| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 |
- From fc86875e6acb36401dfc1dfb6b628a9d1460f367 Mon Sep 17 00:00:00 2001
- From: "djm@openbsd.org" <djm@openbsd.org>
- Date: Wed, 9 Apr 2025 07:00:03 +0000
- Subject: [PATCH] upstream: Fix logic error in DisableForwarding option.
- This option was documented as disabling X11 and agent forwarding but it failed to do so.
- Spotted by Tim Rice.
- OpenBSD-Commit-ID: fffc89195968f7eedd2fc57f0b1f1ef3193f5ed1
- Upstream: https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367
- Fixes the following CVE:
- - CVE-2025-32728: In sshd in OpenSSH before 10.0, the DisableForwarding
- directive does not adhere to the documentation stating
- that it disables X11 and agent forwarding.
- [Titouan:
- - Remove diff on OpenBSD comment at the top of the file that does not apply
- cleanly on openssh 9.9
- ]
- Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
- ---
- session.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
- diff --git a/session.c b/session.c
- index 52a4a3446e6..6444c77f31c 100644
- --- a/session.c
- +++ b/session.c
- @@ -2171,7 +2171,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s)
- if ((r = sshpkt_get_end(ssh)) != 0)
- sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
- if (!auth_opts->permit_agent_forwarding_flag ||
- - !options.allow_agent_forwarding) {
- + !options.allow_agent_forwarding ||
- + options.disable_forwarding) {
- debug_f("agent forwarding disabled");
- return 0;
- }
- @@ -2566,7 +2567,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
- ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
- return 0;
- }
- - if (!options.x11_forwarding) {
- + if (!options.x11_forwarding || options.disable_forwarding) {
- debug("X11 forwarding disabled in server configuration file.");
- return 0;
- }
|
