packages/openssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openssh/backport-fix-CVE-2025-32728.patch
bitianyuan 96ea89803e fix CVE-2025-26465 CVE-2025-32728 
Signed-off-by: bitianyuan <bitianyuan@huawei.com>
2025-04-13 21:32:26 +08:00

42 lines
1.4 KiB
Diff
Raw Permalink Blame History

From fc86875e6acb36401dfc1dfb6b628a9d1460f367 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Wed, 9 Apr 2025 07:00:03 +0000
Subject: upstream: Fix logic error in DisableForwarding option. This option
was documented as disabling X11 and agent forwarding but it failed to do so.
Spotted by Tim Rice.
OpenBSD-Commit-ID: fffc89195968f7eedd2fc57f0b1f1ef3193f5ed1
Conflict:NA
Reference:https://anongit.mindrot.org/openssh.git/commit/?id=fc86875e6acb36401dfc1dfb6b628a9d1460f367
---
session.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/session.c b/session.c
index be6a31a..80adc60 100644
--- a/session.c
+++ b/session.c
@@ -2351,7 +2351,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s)
if ((r = sshpkt_get_end(ssh)) != 0)
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
if (!auth_opts->permit_agent_forwarding_flag ||
- !options.allow_agent_forwarding) {
+ !options.allow_agent_forwarding ||
+ options.disable_forwarding) {
debug_f("agent forwarding disabled");
return 0;
}
@@ -2769,7 +2770,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
return 0;
}
- if (!options.x11_forwarding) {
+ if (!options.x11_forwarding || options.disable_forwarding) {
debug("X11 forwarding disabled in server configuration file.");
return 0;
}
--
2.43.0
Reference in New Issue View Git Blame Copy Permalink