3 files changed, 16 insertions, 11 deletions
diff --git a/misc.c b/misc.c
index bfd786ef8..009e02bc5 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.136 2018/12/27 03:25:25 djm Exp $ */
+/* $OpenBSD: misc.c,v 1.137 2019/01/23 21:50:56 dtucker Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -564,7 +564,7 @@ put_host_port(const char *host, u_short port)
 * The delimiter char, if present, is stored in delim.
 * If this is the last field, *cp is set to NULL.
 */
-static char *
+char *
 hpdelim2(char **cp, char *delim)
 {
        char *s, *old;
diff --git a/misc.h b/misc.h
index 47177d838..5b4325aba 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.78 2018/12/27 03:25:25 djm Exp $ */
+/* $OpenBSD: misc.h,v 1.79 2019/01/23 21:50:56 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -57,6 +57,7 @@ int	 timeout_connect(int, const struct sockaddr *, socklen_t, int *);
 int      a2port(const char *);
 int      a2tun(const char *, int *);
 char    *put_host_port(const char *, u_short);
+char    *hpdelim2(char **, char *);
 char    *hpdelim(char **);
 char    *cleanhostname(char *);
 char    *colon(char *);
diff --git a/servconf.c b/servconf.c
index 86c631bb0..1562bd875 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.346 2019/01/19 21:37:48 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.347 2019/01/23 21:50:56 dtucker Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -878,7 +878,7 @@ process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode,
 {
        u_int i;
        int port;
-        char *host, *arg, *oarg;
+        char *host, *arg, *oarg, ch;
        int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE;
        const char *what = lookup_opcode_name(opcode);
@@ -896,8 +896,8 @@ process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode,
        /* Otherwise treat it as a list of permitted host:port */
        for (i = 0; i < num_opens; i++) {
                oarg = arg = xstrdup(opens[i]);
-                host = hpdelim(&arg);
+                host = hpdelim2(&arg, &ch);
-                if (host == NULL)
+                if (host == NULL || ch == '/')
                        fatal("%s: missing host in %s", __func__, what);
                host = cleanhostname(host);
                if (arg == NULL || ((port = permitopen_port(arg)) < 0))
@@ -1314,8 +1314,10 @@ process_server_config_line(ServerOptions *options, char *line,
                        port = 0;
                        p = arg;
                } else {
-                        p = hpdelim(&arg);
+                        char ch;
-                        if (p == NULL)
+                        arg2 = NULL;
+                        p = hpdelim2(&arg, &ch);
+                        if (p == NULL || ch == '/')
                                fatal("%s line %d: bad address:port usage",
                                    filename, linenum);
                        p = cleanhostname(p);
@@ -1942,9 +1944,11 @@ process_server_config_line(ServerOptions *options, char *line,
                                 */
                                xasprintf(&arg2, "*:%s", arg);
                        } else {
+                                char ch;
                                arg2 = xstrdup(arg);
-                                p = hpdelim(&arg);
+                                p = hpdelim2(&arg, &ch);
-                                if (p == NULL) {
+                                if (p == NULL || ch == '/') {
                                        fatal("%s line %d: missing host in %s",
                                            filename, linenum,
                                            lookup_opcode_name(opcode));