upstream: add missing askpass check when using

ControlMaster=ask/autoask and "ssh -O proxy ..."; reported by Michalis
Vasileiadis

OpenBSD-Commit-ID: 8dd7b9b96534e9a8726916b96d36bed466d3836a

diff --git a/mux.c b/mux.c
index 5e20c7760a6c454ea71125f6a1dc7ccd22f9a4b5..0cd169732cd32deb44738de199b1a51e93ecd7b6 100644 (file)
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.112 2026/03/05 05:40:36 djm Exp $ */
+/* $OpenBSD: mux.c,v 1.113 2026/04/02 07:39:57 djm Exp $ */
 /*
  * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
  *
@@ -1172,6 +1172,16 @@ mux_master_process_proxy(struct ssh *ssh, u_int rid,
 
        debug_f("channel %d: proxy request", c->self);
 
+       if (options.control_master == SSHCTL_MASTER_ASK ||
+           options.control_master == SSHCTL_MASTER_AUTO_ASK) {
+               if (!ask_permission("Allow multiplex proxy connection?")) {
+                       debug2_f("proxy refused by user");
+                       reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
+                           "Permission denied");
+                       return 0;
+               }
+       }
+
        c->mux_rcb = channel_proxy_downstream;
        if ((r = sshbuf_put_u32(reply, MUX_S_PROXY)) != 0 ||
            (r = sshbuf_put_u32(reply, rid)) != 0)