diff options
| author |   dtucker <dtucker@openbsd.org> | 2016-10-23 22:04:05 +0000 |
|---|---|---|
| committer | dtucker <dtucker@openbsd.org> | 2016-10-23 22:04:05 +0000 |
| commit | 7c66583e2349913a77b34564fe3a78ab7745dca6 (patch) | |
| tree | 350c30ee2b7c5b56d255a9452a215fb850579e4e /usr.bin/ssh/serverloop.c | |
| parent | Remove sunxi board IDs. (diff) | |
| download | wireguard-openbsd-7c66583e2349913a77b34564fe3a78ab7745dca6.tar.xz wireguard-openbsd-7c66583e2349913a77b34564fe3a78ab7745dca6.zip | |
Factor out "can bind to low ports" check into its own function. This will make
it easier for Portable to support platforms with permissions models other than
uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much" deraadt@.
Diffstat (limited to 'usr.bin/ssh/serverloop.c')
| -rw-r--r-- | usr.bin/ssh/serverloop.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index 53e9de64e6f..15d7d400265 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.186 2016/09/12 01:22:38 deraadt Exp $ */ +/* $OpenBSD: serverloop.c,v 1.187 2016/10/23 22:04:05 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -712,8 +712,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 || no_port_forwarding_flag || (!want_reply && fwd.listen_port == 0) || - (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED && - pw->pw_uid != 0)) { + (fwd.listen_port != 0 && + !bind_permitted(fwd.listen_port, pw->pw_uid))) { success = 0; packet_send_debug("Server has disabled port forwarding."); } else { |