openssh bugs - Nov 2022 - [Bug 3499] New: Bad forwarding specification w. -R port

https://bugzilla.mindrot.org/show_bug.cgi?id=3499

            Bug ID: 3499
           Summary: Bad forwarding specification w. -R port
           Product: Portable OpenSSH
           Version: 9.1p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: beryllium at shaddybaddah.name

General warning. As this seemed too obvious an issue to be (assumed)
long standing, I tried to search for bugs, including resolved/closed,
that match what I am about to report.

I couldn't find any... but I also lack confidence that the
search(/advanced search) isn't injecting keywords into filters, in an
effort to "help", and is diluting the search.

What I am reporting is pretty straight forward. I am trying to use the
*working* binding of a remote port, to a socks proxy through the ssh
client application.

But I am trying to do so using the ~C - Open command line, analogous to
command line invocation arguments, and in accordance with the ssh
manual page. Doing so, I am encountering the error: Bad forwarding
specification.

Below is my best effort at demonstrating the issue.

## Demonstrating that port 13579 isn't initially bound, and is
functional

<< $ nc -v localhost 13579
<< nc: connect to localhost (127.0.0.1) port 13579 (tcp) failed:
Connection refused

# bind it in another session, and connect it in the
original
>> $ nc -v -l localhost 13579
>> Listening on localhost 13579
<< $ nc -v localhost 13579
<< Connection to localhost (127.0.0.1) 13579 port [tcp/*] succeeded!
>. $ nc -v -l localhost 13579
>. Listening on localhost 13579
>> Connection received on localhost 60858
## Now demonstrate working command line invocation -R
port
>> $ ssh -F /dev/null -R 13579 localhost
>> Linux tordnim-debian 5.10.0-15-amd64 #1 SMP Debian 5.10.120-1
(2022-06-09) x86_64
>> ..
>> $ 
<. Connection to localhost (127.0.0.1) 13579 port [tcp/*] succeeded!
<. ^C
<< $ nc -v -X 5 -x localhost:13579 www.google.com 80
<< Connection to www.google.com 80 port [tcp/http] succeeded!
<< GET / HTTP/1.0
<< 
<< HTTP/1.0 200 OK
<< ...

## Now demonstrate the ~C - Open command line error
# first confirm port 13579 has been unbound
<< $ exit
<< logout
<< Connection to localhost closed.
<< $ 
>. ^C
>> $ nc -v -X 5 -x localhost:13579 www.google.com 80
>> nc: connect to localhost port 13579 (tcp) failed: Connection refused
# now remove -R from ssh invocation, and demonstrate
>> $ ssh -F /dev/null localhost
>> Linux tordnim-debian 5.10.0-15-amd64 #1 SMP Debian 5.10.120-1
(2022-06-09) x86_64
>> ..
>> $ 
>> ssh> -R 13579
>> Bad forwarding specification.
# unnecessary, but confirm port 13579 still unbound
>> $ nc -v -X 5 -x localhost:13579 www.google.com 80
>> nc: connect to localhost port 13579 (tcp) failed: Connection refused
According to the ssh manual page, this form of forwarding specification
is allowable.

~C section:

##      ~C      Open command line.  Currently this allows the addition
of port
##              forwardings using the -L, -R and -D options (see
above).  It also

-R section:
##      -R [bind_address:]port:host:hostport
##      -R [bind_address:]port:local_socket
##      -R remote_socket:host:hostport
##      -R remote_socket:local_socket
#*      -R [bind_address:]port
##              Specifies that connections to the given TCP port or
Unix socket
##              on the remote (server) host are to be forwarded to the
local
##              side.
## ...
#*              hostport, or local_socket, or, if no explicit
destination was
#*              specified, ssh will act as a SOCKS 4/5 proxy and
forward connec?
#*              tions to the destinations requested by the remote SOCKS
client.

Accordingly, I feel that encountering a "Bad forwarding
specification."
error is a defect.

Though as per my preamble.. I rather suspect this is a "considered"
omission, with some rationale.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3499

Shaddy Baddah <beryllium at shaddybaddah.name> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |beryllium at shaddybaddah.name

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3499

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Bad forwarding              |Escape char command line -R
                   |specification w. -R port    |does not handle dynamic
                   |                            |(SOCKS) forward spec
             Blocks|                            |3480
                 CC|                            |dtucker at dtucker.net

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
Yep, it looks like the escape char command line processing was
overlooked when dynamic forwarding was added to -R.


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3480
[Bug 3480] tracking bug for openssh-9.2
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3499

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
   Attachment #3625|                            |ok?(djm at mindrot.org)
              Flags|                            |

--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
Created attachment 3625
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3625&action=edit
Check ~C -R for dynamic port forward

Please try this patch which I think will fix it.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3499

Shaddy Baddah <beryllium at shaddybaddah.name> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3625|ok?(djm at mindrot.org)        |
              Flags|                            |

--- Comment #3 from Shaddy Baddah <beryllium at shaddybaddah.name> ---
Comment on attachment 3625
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3625
Check ~C -R for dynamic port forward

Perfect. Working. Thank you.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3499

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3625|                            |ok?(djm at mindrot.org)
              Flags|                            |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3499

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3625|ok?(djm at mindrot.org)        |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3499

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #4 from Darren Tucker <dtucker at dtucker.net> ---
This has been committed and will be in the 9.2 release.  Thanks for the
report.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3499

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
OpenSSH 9.3 has been released. Close resolved bugs

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.