From 43417637ec464f4a0b809429f2c60013ae100433 Mon Sep 17 00:00:00 2001 From: rosstimothy <39066650+rosstimothy@users.noreply.github.com> Date: Fri, 13 Dec 2024 15:00:24 -0500 Subject: [PATCH] Prevent forwarded tcpip requests hanging indefinitely (#50209) The SSH channel was only being closed in the happy path once proxying of data completed. This resulted in any connections being made, and failing for any reason prior to that hanging until the user terminated the request. The behavior from the regular.Server was copied to the forward.Server to ensure that the channel is always closed when handleDirectTCPIPRequest terminates. --- lib/srv/forward/sshserver.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/srv/forward/sshserver.go b/lib/srv/forward/sshserver.go index 90423046ccb88..b0995f0f05447 100644 --- a/lib/srv/forward/sshserver.go +++ b/lib/srv/forward/sshserver.go @@ -21,9 +21,11 @@ package forward import ( "context" "encoding/json" + "errors" "fmt" "io" "net" + "os" "strings" "time" @@ -1062,8 +1064,12 @@ func (s *Server) handleDirectTCPIPRequest(ctx context.Context, ch ssh.Channel, r if err != nil { s.log.Errorf("Unable to create connection context: %v.", err) s.stderrWrite(ch, "Unable to create connection context.") + if err := ch.Close(); err != nil { + s.log.Warnf("Failed to close channel: %v", err) + } return } + scx.AddCloser(ch) scx.RemoteClient = s.remoteClient scx.ExecType = teleport.ChanDirectTCPIP scx.SrcAddr = sshutils.JoinHostPort(req.Orig, req.OrigPort) @@ -1095,8 +1101,8 @@ func (s *Server) handleDirectTCPIPRequest(ctx context.Context, ch ssh.Channel, r scx.WithError(err).Warn("Failed to emit port forward event.") } - if err := utils.ProxyConn(ctx, ch, conn); err != nil { - s.log.WithError(err).Warn("Pailed proxying data for port forwarding connection.") + if err := utils.ProxyConn(ctx, ch, conn); err != nil && !errors.Is(err, io.EOF) && !errors.Is(err, os.ErrClosed) { + s.log.WithError(err).Warn("Failed proxying data for port forwarding connection.") } }