* New upstream release (http://www.openssh.org/txt/release-6.0).

  - Fix IPQoS not being set on non-mapped v4-in-v6 addressed connections
    (closes: #643312, #650512).
  - Add a new privilege separation sandbox implementation for Linux's new
    seccomp sandbox, automatically enabled on platforms that support it.
    (Note: privilege separation sandboxing is still experimental.)

1 files changed, 2 insertions, 16 deletions

diff --git a/auth-options.c b/auth-options.c
index 8d1ef0a18..146b3d174 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.54 2010/12/24 21:41:48 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.56 2011/10/18 04:58:26 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -355,7 +355,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                                 goto bad_option;
                         }
                         host = cleanhostname(host);
-                        if (p == NULL || (port = a2port(p)) <= 0) {
+                        if (p == NULL || (port = permitopen_port(p)) < 0) {
                                 debug("%.100s, line %lu: Bad permitopen port "
                                     "<%.100s>", file, linenum, p ? p : "");
                                 auth_debug_add("%.100s, line %lu: "
@@ -466,10 +466,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
                 buffer_append(&data, data_blob, dlen);
                 debug3("found certificate option \"%.100s\" len %u",
                     name, dlen);
-                if (strlen(name) != nlen) {
-                        error("Certificate constraint name contains \\0");
-                        goto out;
-                }
                 found = 0;
                 if ((which & OPTIONS_EXTENSIONS) != 0) {
                         if (strcmp(name, "permit-X11-forwarding") == 0) {
@@ -499,11 +495,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
                                             "corrupt", name);
                                         goto out;
                                 }
-                                if (strlen(command) != clen) {
-                                        error("force-command constraint "
-                                            "contains \\0");
-                                        goto out;
-                                }
                                 if (*cert_forced_command != NULL) {
                                         error("Certificate has multiple "
                                             "force-command options");
@@ -520,11 +511,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
                                             "\"%s\" corrupt", name);
                                         goto out;
                                 }
-                                if (strlen(allowed) != clen) {
-                                        error("source-address constraint "
-                                            "contains \\0");
-                                        goto out;
-                                }
                                 if ((*cert_source_address_done)++) {
                                         error("Certificate has multiple "
                                             "source-address options");