1 files changed, 69 insertions, 32 deletions
diff --git a/channels.c b/channels.c
index 657381b8037d..0f45aee4eb5f 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.389 2019/01/19 21:37:13 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.394 2019/07/07 01:05:00 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -59,7 +59,7 @@
 #include <netdb.h>
 #include <stdarg.h>
 #ifdef HAVE_STDINT_H
- #include <stdint.h>
+# include <stdint.h>
 #endif
 #include <stdio.h>
 #include <stdlib.h>
@@ -493,7 +493,7 @@ permission_set_get(struct ssh *ssh, int where)
 	}
 }
 
-/* Reutrns pointers to the specified forwarding list and its element count */
+/* Returns pointers to the specified forwarding list and its element count */
 static void
 permission_set_get_array(struct ssh *ssh, int who, int where,
     struct permission ***permpp, u_int **npermpp)
@@ -639,10 +639,30 @@ void
 channel_free_all(struct ssh *ssh)
 {
 	u_int i;
+	struct ssh_channels *sc = ssh->chanctxt;
 
-	for (i = 0; i < ssh->chanctxt->channels_alloc; i++)
-		if (ssh->chanctxt->channels[i] != NULL)
-			channel_free(ssh, ssh->chanctxt->channels[i]);
+	for (i = 0; i < sc->channels_alloc; i++)
+		if (sc->channels[i] != NULL)
+			channel_free(ssh, sc->channels[i]);
+
+	free(sc->channels);
+	sc->channels = NULL;
+	sc->channels_alloc = 0;
+	sc->channel_max_fd = 0;
+
+	free(sc->x11_saved_display);
+	sc->x11_saved_display = NULL;
+
+	free(sc->x11_saved_proto);
+	sc->x11_saved_proto = NULL;
+
+	free(sc->x11_saved_data);
+	sc->x11_saved_data = NULL;
+	sc->x11_saved_data_len = 0;
+
+	free(sc->x11_fake_data);
+	sc->x11_fake_data = NULL;
+	sc->x11_fake_data_len = 0;
 }
 
 /*
@@ -1651,7 +1671,7 @@ channel_post_x11_listener(struct ssh *ssh, Channel *c,
 		chan_mark_dead(ssh, c);
 		errno = oerrno;
 	}
-	if (newsock < 0) {
+	if (newsock == -1) {
 		if (errno != EINTR && errno != EWOULDBLOCK &&
 		    errno != ECONNABORTED)
 			error("accept: %.100s", strerror(errno));
@@ -1794,7 +1814,7 @@ channel_post_port_listener(struct ssh *ssh, Channel *c,
 
 	addrlen = sizeof(addr);
 	newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
-	if (newsock < 0) {
+	if (newsock == -1) {
 		if (errno != EINTR && errno != EWOULDBLOCK &&
 		    errno != ECONNABORTED)
 			error("accept: %.100s", strerror(errno));
@@ -1833,7 +1853,7 @@ channel_post_auth_listener(struct ssh *ssh, Channel *c,
 
 	addrlen = sizeof(addr);
 	newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
-	if (newsock < 0) {
+	if (newsock == -1) {
 		error("accept from auth socket: %.100s", strerror(errno));
 		if (errno == EMFILE || errno == ENFILE)
 			c->notbefore = monotime() + 1;
@@ -1861,7 +1881,7 @@ channel_post_connecting(struct ssh *ssh, Channel *c,
 		fatal(":%s: channel %d: no remote id", __func__, c->self);
 	/* for rdynamic the OPEN_CONFIRMATION has been sent already */
 	isopen = (c->type == SSH_CHANNEL_RDYNAMIC_FINISH);
-	if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) < 0) {
+	if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) == -1) {
 		err = errno;
 		error("getsockopt SO_ERROR failed");
 	}
@@ -1936,7 +1956,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c,
 
 	errno = 0;
 	len = read(c->rfd, buf, sizeof(buf));
-	if (len < 0 && (errno == EINTR ||
+	if (len == -1 && (errno == EINTR ||
 	    ((errno == EAGAIN || errno == EWOULDBLOCK) && !force)))
 		return 1;
 #ifndef PTY_ZEROREAD
@@ -2010,7 +2030,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c,
 		/* ignore truncated writes, datagrams might get lost */
 		len = write(c->wfd, buf, dlen);
 		free(data);
-		if (len < 0 && (errno == EINTR || errno == EAGAIN ||
+		if (len == -1 && (errno == EINTR || errno == EAGAIN ||
 		    errno == EWOULDBLOCK))
 			return 1;
 		if (len <= 0)
@@ -2025,7 +2045,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c,
 #endif
 
