CVS: cvs.openbsd.org: src

Sat, 05 Nov 2016 22:47:43 -0700 

CVSROOT:        /cvs
Module name:    src
Changes by:     d...@cvs.openbsd.org    2016/11/05 23:46:37

Modified files:
        usr.bin/ssh    : auth.c match.c servconf.c 

Log message:
Validate address ranges for AllowUser/DenyUsers at configuration load
time and refuse to accept bad ones. It was previously possible to
specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and these
would always match.

Thanks to Laurence Parry for a detailed bug report. ok markus (for
a previous diff version)

Reply via email to