blob: 49cccbd2740934c124f574d39f9f8b5092407f19 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
Description: fix AcceptEnv wildcard environment restrictions bypass
Origin: upstream, http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.270;r2=1.271
Index: openssh-6.0p1/session.c
===================================================================
--- openssh-6.0p1.orig/session.c 2014-03-21 11:03:33.904069205 -0400
+++ openssh-6.0p1/session.c 2014-03-21 11:03:33.900069205 -0400
@@ -963,6 +963,11 @@
*envsizep = 1;
}
+ if (strchr(name, '=') != NULL) {
+ error("Invalid environment variable \"%.100s\"", name);
+ return;
+ }
+
/*
* Find the slot where the value should be stored. If the variable
* already exists, we reuse the slot; otherwise we append a new slot
@@ -2186,8 +2191,8 @@
char *name, *val;
u_int name_len, val_len, i;
- name = packet_get_string(&name_len);
- val = packet_get_string(&val_len);
+ name = packet_get_cstring(&name_len);
+ val = packet_get_cstring(&val_len);
packet_check_eom();
/* Don't set too many environment variables */
|
