Factor out "can bind to low ports" check into its own function. This will make

it easier for Portable to support platforms with permissions models other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much" deraadt@.
author: dtucker <dtucker@openbsd.org> 2016-10-23 22:04:05 +0000
committer: dtucker <dtucker@openbsd.org> 2016-10-23 22:04:05 +0000
commit: 7c66583e2349913a77b34564fe3a78ab7745dca6 (patch)
tree: 350c30ee2b7c5b56d255a9452a215fb850579e4e /usr.bin/ssh/readconf.c
parent: Remove sunxi board IDs. (diff)
download: wireguard-openbsd-7c66583e2349913a77b34564fe3a78ab7745dca6.tar.xz
wireguard-openbsd-7c66583e2349913a77b34564fe3a78ab7745dca6.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index 7c7029a2585..9c163865c28 100644
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.260 2016/08/25 23:56:51 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.261 2016/10/23 22:04:05 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -297,7 +297,7 @@ add_local_forward(Options *options, const struct Forward *newfwd)
 	extern uid_t original_real_uid;
 	int i;
 
-	if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 &&
+	if (bind_permitted(newfwd->listen_port, original_real_uid) &&
 	    newfwd->listen_path == NULL)
 		fatal("Privileged ports can only be forwarded by root.");
 	/* Don't add duplicates */
author	dtucker <dtucker@openbsd.org>	2016-10-23 22:04:05 +0000
committer	dtucker <dtucker@openbsd.org>	2016-10-23 22:04:05 +0000
commit	7c66583e2349913a77b34564fe3a78ab7745dca6 (patch)
tree	350c30ee2b7c5b56d255a9452a215fb850579e4e /usr.bin/ssh/readconf.c
parent	Remove sunxi board IDs. (diff)
download	wireguard-openbsd-7c66583e2349913a77b34564fe3a78ab7745dca6.tar.xz wireguard-openbsd-7c66583e2349913a77b34564fe3a78ab7745dca6.zip