ProxyCommand brokent in recent snapshots

Damien Miller djm at mindrot.org
Thu Oct 24 11:19:35 EST 2013 

On Wed, 23 Oct 2013, Iain Morgan wrote:

> Hello,
> 
> While testing recent snapshots (20131023 and 20131024) I encountered a
> problem with ProxyCommand. The regression tests all passed, but the use
> of ProxyCommand's in my ~/.ssh/config resulted in name resolution
> errors; even if CanonicalizeHostname was explicitly set to "no."
> 
> The patch included inline below fixed the issue:
> 
> Index: ssh.c
> ===================================================================
> RCS file: /cvs/openssh/ssh.c,v
> retrieving revision 1.386
> diff -u -r1.386 ssh.c
> --- ssh.c	23 Oct 2013 05:31:11 -0000	1.386
> +++ ssh.c	23 Oct 2013 18:42:01 -0000
> @@ -915,7 +915,7 @@
>  	 * resolve the bare hostname name using the system resolver's usual
>  	 * search rules.
>  	 */
> -	if (addrs == NULL) {
> +	if (addrs == NULL && options.proxy_command == NULL) {
>  		if ((addrs = resolve_host(host, options.port, 1,
>  		    cname, sizeof(cname))) == NULL)
>  			cleanup_exit(255); /* resolve_host logs the error */

Thanks - I think it needs a further clause in that test because that block
might also canonicalise a CNAME under some circumstances.

Index: ssh.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh.c,v
retrieving revision 1.389
diff -u -p -r1.389 ssh.c
--- ssh.c	23 Oct 2013 03:05:19 -0000	1.389
+++ ssh.c	24 Oct 2013 00:19:02 -0000
@@ -881,9 +881,11 @@ main(int ac, char **av)
 	/*
 	 * If canonicalization not requested, or if it failed then try to
 	 * resolve the bare hostname name using the system resolver's usual
-	 * search rules.
+	 * search rules. Skip the lookup if a ProxyCommand is being used
+	 * unless the user has specifically requested canonicalisation.
 	 */
-	if (addrs == NULL) {
+	if (addrs == NULL && (options.proxy_command == NULL ||
+            options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) {
 		if ((addrs = resolve_host(host, options.port, 1,
 		    cname, sizeof(cname))) == NULL)
 			cleanup_exit(255); /* resolve_host logs the error */

More information about the openssh-unix-dev mailing list