don't try to resolve ListenAddress directives in the sshd re-exec

path - we're never going to use the result and if the operation fails
then it can prevent connections from being accepted. Reported by
Aaron Poffenberger; with / ok dtucker@

diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index 63a7303..f681c2f 100644 (file)
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.383 2022/02/08 08:59:12 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.384 2022/03/18 04:04:11 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -2459,7 +2459,7 @@ parse_server_match_config(ServerOptions *options,
 
        initialize_server_options(&mo);
        parse_server_config(&mo, "reprocess config", cfg, includes,
-           connectinfo);
+           connectinfo, 0);
        copy_set_server_options(options, &mo, 0);
 }
 
@@ -2637,12 +2637,13 @@ parse_server_config_depth(ServerOptions *options, const char *filename,
 void
 parse_server_config(ServerOptions *options, const char *filename,
     struct sshbuf *conf, struct include_list *includes,
-    struct connection_info *connectinfo)
+    struct connection_info *connectinfo, int reexec)
 {
        int active = connectinfo ? 0 : 1;
        parse_server_config_depth(options, filename, conf, includes,
            connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0);
-       process_queued_listen_addrs(options);
+       if (!reexec)
+               process_queued_listen_addrs(options);
 }
 
 static const char *

diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h
index 1197c57..115db1e 100644 (file)
--- a/usr.bin/ssh/servconf.h
+++ b/usr.bin/ssh/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.155 2021/07/02 05:11:21 dtucker Exp $ */
+/* $OpenBSD: servconf.h,v 1.156 2022/03/18 04:04:11 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -295,7 +295,7 @@ int  process_server_config_line(ServerOptions *, char *, const char *, int,
 void    process_permitopen(struct ssh *ssh, ServerOptions *options);
 void    load_server_config(const char *, struct sshbuf *);
 void    parse_server_config(ServerOptions *, const char *, struct sshbuf *,
-           struct include_list *includes, struct connection_info *);
+           struct include_list *includes, struct connection_info *, int);
 void    parse_server_match_config(ServerOptions *,
            struct include_list *includes, struct connection_info *);
 int     parse_server_match_testspec(struct connection_info *, char *);

diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 6d8bc2a..7a143d9 100644 (file)
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.584 2022/03/01 01:59:19 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.585 2022/03/18 04:04:11 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1638,7 +1638,7 @@ main(int ac, char **av)
                load_server_config(config_file_name, cfg);
 
        parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
-           cfg, &includes, NULL);
+           cfg, &includes, NULL, rexeced_flag);
 
 #ifdef WITH_OPENSSL
        if (options.moduli_file != NULL)