 	len = write(c->wfd, buf, dlen);
-	if (len < 0 &&
+	if (len == -1 &&
 	    (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK))
 		return 1;
 	if (len <= 0) {
@@ -2079,7 +2099,7 @@ channel_handle_efd_write(struct ssh *ssh, Channel *c,
 	len = write(c->efd, sshbuf_ptr(c->extended),
 	    sshbuf_len(c->extended));
 	debug2("channel %d: written %zd to efd %d", c->self, len, c->efd);
-	if (len < 0 && (errno == EINTR || errno == EAGAIN ||
+	if (len == -1 && (errno == EINTR || errno == EAGAIN ||
 	    errno == EWOULDBLOCK))
 		return 1;
 	if (len <= 0) {
@@ -2110,7 +2130,7 @@ channel_handle_efd_read(struct ssh *ssh, Channel *c,
 
 	len = read(c->efd, buf, sizeof(buf));
 	debug2("channel %d: read %zd from efd %d", c->self, len, c->efd);
-	if (len < 0 && (errno == EINTR || ((errno == EAGAIN ||
+	if (len == -1 && (errno == EINTR || ((errno == EAGAIN ||
 	    errno == EWOULDBLOCK) && !force)))
 		return 1;
 	if (len <= 0) {
@@ -2199,7 +2219,7 @@ read_mux(struct ssh *ssh, Channel *c, u_int need)
 	if (sshbuf_len(c->input) < need) {
 		rlen = need - sshbuf_len(c->input);
 		len = read(c->rfd, buf, MINIMUM(rlen, CHAN_RBUF));
-		if (len < 0 && (errno == EINTR || errno == EAGAIN))
+		if (len == -1 && (errno == EINTR || errno == EAGAIN))
 			return sshbuf_len(c->input);
 		if (len <= 0) {
 			debug2("channel %d: ctl read<=0 rfd %d len %zd",
@@ -2263,7 +2283,7 @@ channel_post_mux_client_write(struct ssh *ssh, Channel *c,
 		return;
 
 	len = write(c->wfd, sshbuf_ptr(c->output), sshbuf_len(c->output));
-	if (len < 0 && (errno == EINTR || errno == EAGAIN))
+	if (len == -1 && (errno == EINTR || errno == EAGAIN))
 		return;
 	if (len <= 0) {
 		chan_mark_dead(ssh, c);
@@ -2311,7 +2331,7 @@ channel_post_mux_listener(struct ssh *ssh, Channel *c,
 		return;
 	}
 
-	if (getpeereid(newsock, &euid, &egid) < 0) {
+	if (getpeereid(newsock, &euid, &egid) == -1) {
 		error("%s getpeereid failed: %s", __func__,
 		    strerror(errno));
 		close(newsock);
@@ -3257,7 +3277,6 @@ channel_input_status_confirm(int type, u_int32_t seq, struct ssh *ssh)
 	int id = channel_parse_id(ssh, __func__, "status confirm");
 	Channel *c;
 	struct channel_confirm *cc;
-	int r;
 
 	/* Reset keepalive timeout */
 	ssh_packet_set_alive_timeouts(ssh, 0);
@@ -3270,7 +3289,7 @@ channel_input_status_confirm(int type, u_int32_t seq, struct ssh *ssh)
 	}
 	if (channel_proxy_upstream(c, type, seq, ssh))
 		return 0;
-        if ((r = sshpkt_get_end(ssh)) != 0)
+        if (sshpkt_get_end(ssh) != 0)
 		ssh_packet_disconnect(ssh, "Invalid status confirm message");
 	if ((cc = TAILQ_FIRST(&c->status_confirms)) == NULL)
 		return 0;
@@ -3441,7 +3460,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type,
 		}
 		/* Create a port to listen for the host. */
 		sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-		if (sock < 0) {
+		if (sock == -1) {
 			/* this is no error since kernel may not support ipv6 */
 			verbose("socket [%s]:%s: %.100s", ntop, strport,
 			    strerror(errno));
@@ -3456,7 +3475,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type,
 		    ntop, strport);
 
