openssh bugs - Jan 2016 - [Bug 2529] New: direct-streamlocal channel open doesn't match PROTOCOL documentation

https://bugzilla.mindrot.org/show_bug.cgi?id=2529

            Bug ID: 2529
           Summary: direct-streamlocal channel open doesn't match PROTOCOL
                    documentation
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: ronf at timeheart.net

I attempted to implement support for direct-streamlocal at openssh.com
channels in my own SSH implementation and found that the documentation
in the OpenSSH PROTOCOL file doesn't match the implementation in
OpenSSH. The PROTOCOL file describes the channel open message as:

        byte            SSH_MSG_CHANNEL_OPEN
        string          "direct-streamlocal at openssh.com"
        uint32          sender channel
        uint32          initial window size
        uint32          maximum packet size
        string          socket path

However, the implementation tacks some additional data to the end:

                packet_start(SSH2_MSG_CHANNEL_OPEN);
                packet_put_cstring(rtype);
                packet_put_int(c->self);
                packet_put_int(c->local_window_max);
                packet_put_int(c->local_maxpacket);
                if (strcmp(rtype, "direct-tcpip") == 0) {
                        /* target host, port */
                        packet_put_cstring(c->path);
                        packet_put_int(c->host_port);
                } else if (strcmp(rtype,
"direct-streamlocal at openssh.com") == 0) {
                        /* target path */
                        packet_put_cstring(c->path);
                } else if (strcmp(rtype,
"forwarded-streamlocal at openssh.com") == 0) {
                        /* listen path */
                        packet_put_cstring(c->path);
                } else {
                        /* listen address, port */
                        packet_put_cstring(c->path);
                        packet_put_int(local_port);
                }
                if (strcmp(rtype, "forwarded-streamlocal at
openssh.com")
== 0) {
                        /* reserved for future owner/mode info */
                        packet_put_cstring("");
                } else {
-->                     /* originator host and port */
-->                     packet_put_cstring(remote_ipaddr);
-->                     packet_put_int((u_int)remote_port);
                }
                packet_send();

It correctly special-cases forwarded-streamlocal, but for all other
cases (including direct-streamlocal) it appends the remote IP add and
port, even though these values are not applicable in the
direct-streamlocal case.

This may be difficult to fix in a backward-compatible manner, since the
code in serverloop.c actually seems to be expecting to get a host &
port:

        target = packet_get_string(NULL);
        originator = packet_get_string(NULL);
        originator_port = packet_get_int();
        packet_check_eom();

So, perhaps the right thing here is to update the documentation in
PROTOCOL to match the current implementation. It seems odd to send this
information when it looks like it will always be an empty string and a
port of zero, though, especially given that "port" information makes
no
sense for this type of connection.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2529

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |Todd.Miller at courtesan.com,
                   |                            |djm at mindrot.org
             Blocks|                            |2451

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
I think the suggested fix (updating PROTOCOL) is probably the best one
given the circumstances. What do you think, Todd?


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2529

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Retarget to openssh-7.3

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2529

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2543


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2543
[Bug 2543] Tracking bug for OpenSSH 7.3 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2529

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|2451                        |

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Retarget to openssh-7.3


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2529

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
I've adjusted the PROTOCOL documentation to read:

        byte            SSH_MSG_CHANNEL_OPEN
        string          "direct-streamlocal at openssh.com"
        uint32          sender channel
        uint32          initial window size
        uint32          maximum packet size
        string          socket path
+       string          reserved
+       uint32          reserved

Maybe we could make something useful out of them in the future.

The updated PROTOCOL will be in the openssh-7.3 release.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2529

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.