Fix multiple vulnerabilities of OpenSSH.

Security: FreeBSD-SA-17:01.openssh Security: CVE-2016-10009 Security: CVE-2016-10010 Approved by: so
author: delphij <delphij@FreeBSD.org> 2017-01-11 06:01:23 +0000
committer: delphij <delphij@FreeBSD.org> 2017-01-11 06:01:23 +0000
commit: 6da66fdfb26a9dc621b9390dc946f7ac0b75fbee (patch)
tree: 0926a1b5184a9446606670a34af65f7d8ddb7b1e /crypto/openssh/serverloop.c
parent: d0a626af58b2092996e20b0bcb07067a6f709539 (diff)
download: FreeBSD-src-6da66fdfb26a9dc621b9390dc946f7ac0b75fbee.zip
FreeBSD-src-6da66fdfb26a9dc621b9390dc946f7ac0b75fbee.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/openssh/serverloop.c b/crypto/openssh/serverloop.c
index 80d1db5..f5c362d 100644
--- a/crypto/openssh/serverloop.c
+++ b/crypto/openssh/serverloop.c
@@ -995,7 +995,7 @@ server_request_direct_streamlocal(void)
 
 	/* XXX fine grained permissions */
 	if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 &&
-	    !no_port_forwarding_flag) {
+	    !no_port_forwarding_flag && use_privsep) {
 		c = channel_connect_to_path(target,
 		    "direct-streamlocal@openssh.com", "direct-streamlocal");
 	} else {
@@ -1279,7 +1279,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
 
 		/* check permissions */
 		if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0
-		    || no_port_forwarding_flag) {
+		    || no_port_forwarding_flag || !use_privsep) {
 			success = 0;
 			packet_send_debug("Server has disabled port forwarding.");
 		} else {
author	delphij <delphij@FreeBSD.org>	2017-01-11 06:01:23 +0000
committer	delphij <delphij@FreeBSD.org>	2017-01-11 06:01:23 +0000
commit	6da66fdfb26a9dc621b9390dc946f7ac0b75fbee (patch)
tree	0926a1b5184a9446606670a34af65f7d8ddb7b1e /crypto/openssh/serverloop.c
parent	d0a626af58b2092996e20b0bcb07067a6f709539 (diff)
download	FreeBSD-src-6da66fdfb26a9dc621b9390dc946f7ac0b75fbee.zip FreeBSD-src-6da66fdfb26a9dc621b9390dc946f7ac0b75fbee.tar.gz