summaryrefslogtreecommitdiffstats
path: root/main/openssh/CVE-2014-2532.patch
blob: 49cccbd2740934c124f574d39f9f8b5092407f19 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Description: fix AcceptEnv wildcard environment restrictions bypass
Origin: upstream, http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.270;r2=1.271

Index: openssh-6.0p1/session.c
===================================================================
--- openssh-6.0p1.orig/session.c	2014-03-21 11:03:33.904069205 -0400
+++ openssh-6.0p1/session.c	2014-03-21 11:03:33.900069205 -0400
@@ -963,6 +963,11 @@
 		*envsizep = 1;
 	}
 
+	if (strchr(name, '=') != NULL) {
+		error("Invalid environment variable \"%.100s\"", name);
+		return;
+	}
+
 	/*
 	 * Find the slot where the value should be stored.  If the variable
 	 * already exists, we reuse the slot; otherwise we append a new slot
@@ -2186,8 +2191,8 @@
 	char *name, *val;
 	u_int name_len, val_len, i;
 
-	name = packet_get_string(&name_len);
-	val = packet_get_string(&val_len);
+	name = packet_get_cstring(&name_len);
+	val = packet_get_cstring(&val_len);
 	packet_check_eom();
 
 	/* Don't set too many environment variables */