git: c976df712c0f - stable/13 - OpenSSH: Fix logic error in DisableForwarding option
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 14 Apr 2025 19:25:29 UTC
The branch stable/13 has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=c976df712c0f64d43970be7036301ce7cf558a78
commit c976df712c0f64d43970be7036301ce7cf558a78
Author: Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2025-04-09 14:54:46 +0000
Commit: Ed Maste <emaste@FreeBSD.org>
CommitDate: 2025-04-14 19:25:13 +0000
OpenSSH: Fix logic error in DisableForwarding option
This option was documented as disabling X11 and agent forwarding but it
failed to do so. Spotted by Tim Rice.
Obtained from: OpenBSD d31ec64016fc
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 3620d70511dc8bf45752028dac0af6f157ec6146)
(cherry picked from commit fcda475ccfcabe6f70e6ef25ccd507ac4b92c1ee)
---
crypto/openssh/session.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c
index 591f1e329a8d..03a20f9d9648 100644
--- a/crypto/openssh/session.c
+++ b/crypto/openssh/session.c
@@ -2194,7 +2194,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s)
if ((r = sshpkt_get_end(ssh)) != 0)
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
if (!auth_opts->permit_agent_forwarding_flag ||
- !options.allow_agent_forwarding) {
+ !options.allow_agent_forwarding ||
+ options.disable_forwarding) {
debug_f("agent forwarding disabled");
return 0;
}
@@ -2589,7 +2590,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
return 0;
}
- if (!options.x11_forwarding) {
+ if (!options.x11_forwarding || options.disable_forwarding) {
debug("X11 forwarding disabled in server configuration file.");
return 0;
}