metalefty/openssh
1
0
Fork 0
forked from rpms/openssh
Code Pull Requests Activity
f4e43bc272
openssh/openssh-9.9p1-disable-forwarding.patch
Zoltan Fridrich f4e43bc272 CVE-2025-32728: Fix logic error in DisableForwarding option 
Resolves: RHEL-86819

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2025-04-29 12:32:10 +02:00

23 lines
862 B
Diff
Raw Blame History

diff --color -ruNp a/session.c b/session.c
--- a/session.c 2025-04-29 11:20:59.475107377 +0200
+++ b/session.c 2025-04-29 11:23:16.638538968 +0200
@@ -2284,7 +2284,8 @@ session_auth_agent_req(struct ssh *ssh,
if ((r = sshpkt_get_end(ssh)) != 0)
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
if (!auth_opts->permit_agent_forwarding_flag ||
- !options.allow_agent_forwarding) {
+ !options.allow_agent_forwarding ||
+ options.disable_forwarding) {
debug_f("agent forwarding disabled");
return 0;
}
@@ -2709,7 +2710,7 @@ session_setup_x11fwd(struct ssh *ssh, Se
ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
return 0;
}
- if (!options.x11_forwarding) {
+ if (!options.x11_forwarding || options.disable_forwarding) {
debug("X11 forwarding disabled in server configuration file.");
return 0;
}
View Git Blame Copy Permalink