From a90c0338083ee0e4064c4bdf61f497293a699be0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 24 Oct 2013 21:03:17 +1100 Subject: - djm@cvs.openbsd.org 2013/10/24 08:19:36 [ssh.c] fix bug introduced in hostname canonicalisation commit: don't try to resolve hostnames when a ProxyCommand is set unless the user has forced canonicalisation; spotted by Iain Morgan --- ChangeLog | 5 +++++ ssh.c | 8 +++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8dcff45d3..b4bbea167 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,11 @@ [readconf.c servconf.c ssh_config.5 sshd_config.5] Disallow empty Match statements and add "Match all" which matches everything. ok djm, man page help jmc@ + - djm@cvs.openbsd.org 2013/10/24 08:19:36 + [ssh.c] + fix bug introduced in hostname canonicalisation commit: don't try to + resolve hostnames when a ProxyCommand is set unless the user has forced + canonicalisation; spotted by Iain Morgan 20131023 - (djm) OpenBSD CVS Sync diff --git a/ssh.c b/ssh.c index 11fdb309d..81921a10d 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.389 2013/10/23 03:05:19 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.390 2013/10/24 08:19:36 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -913,9 +913,11 @@ main(int ac, char **av) /* * If canonicalization not requested, or if it failed then try to * resolve the bare hostname name using the system resolver's usual - * search rules. + * search rules. Skip the lookup if a ProxyCommand is being used + * unless the user has specifically requested canonicalisation. */ - if (addrs == NULL) { + if (addrs == NULL && (options.proxy_command == NULL || + options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) { if ((addrs = resolve_host(host, options.port, 1, cname, sizeof(cname))) == NULL) cleanup_exit(255); /* resolve_host logs the error */ -- cgit v1.2.3