From 0fa3cdcd2b84b060608daa19ac7bb7955533b032 Mon Sep 17 00:00:00 2001 From: rosstimothy <39066650+rosstimothy@users.noreply.github.com> Date: Fri, 13 Dec 2024 15:00:24 -0500 Subject: [PATCH] Prevent forwarded tcpip requests hanging indefinitely (#50209) The SSH channel was only being closed in the happy path once proxying of data completed. This resulted in any connections being made, and failing for any reason prior to that hanging until the user terminated the request. The behavior from the regular.Server was copied to the forward.Server to ensure that the channel is always closed when handleDirectTCPIPRequest terminates. --- lib/srv/forward/sshserver.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/srv/forward/sshserver.go b/lib/srv/forward/sshserver.go index 90423046ccb88..d2366495c5b0b 100644 --- a/lib/srv/forward/sshserver.go +++ b/lib/srv/forward/sshserver.go @@ -24,6 +24,7 @@ import ( "fmt" "io" "net" + "os" "strings" "time" @@ -1062,8 +1063,12 @@ func (s *Server) handleDirectTCPIPRequest(ctx context.Context, ch ssh.Channel, r if err != nil { s.log.Errorf("Unable to create connection context: %v.", err) s.stderrWrite(ch, "Unable to create connection context.") + if err := ch.Close(); err != nil { + s.log.Warnf("Failed to close channel: %v", err) + } return } + scx.AddCloser(ch) scx.RemoteClient = s.remoteClient scx.ExecType = teleport.ChanDirectTCPIP scx.SrcAddr = sshutils.JoinHostPort(req.Orig, req.OrigPort) @@ -1095,8 +1100,8 @@ func (s *Server) handleDirectTCPIPRequest(ctx context.Context, ch ssh.Channel, r scx.WithError(err).Warn("Failed to emit port forward event.") } - if err := utils.ProxyConn(ctx, ch, conn); err != nil { - s.log.WithError(err).Warn("Pailed proxying data for port forwarding connection.") + if err := utils.ProxyConn(ctx, ch, conn); err != nil && !errors.Is(err, io.EOF) && !errors.Is(err, os.ErrClosed) { + s.log.WithError(err).Warn("Failed proxying data for port forwarding connection.") } }