a couple of parse targets were missing activep checks, causing them

to be misapplied in match context;
bz#2272 diagnosis and original patch from Sami Hartikainen
ok dtucker@

diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index 22311f2..ed62567 100644 (file)
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.267 2015/05/01 04:17:51 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.268 2015/05/01 07:08:08 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -973,7 +973,7 @@ process_server_config_line(ServerOptions *options, char *line,
                if ((value = convtime(arg)) == -1)
                        fatal("%s line %d: invalid time value.",
                            filename, linenum);
-               if (*intptr == -1)
+               if (*activep && *intptr == -1)
                        *intptr = value;
                break;
 
@@ -1551,7 +1551,7 @@ process_server_config_line(ServerOptions *options, char *line,
                if (value == -1)
                        fatal("%s line %d: Bad yes/point-to-point/ethernet/"
                            "no argument: %s", filename, linenum, arg);
-               if (*intptr == -1)
+               if (*activep && *intptr == -1)
                        *intptr = value;
                break;
 
@@ -1690,7 +1690,7 @@ process_server_config_line(ServerOptions *options, char *line,
                break;
 
        case sAuthenticationMethods:
-               if (*activep && options->num_auth_methods == 0) {
+               if (options->num_auth_methods == 0) {
                        while ((arg = strdelim(&cp)) && *arg != '\0') {
                                if (options->num_auth_methods >=
                                    MAX_AUTH_METHODS)
@@ -1701,6 +1701,8 @@ process_server_config_line(ServerOptions *options, char *line,
                                        fatal("%s line %d: invalid "
                                            "authentication method list.",
                                            filename, linenum);
+                               if (!*activep)
+                                       continue;
                                options->auth_methods[
                                    options->num_auth_methods++] = xstrdup(arg);
                        }
@@ -1710,13 +1712,14 @@ process_server_config_line(ServerOptions *options, char *line,
        case sStreamLocalBindMask:
                arg = strdelim(&cp);
                if (!arg || *arg == '\0')
-                       fatal("%s line %d: missing StreamLocalBindMask argument.",
-                           filename, linenum);
+                       fatal("%s line %d: missing StreamLocalBindMask "
+                           "argument.", filename, linenum);
                /* Parse mode in octal format */
                value = strtol(arg, &p, 8);
                if (arg == p || value < 0 || value > 0777)
                        fatal("%s line %d: Bad mask.", filename, linenum);
-               options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
+               if (*activep)
+                       options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
                break;
 
        case sStreamLocalBindUnlink: