Package: httptunnel
Version: 3.3-3
Severity: important
Tags: patch
The --stdin-stdout option is broken, both in the client (htc) and the
server (hts). When used, the program writes its output to stdin instead
of stdout. This breaks anything calling htc or hts with --stdin-stdout,
unless stdin happens to be something which can be written to (e.g. a
socket or a pseudo-terminal).
In particular, it will break programs that communicate with htc or hts
with via pipes, such as the OpenSSH client with the ProxyCommand set to
htc (which is one of the main purposes for which someone would want to
use httptunnel in the first place).
What happens is an infinite connect/disconnect loop where htc connects,
gets the banner from the server (sshd for example), fails to pass it to
the client (ssh in this case) because it tries to write to stdin, then
reconnects to try again, over and over.
To reproduce, take the following steps:
1. Run an httptunnel server somewhere, for example:
$ hts -F www.example.com:80 -w
2. Run the client with --stdin-stdout, so that its stdin is not a tty.
Assuming the server is on the same machine:
$ cat | htc --stdin-stdout localhost
3. While the client is still running, check the active connections.
You will notice hundreds of connections being created and closed,
endlessly.
$ netstat -at
The expected behavior would be for htc not to be stuck making infinite
connections to hts, and for the tunnel to actually work. As it stands,
if you type e.g. "GET / HTTP/1.0" (without the quotes) and two newlines
on the client at step 2, nothing will happen (you should see the HTML
response from www.example.com).
The problem is with a broken check. There's a check to see if the file
descriptor to read and write on is 0 (stdin), and if so the code was
_meant_ to write to stdout (fd 1) instead, but someone actually typed 0
in the source. The problem is obvious when you look at the patch.
This problem also exists upstream, in the latest version (3.3 as of this
writing, since 2001). I have reported it to the upstream maintainers via
email and submitted the same patch I am submitting below.
*****************
ChangeLog entry:
2007-06-20 Israel G. Lugo <[EMAIL PROTECTED]>
* common.c (handle_tunnel_input): really write to stdout if fd == 0.
*****************
Patch:
diff -dur httptunnel-3.3/common.c httptunnel-3.3-fix_write_stdin/common.c
--- httptunnel-3.3/common.c 2001-02-25 12:45:41.000000000 +0100
+++ httptunnel-3.3-fix_write_stdin/common.c 2007-06-20
21:38:54.000000000 +0200
@@ -314,7 +314,7 @@
/* If fd == 0, then we are using --stdin-stdout so write to stdout,
* not fd. */
- m = write_all (fd ? fd : 0, buf, (size_t)n);
+ m = write_all (fd ? fd : 1, buf, (size_t)n);
log_annoying ("write_all (%d, %p, %d) = %d", fd ? fd : 1, buf, n, m);
return m;
}
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