 		/* Bind the socket to the address. */
-		if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+		if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
 			/*
 			 * address can be in if use ipv6 address is
 			 * already bound
@@ -3472,7 +3491,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type,
 			continue;
 		}
 		/* Start listening for connections on the socket. */
-		if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
+		if (listen(sock, SSH_LISTEN_BACKLOG) == -1) {
 			error("listen: %.100s", strerror(errno));
 			error("listen [%s]:%s: %.100s", ntop, strport,
 			    strerror(errno));
@@ -3803,6 +3822,23 @@ channel_setup_remote_fwd_listener(struct ssh *ssh, struct Forward *fwd,
 {
 	if (!check_rfwd_permission(ssh, fwd)) {
 		ssh_packet_send_debug(ssh, "port forwarding refused");
+		if (fwd->listen_path != NULL)
+			/* XXX always allowed, see remote_open_match() */
+			logit("Received request from %.100s port %d to "
+			    "remote forward to path \"%.100s\", "
+			    "but the request was denied.",
+			    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
+			    fwd->listen_path);
+		else if(fwd->listen_host != NULL)
+			logit("Received request from %.100s port %d to "
+			    "remote forward to host %.100s port %d, "
+			    "but the request was denied.",
+			    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
+			    fwd->listen_host, fwd->listen_port );
+		else
+			logit("Received request from %.100s port %d to remote "
+			    "forward, but the request was denied.",
+			    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
 		return 0;
 	}
 	if (fwd->listen_path != NULL) {
@@ -4398,8 +4434,9 @@ channel_connect_to_port(struct ssh *ssh, const char *host, u_short port,
 	}
 
 	if (!permit || !permit_adm) {
-		logit("Received request to connect to host %.100s port %d, "
-		    "but the request was denied.", host, port);
+		logit("Received request from %.100s port %d to connect to "
+		    "host %.100s port %d, but the request was denied.",
+		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), host, port);
 		if (reason != NULL)
 			*reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED;
 		return NULL;
@@ -4474,7 +4511,7 @@ channel_send_window_changes(struct ssh *ssh)
 		if (sc->channels[i] == NULL || !sc->channels[i]->client_tty ||
 		    sc->channels[i]->type != SSH_CHANNEL_OPEN)
 			continue;
-		if (ioctl(sc->channels[i]->rfd, TIOCGWINSZ, &ws) < 0)
+		if (ioctl(sc->channels[i]->rfd, TIOCGWINSZ, &ws) == -1)
 			continue;
 		channel_request_start(ssh, i, "window-change", 0);
 		if ((r = sshpkt_put_u32(ssh, (u_int)ws.ws_col)) != 0 ||
@@ -4577,7 +4614,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset,
 				continue;
 			sock = socket(ai->ai_family, ai->ai_socktype,
 			    ai->ai_protocol);
-			if (sock < 0) {
+			if (sock == -1) {
 				if ((errno != EINVAL) && (errno != EAFNOSUPPORT)
 #ifdef EPFNOSUPPORT
 				    && (errno != EPFNOSUPPORT)
@@ -4596,7 +4633,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset,
 				sock_set_v6only(sock);
 			if (x11_use_localhost)
 				set_reuseaddr(sock);
-			if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+			if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
 				debug2("%s: bind port %d: %.100s", __func__,
 				    port, strerror(errno));
 				close(sock);
@@ -4620,7 +4657,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset,
 	/* Start listening for connections on the socket. */
 	for (n = 0; n < num_socks; n++) {
 		sock = socks[n];
-		if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
+		if (listen(sock, SSH_LISTEN_BACKLOG) == -1) {
 			error("listen: %.100s", strerror(errno));
 			close(sock);
 			return -1;
@@ -4652,7 +4689,7 @@ connect_local_xsocket_path(const char *pathname)
 	struct sockaddr_un addr;
 
 	sock = socket(AF_UNIX, SOCK_STREAM, 0);
-	if (sock < 0)
+	if (sock == -1)
 		error("socket: %.100s", strerror(errno));
 	memset(&addr, 0, sizeof(addr));
 	addr.sun_family = AF_UNIX;
@@ -4793,12 +4830,12 @@ x11_connect_display(struct ssh *ssh)
 	for (ai = aitop; ai; ai = ai->ai_next) {
 		/* Create a socket. */
 		sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-		if (sock < 0) {
+		if (sock == -1) {
 			debug2("socket: %.100s", strerror(errno));
 			continue;
 		}
 		/* Connect it to the display. */
-		if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+		if (connect(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
 			debug2("connect %.100s port %u: %.100s", buf,
 			    6000 + display_number, strerror(errno));
 			close(sock);