Fix logic in add_local_forward() that inverted a test when code was

refactored out into bind_permitted(). This broke ssh port forwarding for non-priv ports as a non root user. ok dtucker@ 'looks good' deraadt@
author: jsg <jsg@openbsd.org> 2016-10-25 04:08:13 +0000
committer: jsg <jsg@openbsd.org> 2016-10-25 04:08:13 +0000
commit: d7202284df8947f6b40bdca07ac2dec04a715d4f (patch)
tree: fa5c9cadd433f64880e1908100051aa4b3605051 /usr.bin/ssh/readconf.c
parent: provide an example based on the mbuf code (diff)
download: wireguard-openbsd-d7202284df8947f6b40bdca07ac2dec04a715d4f.tar.xz
wireguard-openbsd-d7202284df8947f6b40bdca07ac2dec04a715d4f.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index 9c163865c28..fd4bc3bcbf4 100644
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.261 2016/10/23 22:04:05 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.262 2016/10/25 04:08:13 jsg Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -297,7 +297,7 @@ add_local_forward(Options *options, const struct Forward *newfwd)
 	extern uid_t original_real_uid;
 	int i;
 
-	if (bind_permitted(newfwd->listen_port, original_real_uid) &&
+	if (!bind_permitted(newfwd->listen_port, original_real_uid) &&
 	    newfwd->listen_path == NULL)
 		fatal("Privileged ports can only be forwarded by root.");
 	/* Don't add duplicates */
author	jsg <jsg@openbsd.org>	2016-10-25 04:08:13 +0000
committer	jsg <jsg@openbsd.org>	2016-10-25 04:08:13 +0000
commit	d7202284df8947f6b40bdca07ac2dec04a715d4f (patch)
tree	fa5c9cadd433f64880e1908100051aa4b3605051 /usr.bin/ssh/readconf.c
parent	provide an example based on the mbuf code (diff)
download	wireguard-openbsd-d7202284df8947f6b40bdca07ac2dec04a715d4f.tar.xz wireguard-openbsd-d7202284df8947f6b40bdca07ac2dec04a715d4f.zip