]> git.ipfire.org Git - thirdparty/openssh-portable.git/commitdiff
projects / thirdparty / openssh-portable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 72b05ec)
upstream: DisableForwarding=yes didn't override PermitTunnel=yes
authordjm@openbsd.org <djm@openbsd.org>
Sun, 31 May 2026 04:47:29 +0000 (04:47 +0000)
committerDamien Miller <djm@mindrot.org>
Sun, 31 May 2026 05:03:57 +0000 (15:03 +1000)
Reported independently by Huzaifa Sidhpurwala of Redhat and Marko
Jevtic; ok markus@

OpenBSD-Commit-ID: b5c13f0746cf079b21f8deba47407fad49ccbf4c

serverloop.c patch | blob | blame | history

diff --git a/serverloop.c b/serverloop.c
index 8e63480ecefa8fbce785b64e65d8eb26d19f4c4e..8a6e3db8024e177d3496400651c92f8255c9b052 100644 (file)
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.246 2026/03/03 09:57:25 dtucker Exp $ */
+/* $OpenBSD: serverloop.c,v 1.247 2026/05/31 04:47:29 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -523,7 +523,7 @@ server_request_tun(struct ssh *ssh)
                ssh_packet_send_debug(ssh, "Unsupported tunnel device mode.");
                return NULL;
        }
-       if ((options.permit_tun & mode) == 0) {
+       if ((options.permit_tun & mode) == 0 || options.disable_forwarding) {
                ssh_packet_send_debug(ssh, "Server has rejected tunnel device "
                    "forwarding");
                return NULL;
Mirror of https://github.com/openssh/openssh-portable.git