From 4ff40062e57fb8a42d28dcb700c25b8254514628 Mon Sep 17 00:00:00 2001
From: djm <djm@openbsd.org>
Date: Wed, 15 Nov 2023 23:03:38 +0000
Subject: [PATCH] when connecting via socket (the default case), filter
 addresses by AddressFamily if one was specified. Fixes the case where, if
 CanonicalizeHostname is enabled, ssh may ignore AddressFamily. bz5326; ok
 dtucker

---
 usr.bin/ssh/sshconnect.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index a0ff055181d..a47c8f76bd2 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.363 2023/03/10 07:17:08 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.364 2023/11/15 23:03:38 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -459,6 +459,14 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop,
 				errno = oerrno;
 				continue;
 			}
+			if (options.address_family != AF_UNSPEC &&
+			    ai->ai_family != options.address_family) {
+				debug2_f("skipping address [%s]:%s: "
+				    "wrong address family", ntop, strport);
+				errno = 0;
+				continue;
+			}
+
 			debug("Connecting to %.200s [%.100s] port %s.",
 				host, ntop, strport);
 
-- 
2.20.1