summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--ssh.c14
2 files changed, 15 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index e821f6de2..95b4895d5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -44,6 +44,12 @@
44 Dempsky and Ron Bowes for a detailed review a few months ago. 44 Dempsky and Ron Bowes for a detailed review a few months ago.
45 NB. This commit also removes portable OpenSSH support for OpenSSL 45 NB. This commit also removes portable OpenSSH support for OpenSSL
46 <0.9.8e. 46 <0.9.8e.
47 - djm@cvs.openbsd.org 2014/06/24 02:19:48
48 [ssh.c]
49 don't fatal() when hostname canonicalisation fails with a
50 ProxyCommand in use; continue and allow the ProxyCommand to
51 connect anyway (e.g. to a host with a name outside the DNS
52 behind a bastion)
47 53
4820140618 5420140618
49 - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare 55 - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare
diff --git a/ssh.c b/ssh.c
index d369b68e9..35fc7ddf9 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.402 2014/04/29 18:01:49 markus Exp $ */ 1/* $OpenBSD: ssh.c,v 1.403 2014/06/24 02:19:48 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -930,10 +930,14 @@ main(int ac, char **av)
930 if (addrs == NULL && options.num_permitted_cnames != 0 && 930 if (addrs == NULL && options.num_permitted_cnames != 0 &&
931 (option_clear_or_none(options.proxy_command) || 931 (option_clear_or_none(options.proxy_command) ||
932 options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) { 932 options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) {
933 if ((addrs = resolve_host(host, options.port, 1, 933 if ((addrs = resolve_host(host, options.port,
934 cname, sizeof(cname))) == NULL) 934 option_clear_or_none(options.proxy_command),
935 cleanup_exit(255); /* resolve_host logs the error */ 935 cname, sizeof(cname))) == NULL) {
936 check_follow_cname(&host, cname); 936 /* Don't fatal proxied host names not in the DNS */
937 if (option_clear_or_none(options.proxy_command))
938 cleanup_exit(255); /* logged in resolve_host */
939 } else
940 check_follow_cname(&host, cname);
937 } 941 }
938 942
939 /* 943 /*