diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-06-25 11:09:07 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-06-27 09:56:49 +0200 |
commit | d71a7976dd65becd0336d5a5fa4f682db4deb609 (patch) | |
tree | 499683b2300c13b24da8c025668c88b2183972ec | |
parent | 8fe8d13e29a106e33c4c0837c8221a3487613e38 (diff) | |
download | libssh-d71a7976dd65becd0336d5a5fa4f682db4deb609.tar.gz libssh-d71a7976dd65becd0336d5a5fa4f682db4deb609.tar.xz libssh-d71a7976dd65becd0336d5a5fa4f682db4deb609.zip |
messages: Reject tcpip-forward requests as client
When the session is a client session, reject tcpip-forward requests.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 1aef599ab10aef044c2b51814e35f730a31e84e4)
-rw-r--r-- | src/messages.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/messages.c b/src/messages.c index e570b637..1c2a9422 100644 --- a/src/messages.c +++ b/src/messages.c @@ -1491,12 +1491,18 @@ SSH_PACKET_CALLBACK(ssh_packet_global_request){ msg->type = SSH_REQUEST_GLOBAL; if (strcmp(request, "tcpip-forward") == 0) { + + /* According to RFC4254, the client SHOULD reject this message */ + if (session->client) { + goto reply_with_failure; + } + r = ssh_buffer_unpack(packet, "sd", &msg->global_request.bind_address, &msg->global_request.bind_port ); if (r != SSH_OK){ - goto error; + goto reply_with_failure; } msg->global_request.type = SSH_GLOBAL_REQUEST_TCPIP_FORWARD; msg->global_request.want_reply = want_reply; @@ -1516,11 +1522,17 @@ SSH_PACKET_CALLBACK(ssh_packet_global_request){ return rc; } } else if (strcmp(request, "cancel-tcpip-forward") == 0) { + + /* According to RFC4254, the client SHOULD reject this message */ + if (session->client) { + goto reply_with_failure; + } + r = ssh_buffer_unpack(packet, "sd", &msg->global_request.bind_address, &msg->global_request.bind_port); if (r != SSH_OK){ - goto error; + goto reply_with_failure; } msg->global_request.type = SSH_GLOBAL_REQUEST_CANCEL_TCPIP_FORWARD; msg->global_request.want_reply = want_reply; |