summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-07-02 15:28:40 +1000
committerDamien Miller <djm@mindrot.org>2014-07-02 15:28:40 +1000
commit19439e9a2a0ac0b4b3b1210e89695418beb1c883 (patch)
treeaf674eb1683d939d284f8b055dc1b4689920a47e
parent8668706d0f52654fe64c0ca41a96113aeab8d2b8 (diff)
downloadopenssh-git-19439e9a2a0ac0b4b3b1210e89695418beb1c883.tar.gz
- djm@cvs.openbsd.org 2014/06/24 02:19:48
[ssh.c] don't fatal() when hostname canonicalisation fails with a ProxyCommand in use; continue and allow the ProxyCommand to connect anyway (e.g. to a host with a name outside the DNS behind a bastion)
Diffstat
-rw-r--r--ChangeLog6
-rw-r--r--ssh.c14
2 files changed, 15 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index e821f6de..95b4895d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -44,6 +44,12 @@
Dempsky and Ron Bowes for a detailed review a few months ago.
NB. This commit also removes portable OpenSSH support for OpenSSL
<0.9.8e.
+ - djm@cvs.openbsd.org 2014/06/24 02:19:48
+ [ssh.c]
+ don't fatal() when hostname canonicalisation fails with a
+ ProxyCommand in use; continue and allow the ProxyCommand to
+ connect anyway (e.g. to a host with a name outside the DNS
+ behind a bastion)
20140618
- (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare
diff --git a/ssh.c b/ssh.c
index d369b68e..35fc7ddf 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.402 2014/04/29 18:01:49 markus Exp $ */
+/* $OpenBSD: ssh.c,v 1.403 2014/06/24 02:19:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -930,10 +930,14 @@ main(int ac, char **av)
if (addrs == NULL && options.num_permitted_cnames != 0 &&
(option_clear_or_none(options.proxy_command) ||
options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) {
- if ((addrs = resolve_host(host, options.port, 1,
- cname, sizeof(cname))) == NULL)
- cleanup_exit(255); /* resolve_host logs the error */
- check_follow_cname(&host, cname);
+ if ((addrs = resolve_host(host, options.port,
+ option_clear_or_none(options.proxy_command),
+ cname, sizeof(cname))) == NULL) {
+ /* Don't fatal proxied host names not in the DNS */
+ if (option_clear_or_none(options.proxy_command))
+ cleanup_exit(255); /* logged in resolve_host */
+ } else
+ check_follow_cname(&host, cname);
}
/*
View Lorry Controller Status