upstream: Fix logic error in DisableForwarding option. This option

was documented as disabling X11 and agent forwarding but it failed to do so.
Spotted by Tim Rice.

OpenBSD-Commit-ID: fffc89195968f7eedd2fc57f0b1f1ef3193f5ed1

diff --git a/session.c b/session.c
index 52a4a3446e6df702374fb0aeb982f6661e033044..6444c77f31c2c97dc598a31b7bcffc4a9559c209 100644 (file)
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.340 2024/12/06 06:55:28 dtucker Exp $ */
+/* $OpenBSD: session.c,v 1.341 2025/04/09 07:00:03 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -2171,7 +2171,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s)
        if ((r = sshpkt_get_end(ssh)) != 0)
                sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
        if (!auth_opts->permit_agent_forwarding_flag ||
-           !options.allow_agent_forwarding) {
+           !options.allow_agent_forwarding ||
+           options.disable_forwarding) {
                debug_f("agent forwarding disabled");
                return 0;
        }
@@ -2566,7 +2567,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
                ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
                return 0;
        }
-       if (!options.x11_forwarding) {
+       if (!options.x11_forwarding || options.disable_forwarding) {
                debug("X11 forwarding disabled in server configuration file.");
                return 0;
        }