openssh unix dev - Sep 2014 - Remote port forwarding in a multiplexed connection: possible "clientspecified" bug

Remote port forwarding with sshd_config option 'GatewayPorts' set to
"clientspecified" does not seem to work as specified, when configured
from a  "slave" ssh using a multiplexed connection. Ssh man page on
remote port forwarding says:

"-R [bind_address:]port:host:hostport
             ...
             By default, the listening socket on the server will be bound to the
loopback
             interface only.  This may be overridden by specifying a
bind_address.  An empty
             bind_address, or the address '*', indicates that the remote
socket should listen
             on all interfaces.
             ...
"

Now the following mux command (on client with ControlMaster connected and
running and ControlPath set appropriately):

    $ ssh -O forward -R ':0:localhost:3502' <hostaddr>
    Allocated port 48293 for remote forward to localhost:3502

results in (on server):

    $ netstat -lt
    Active Internet connections (only servers)
    Proto	Recv-Q	Send-Q	Local Address	Foreign Address State      
    tcp	0	0	localhost:48293	*:*                     LISTEN     
    tcp	0	0	*:ssh		*:*                     LISTEN     
    tcp6	0	0	localhost:48293	[::]:*                  LISTEN     
    tcp6	0	0	[::]:ssh		[::]:*                  LISTEN     

Port 48293 (set with an empty bind_address) should be bind to wildcard address,
not localhost. The same -R option given for ControlMaster (or non-multiplexed
ssh client) works as expected.

Looks like a bug in ssh client code?

Client version: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014

--
Sami Hartikainen