OpenSSH: Fix logic error in DisableForwarding option

This option was documented as disabling X11 and agent forwarding but it failed to do so. Spotted by Tim Rice. Obtained from: OpenBSD d31ec64016fc Sponsored by: The FreeBSD Foundation
author: Ed Maste <emaste@FreeBSD.org> 2025-04-09 10:54:46 -0400
committer: Ed Maste <emaste@FreeBSD.org> 2025-04-09 11:03:29 -0400
commit: 3620d70511dc8bf45752028dac0af6f157ec6146 (patch)
tree: 82bf1059e390f33745339b68c291b4cc766c995a /crypto
parent: f132e8b4c7d918ffb97f9c1f0c26b928874bfd59 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c
index 591f1e329a8d..03a20f9d9648 100644
--- a/crypto/openssh/session.c
+++ b/crypto/openssh/session.c
@@ -2194,7 +2194,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s)
 	if ((r = sshpkt_get_end(ssh)) != 0)
 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 	if (!auth_opts->permit_agent_forwarding_flag ||
-	    !options.allow_agent_forwarding) {
+	    !options.allow_agent_forwarding ||
+	    options.disable_forwarding) {
 		debug_f("agent forwarding disabled");
 		return 0;
 	}
@@ -2589,7 +2590,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
 		ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
 		return 0;
 	}
-	if (!options.x11_forwarding) {
+	if (!options.x11_forwarding || options.disable_forwarding) {
 		debug("X11 forwarding disabled in server configuration file.");
 		return 0;
 	}
author	Ed Maste <emaste@FreeBSD.org>	2025-04-09 10:54:46 -0400
committer	Ed Maste <emaste@FreeBSD.org>	2025-04-09 11:03:29 -0400
commit	3620d70511dc8bf45752028dac0af6f157ec6146 (patch)
tree	82bf1059e390f33745339b68c291b4cc766c995a /crypto
parent	f132e8b4c7d918ffb97f9c1f0c26b928874bfd59 (diff)