diff options
author | Damien Miller <djm@mindrot.org> | 2014-07-02 15:28:40 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-07-02 15:28:40 +1000 |
commit | 19439e9a2a0ac0b4b3b1210e89695418beb1c883 (patch) | |
tree | af674eb1683d939d284f8b055dc1b4689920a47e | |
parent | 8668706d0f52654fe64c0ca41a96113aeab8d2b8 (diff) | |
download | openssh-git-19439e9a2a0ac0b4b3b1210e89695418beb1c883.tar.gz |
- djm@cvs.openbsd.org 2014/06/24 02:19:48
[ssh.c]
don't fatal() when hostname canonicalisation fails with a
ProxyCommand in use; continue and allow the ProxyCommand to
connect anyway (e.g. to a host with a name outside the DNS
behind a bastion)
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | ssh.c | 14 |
2 files changed, 15 insertions, 5 deletions
@@ -44,6 +44,12 @@ Dempsky and Ron Bowes for a detailed review a few months ago. NB. This commit also removes portable OpenSSH support for OpenSSL <0.9.8e. + - djm@cvs.openbsd.org 2014/06/24 02:19:48 + [ssh.c] + don't fatal() when hostname canonicalisation fails with a + ProxyCommand in use; continue and allow the ProxyCommand to + connect anyway (e.g. to a host with a name outside the DNS + behind a bastion) 20140618 - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.402 2014/04/29 18:01:49 markus Exp $ */ +/* $OpenBSD: ssh.c,v 1.403 2014/06/24 02:19:48 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -930,10 +930,14 @@ main(int ac, char **av) if (addrs == NULL && options.num_permitted_cnames != 0 && (option_clear_or_none(options.proxy_command) || options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) { - if ((addrs = resolve_host(host, options.port, 1, - cname, sizeof(cname))) == NULL) - cleanup_exit(255); /* resolve_host logs the error */ - check_follow_cname(&host, cname); + if ((addrs = resolve_host(host, options.port, + option_clear_or_none(options.proxy_command), + cname, sizeof(cname))) == NULL) { + /* Don't fatal proxied host names not in the DNS */ + if (option_clear_or_none(options.proxy_command)) + cleanup_exit(255); /* logged in resolve_host */ + } else + check_follow_cname(&host, cname); } /* |