debug("Allocated local port %d.", p);
-		return sock;
-	}
 	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-	if (sock < 0)
+	if (sock < 0) {
 		error("socket: %.100s", strerror(errno));
+		return sock;
+	}
+	if (!privileged && !options.bind_address)
+		return sock;
 
 	/* Bind the socket to an alternative local IP address */
-	if (options.bind_address == NULL)
-		return sock;
 
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = ai->ai_family;
@@ -189,12 +175,27 @@
 		close(sock);
 		return -1;
 	}
-	if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
-		error("bind: %s: %s", options.bind_address, strerror(errno));
-		close(sock);
-		freeaddrinfo(res);
-		return -1;
-	}
+
+	if (privileged) {
+		int rc;
+
+		PRIV_START;
+		rc = bindresvport_sa(sock, res->ai_addr);
+		PRIV_END;
+		if (rc < 0) {
+			error("bindresvport_sa: %s: %s", options.bind_address, 
+				strerror(errno));
+			close(sock);
+			sock = -1;
+		}
+	} else
+		if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
+			error("bind: %s: %s", options.bind_address, 
+				strerror(errno));
+			close(sock); 
+			sock = -1;
+		}
+
 	freeaddrinfo(res);
 	return sock;
 }

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list