[openssh-commits] [openssh] 05/06: upstream: check that invalid subsystem directives inside Match
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Dec 19 12:00:13 AEDT 2025
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 81e5bb8d93f2d8361bd7f4b034044ad8ee4ded0e
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Fri Dec 19 00:48:47 2025 +0000
upstream: check that invalid subsystem directives inside Match
blocks are noticed at startup; bz#3906
OpenBSD-Regress-ID: b9171bde4cc24757a826b3da0e9eadc33995a453
---
regress/cfgmatch.sh | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh
index 8b9d80f0a..aa59f9149 100644
--- a/regress/cfgmatch.sh
+++ b/regress/cfgmatch.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: cfgmatch.sh,v 1.15 2025/07/11 23:26:59 djm Exp $
+# $OpenBSD: cfgmatch.sh,v 1.16 2025/12/19 00:48:47 djm Exp $
# Placed in the Public Domain.
tid="sshd_config match"
@@ -160,3 +160,13 @@ EOD
fi
done
done
+
+# Ensure that invalid subsystems are detected at startup
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >> $OBJ/sshd_proxy << _EOF
+Match host blah
+ Subsystem invalid
+_EOF
+$SSHD -tf $OBJ/sshd_proxy 2>/dev/null && \
+ fail "sshd_config accepted invalid subsystem"
+
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list