diff options
author | Xin LI <delphij@FreeBSD.org> | 2017-01-11 05:49:39 +0000 |
---|---|---|
committer | Xin LI <delphij@FreeBSD.org> | 2017-01-11 05:49:39 +0000 |
commit | 9ea45e75fa1d7245033d8b339fded7c1d6b3386d (patch) | |
tree | 77cc14eee0aa9ab4c603bb0a9094a2d0be4a4a41 /crypto/openssh/serverloop.c | |
parent | 6b3e2169c5ab3eb877e21343fa7044f2f5bfc325 (diff) | |
parent | 8f8c559269bccf737d318b89630a0ef812865b99 (diff) | |
download | src-9ea45e75fa1d7245033d8b339fded7c1d6b3386d.tar.gz src-9ea45e75fa1d7245033d8b339fded7c1d6b3386d.zip |
MFV r311913:
Fix multiple OpenSSH vulnerabilities.
Submitted by: des
Approved by: so
Notes
Notes:
svn path=/head/; revision=311914
Diffstat (limited to 'crypto/openssh/serverloop.c')
-rw-r--r-- | crypto/openssh/serverloop.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/openssh/serverloop.c b/crypto/openssh/serverloop.c index 80d1db5490bc..f5c362dfcc59 100644 --- a/crypto/openssh/serverloop.c +++ b/crypto/openssh/serverloop.c @@ -995,7 +995,7 @@ server_request_direct_streamlocal(void) /* XXX fine grained permissions */ if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 && - !no_port_forwarding_flag) { + !no_port_forwarding_flag && use_privsep) { c = channel_connect_to_path(target, "direct-streamlocal@openssh.com", "direct-streamlocal"); } else { @@ -1279,7 +1279,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) /* check permissions */ if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0 - || no_port_forwarding_flag) { + || no_port_forwarding_flag || !use_privsep) { success = 0; packet_send_debug("Server has disabled port forwarding."); } else { |