From a14795025b80225ca3741073c48783604189b663 Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Mon, 14 Apr 2025 12:48:57 +0800
Subject: [PATCH] Fix logic error in DisableForwarding option. This option

was documented as disabling X11 and agent forwarding but it failed to do so.
Spotted by Tim Rice.

OpenBSD-Commit-ID: fffc89195968f7eedd2fc57f0b1f1ef3193f5ed1
---
 session.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/session.c b/session.c
index 1b67393..e968c22 100644
--- a/session.c
+++ b/session.c
@@ -2345,7 +2345,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s)
 	if ((r = sshpkt_get_end(ssh)) != 0)
 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 	if (!auth_opts->permit_agent_forwarding_flag ||
-	    !options.allow_agent_forwarding) {
+	    !options.allow_agent_forwarding ||
+	    options.disable_forwarding) {
 		debug_f("agent forwarding disabled");
 		return 0;
 	}
@@ -2761,7 +2762,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
 		ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
 		return 0;
 	}
-	if (!options.x11_forwarding) {
+	if (!options.x11_forwarding || options.disable_forwarding) {
 		debug("X11 forwarding disabled in server configuration file.");
 		return 0;
 	}
-- 
2.33.0