[Bug 2529] New: direct-streamlocal channel open doesn't match PROTOCOL documentation

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2529

            Bug ID: 2529
           Summary: direct-streamlocal channel open doesn't match PROTOCOL
                    documentation
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-b...@mindrot.org
          Reporter: r...@timeheart.net

I attempted to implement support for direct-streamlo...@openssh.com
channels in my own SSH implementation and found that the documentation
in the OpenSSH PROTOCOL file doesn't match the implementation in
OpenSSH. The PROTOCOL file describes the channel open message as:

        byte            SSH_MSG_CHANNEL_OPEN
        string          "direct-streamlo...@openssh.com"
        uint32          sender channel
        uint32          initial window size
        uint32          maximum packet size
        string          socket path

However, the implementation tacks some additional data to the end:

                packet_start(SSH2_MSG_CHANNEL_OPEN);
                packet_put_cstring(rtype);
                packet_put_int(c->self);
                packet_put_int(c->local_window_max);
                packet_put_int(c->local_maxpacket);
                if (strcmp(rtype, "direct-tcpip") == 0) {
                        /* target host, port */
                        packet_put_cstring(c->path);
                        packet_put_int(c->host_port);
                } else if (strcmp(rtype,
"direct-streamlo...@openssh.com") == 0) {
                        /* target path */
                        packet_put_cstring(c->path);
                } else if (strcmp(rtype,
"forwarded-streamlo...@openssh.com") == 0) {
                        /* listen path */
                        packet_put_cstring(c->path);
                } else {
                        /* listen address, port */
                        packet_put_cstring(c->path);
                        packet_put_int(local_port);
                }
                if (strcmp(rtype, "forwarded-streamlo...@openssh.com")
== 0) {
                        /* reserved for future owner/mode info */
                        packet_put_cstring("");
                } else {
-->                     /* originator host and port */
-->                     packet_put_cstring(remote_ipaddr);
-->                     packet_put_int((u_int)remote_port);
                }
                packet_send();

It correctly special-cases forwarded-streamlocal, but for all other
cases (including direct-streamlocal) it appends the remote IP add and
port, even though these values are not applicable in the
direct-streamlocal case.

This may be difficult to fix in a backward-compatible manner, since the
code in serverloop.c actually seems to be expecting to get a host &
port:

        target = packet_get_string(NULL);
        originator = packet_get_string(NULL);
        originator_port = packet_get_int();
        packet_check_eom();

So, perhaps the right thing here is to update the documentation in
PROTOCOL to match the current implementation. It seems odd to send this
information when it looks like it will always be an empty string and a
port of zero, though, especially given that "port" information makes no
sense for this type of connection.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs