From 79d078e7a49caef746516d9710ec369ba45feab6 Mon Sep 17 00:00:00 2001
From: "jsg@openbsd.org" <jsg@openbsd.org>
Date: Tue, 25 Oct 2016 04:08:13 +0000
Subject: upstream commit

Fix logic in add_local_forward() that inverted a test
when code was refactored out into bind_permitted().  This broke ssh port
forwarding for non-priv ports as a non root user.

ok dtucker@ 'looks good' deraadt@

Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9
---
 readconf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readconf.c b/readconf.c
index 1be564856..fa3fab8f0 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.261 2016/10/23 22:04:05 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.262 2016/10/25 04:08:13 jsg Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -312,7 +312,7 @@ add_local_forward(Options *options, const struct Forward *newfwd)
 	extern uid_t original_real_uid;
 	int i;
 
-	if (bind_permitted(newfwd->listen_port, original_real_uid) &&
+	if (!bind_permitted(newfwd->listen_port, original_real_uid) &&
 	    newfwd->listen_path == NULL)
 		fatal("Privileged ports can only be forwarded by root.");
 	/* Don't add duplicates */
-- 
cgit v1.2.3