[openssh-commits] [openssh] 03/12: upstream: add missing askpass check when using

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch V_10_3
in repository openssh.

commit c805b97b67c774e0bf922ffb29dfbcda9d7b5add
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Thu Apr 2 07:39:57 2026 +0000

    upstream: add missing askpass check when using
    
    ControlMaster=ask/autoask and "ssh -O proxy ..."; reported by Michalis
    Vasileiadis
    
    OpenBSD-Commit-ID: 8dd7b9b96534e9a8726916b96d36bed466d3836a
---
 mux.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/mux.c b/mux.c
index 5e20c7760..0cd169732 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.112 2026/03/05 05:40:36 djm Exp $ */
+/* $OpenBSD: mux.c,v 1.113 2026/04/02 07:39:57 djm Exp $ */
 /*
  * Copyright (c) 2002-2008 Damien Miller <djm at openbsd.org>
  *
@@ -1172,6 +1172,16 @@ mux_master_process_proxy(struct ssh *ssh, u_int rid,
 
 	debug_f("channel %d: proxy request", c->self);
 
+	if (options.control_master == SSHCTL_MASTER_ASK ||
+	    options.control_master == SSHCTL_MASTER_AUTO_ASK) {
+		if (!ask_permission("Allow multiplex proxy connection?")) {
+			debug2_f("proxy refused by user");
+			reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
+			    "Permission denied");
+			return 0;
+		}
+	}
+
 	c->mux_rcb = channel_proxy_downstream;
 	if ((r = sshbuf_put_u32(reply, MUX_S_PROXY)) != 0 ||
 	    (r = sshbuf_put_u32(reply, rid)) != 0)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.