> > + if (port > 65535)
> > + packet_disconnect("Requested port is %d is invalid",port);
>
> This still doesn't fix the problem since port is defined as a signed int,
> and negative values will pass your check. Of course, their lower 16 bits
> may represent a privileged port number.
>
The lines directly after this in the code are
if (port < 1024 && !is_root)
packet_disconnect("Requested forwarding of port %d but user is not root.",
It looks like that should catch negative (as well as privileged)
port numbers, so I don't think the patch really has to fix that
problem at all.
-- Christopher Craig (ccraig@cc.gatech.edu) "You could shoot Microsoft Office off the planet and this country would run better. You would see everyone standing around saying, 'I've got so much time now.' " Scott McNealy (CEO of Sun) PGP Key Verification: EE B1 F3 A0 3F BC 3C C7 81 61 F1 91 6E 99 13 65 http://www.cc.gatech.edu/people/home/ccraig