- stevesk@cvs.openbsd.org 2006/07/24 13:58:22

[sshconnect.c]
     disable tunnel forwarding when no strict host key checking
     and key changed; ok djm@ markus@ dtucker@

ChangeLog

@@ -1,3 +1,10 @@
+20060805
+ - (djm) OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2006/07/24 13:58:22
+     [sshconnect.c]
+     disable tunnel forwarding when no strict host key checking
+     and key changed; ok djm@ markus@ dtucker@
+
 20060804
  - (dtucker) [configure.ac] The "crippled AES" test does not work on recent
    versions of Solaris, so use AC_LINK_IFELSE to actually link the test program
@@ -5067,4 +5074,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4441 2006/08/04 09:44:23 dtucker Exp $
+$Id: ChangeLog,v 1.4442 2006/08/04 23:11:13 djm Exp $

sshconnect.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.193 2006/07/22 20:48:23 stevesk Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.194 2006/07/24 13:58:22 stevesk Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -782,7 +782,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key,
 		/*
 		 * If strict host key checking has not been requested, allow
 		 * the connection but without MITM-able authentication or
-		 * agent forwarding.
+		 * forwarding.
 		 */
 		if (options.password_authentication) {
 			error("Password authentication is disabled to avoid "
@@ -817,6 +817,11 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key,
 			options.num_local_forwards =
 			    options.num_remote_forwards = 0;
 		}
+		if (options.tun_open != SSH_TUNMODE_NO) {
+			error("Tunnel forwarding is disabled to avoid "
+			    "man-in-the-middle attacks.");
+			options.tun_open = SSH_TUNMODE_NO;
+		}
 		/*
 		 * XXX Should permit the user to change to use the new id.
 		 * This could be done by converting the host key to an