From f79c42317fb80ee181b13273c80f93b7af6f04f3 Mon Sep 17 00:00:00 2001
From: David Gibson <david@gibson.dropbear.id.au>
Date: Wed, 17 Jul 2024 10:36:00 +1000
Subject: conf: Don't configure port forwarding for a disabled protocol

UDP and/or TCP can be disabled with the --no-udp and --no-tcp options.
However, when this is specified, it's still possible to configure forwarded
ports for the disabled protocol.  In some cases this will open sockets and
perform other actions, which might not be safe since the entire protocol
won't be initialised.

Check for this case, and explicitly forbid it.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 conf.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'conf.c')

diff --git a/conf.c b/conf.c
index 3c38ceb..629eb89 100644
--- a/conf.c
+++ b/conf.c
@@ -132,6 +132,11 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
 		return;
 	}
 
+	if ((optname == 't' || optname == 'T') && c->no_tcp)
+		die("TCP port forwarding requested but TCP is disabled");
+	if ((optname == 'u' || optname == 'U') && c->no_udp)
+		die("UDP port forwarding requested but UDP is disabled");
+
 	if (!strcmp(optarg, "auto")) {
 		if (fwd->mode)
 			goto mode_conflict;
-- 
cgit v1.2.3