aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssh/serverloop.c
diff options
context:
space:
mode:
authorXin LI <delphij@FreeBSD.org>2017-01-11 05:49:39 +0000
committerXin LI <delphij@FreeBSD.org>2017-01-11 05:49:39 +0000
commit9ea45e75fa1d7245033d8b339fded7c1d6b3386d (patch)
tree77cc14eee0aa9ab4c603bb0a9094a2d0be4a4a41 /crypto/openssh/serverloop.c
parent6b3e2169c5ab3eb877e21343fa7044f2f5bfc325 (diff)
parent8f8c559269bccf737d318b89630a0ef812865b99 (diff)
downloadsrc-9ea45e75fa1d7245033d8b339fded7c1d6b3386d.tar.gz
src-9ea45e75fa1d7245033d8b339fded7c1d6b3386d.zip
MFV r311913:
Fix multiple OpenSSH vulnerabilities. Submitted by: des Approved by: so
Notes
Notes: svn path=/head/; revision=311914
Diffstat (limited to 'crypto/openssh/serverloop.c')
-rw-r--r--crypto/openssh/serverloop.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/openssh/serverloop.c b/crypto/openssh/serverloop.c
index 80d1db5490bc..f5c362dfcc59 100644
--- a/crypto/openssh/serverloop.c
+++ b/crypto/openssh/serverloop.c
@@ -995,7 +995,7 @@ server_request_direct_streamlocal(void)
/* XXX fine grained permissions */
if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 &&
- !no_port_forwarding_flag) {
+ !no_port_forwarding_flag && use_privsep) {
c = channel_connect_to_path(target,
"direct-streamlocal@openssh.com", "direct-streamlocal");
} else {
@@ -1279,7 +1279,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
/* check permissions */
if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0
- || no_port_forwarding_flag) {
+ || no_port_forwarding_flag || !use_privsep) {
success = 0;
packet_send_debug("Server has disabled port forwarding.");
} else {
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-29 19:39:00 +0000