From 1aef599ab10aef044c2b51814e35f730a31e84e4 Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Tue, 25 Jun 2019 11:09:07 +0200 Subject: [PATCH] messages: Reject tcpip-forward requests as client When the session is a client session, reject tcpip-forward requests. Signed-off-by: Anderson Toshiyuki Sasaki Reviewed-by: Jakub Jelen --- src/messages.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/messages.c b/src/messages.c index e570b637..1c2a9422 100644 --- a/src/messages.c +++ b/src/messages.c @@ -1491,12 +1491,18 @@ SSH_PACKET_CALLBACK(ssh_packet_global_request){ msg->type = SSH_REQUEST_GLOBAL; if (strcmp(request, "tcpip-forward") == 0) { + + /* According to RFC4254, the client SHOULD reject this message */ + if (session->client) { + goto reply_with_failure; + } + r = ssh_buffer_unpack(packet, "sd", &msg->global_request.bind_address, &msg->global_request.bind_port ); if (r != SSH_OK){ - goto error; + goto reply_with_failure; } msg->global_request.type = SSH_GLOBAL_REQUEST_TCPIP_FORWARD; msg->global_request.want_reply = want_reply; @@ -1516,11 +1522,17 @@ SSH_PACKET_CALLBACK(ssh_packet_global_request){ return rc; } } else if (strcmp(request, "cancel-tcpip-forward") == 0) { + + /* According to RFC4254, the client SHOULD reject this message */ + if (session->client) { + goto reply_with_failure; + } + r = ssh_buffer_unpack(packet, "sd", &msg->global_request.bind_address, &msg->global_request.bind_port); if (r != SSH_OK){ - goto error; + goto reply_with_failure; } msg->global_request.type = SSH_GLOBAL_REQUEST_CANCEL_TCPIP_FORWARD; msg->global_request.want_reply = want_reply;