# HG changeset patch
# User Matt Johnston <matt@ucc.asn.au>
# Date 1336568974 -28800
# Node ID dfdb9d9189ffaf00c1fecd1f1dc42118d3b56f2a
# Parent  1291413c7c7e7bfc22700698d08abcb540910194
Server shouldn't return "localhost" in response to -R forward connections
if that wasn't what the client requested.

diff -r 1291413c7c7e -r dfdb9d9189ff svr-tcpfwd.c
--- a/svr-tcpfwd.c	Wed May 09 20:34:55 2012 +0800
+++ b/svr-tcpfwd.c	Wed May 09 21:09:34 2012 +0800
@@ -172,14 +172,14 @@
 static int svr_remotetcpreq() {
 
 	int ret = DROPBEAR_FAILURE;
-	unsigned char * bindaddr = NULL;
+	unsigned char * request_addr = NULL;
 	unsigned int addrlen;
 	struct TCPListener *tcpinfo = NULL;
 	unsigned int port;
 
 	TRACE(("enter remotetcpreq"))
 
-	bindaddr = buf_getstring(ses.payload, &addrlen);
+	request_addr = buf_getstring(ses.payload, &addrlen);
 	if (addrlen > MAX_IP_LEN) {
 		TRACE(("addr len too long: %d", addrlen))
 		goto out;
@@ -209,12 +209,15 @@
 	tcpinfo->chantype = &svr_chan_tcpremote;
 	tcpinfo->tcp_type = forwarded;
 
-	if (!opts.listen_fwd_all || (strcmp(bindaddr, "localhost") == 0) ) {
+	tcpinfo->request_listenaddr = request_addr;
+	if (!opts.listen_fwd_all || (strcmp(request_addr, "localhost") == 0) ) {
         // NULL means "localhost only"
-		m_free(bindaddr);
-		bindaddr = NULL;
+		tcpinfo->listenaddr = NULL;
 	}
-	tcpinfo->listenaddr = bindaddr;
+	else
+	{
+		tcpinfo->listenaddr = request_addr;
+	}
 
 	ret = listen_tcpfwd(tcpinfo);
 
@@ -222,7 +225,7 @@
 	if (ret == DROPBEAR_FAILURE) {
 		/* we only free it if a listener wasn't created, since the listener
 		 * has to remember it if it's to be cancelled */
-		m_free(bindaddr);
+		m_free(request_addr);
 		m_free(tcpinfo);
 	}
 	TRACE(("leave remotetcpreq"))
diff -r 1291413c7c7e -r dfdb9d9189ff tcp-accept.c
--- a/tcp-accept.c	Wed May 09 20:34:55 2012 +0800
+++ b/tcp-accept.c	Wed May 09 21:09:34 2012 +0800
@@ -40,6 +40,7 @@
 
 	m_free(tcpinfo->sendaddr);
 	m_free(tcpinfo->listenaddr);
+	m_free(tcpinfo->request_listenaddr);
 	m_free(tcpinfo);
 }
 
@@ -78,7 +79,7 @@
 			dropbear_assert(tcpinfo->tcp_type == forwarded);
 			/* "forwarded-tcpip" */
 			/* address that was connected, port that was connected */
-			addr = tcpinfo->listenaddr;
+			addr = tcpinfo->request_listenaddr;
 			port = tcpinfo->listenport;
 		}
 
diff -r 1291413c7c7e -r dfdb9d9189ff tcpfwd.h
--- a/tcpfwd.h	Wed May 09 20:34:55 2012 +0800
+++ b/tcpfwd.h	Wed May 09 21:09:34 2012 +0800
@@ -39,6 +39,8 @@
 	 * localhost, or a normal interface name. */
 	unsigned char *listenaddr;
 	unsigned int listenport;
+	/* The address that the remote host asked to listen on */
+	unsigned char *request_listenaddr;;
 
 	const struct ChanType *chantype;
 	enum {direct, forwarded} tcp_type;