- deraadt@cvs.openbsd.org 2002/06/26 13:49:26

[session.c] disclose less information from environment files; based on input from djm, and dschultz@uclink.Berkeley.EDU
author: Damien Miller <djm@mindrot.org> 2002-06-26 23:51:06 +1000
committer: Damien Miller <djm@mindrot.org> 2002-06-26 23:51:06 +1000
commit: 990070a8c5dead1fcfc270ec797af1f05dba058a (patch)
tree: 89ebdb79b0382ece76e6e6fac0fea4926ec15dfc
parent: 530a754d389723a5617dc5ce103a9057e6293708 (diff)
2 files changed, 11 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 8dc2ba25..266664c5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -51,6 +51,10 @@
    - deraadt@cvs.openbsd.org 2002/06/26 13:20:57
      [monitor.c]
      be careful in mm_zalloc
+   - deraadt@cvs.openbsd.org 2002/06/26 13:49:26
+     [session.c]
+     disclose less information from environment files; based on input 
+     from djm, and dschultz@uclink.Berkeley.EDU
  - (djm) Require krb5 devel for RPM build w/ KrbV 
  - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai 
    <nalin@redhat.com>
@@ -1153,4 +1157,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2296 2002/06/26 13:27:11 djm Exp $
+$Id: ChangeLog,v 1.2297 2002/06/26 13:51:06 djm Exp $
diff --git a/session.c b/session.c
index 51c8a0ae..747a00af 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.141 2002/06/26 08:58:26 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -877,12 +877,15 @@ read_environment_file(char ***env, u_int *envsize,
 	FILE *f;
 	char buf[4096];
 	char *cp, *value;
+	u_int lineno = 0;
 
 	f = fopen(filename, "r");
 	if (!f)
 		return;
 
 	while (fgets(buf, sizeof(buf), f)) {
+		if (++lineno > 1000)
+			fatal("Too many lines in environment file %s", filename);
 		for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
 			;
 		if (!*cp || *cp == '#' || *cp == '\n')
@@ -891,7 +894,8 @@ read_environment_file(char ***env, u_int *envsize,
 			*strchr(cp, '\n') = '\0';
 		value = strchr(cp, '=');
 		if (value == NULL) {
-			fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
+			fprintf(stderr, "Bad line %u in %.100s\n", lineno,
+			    filename);
 			continue;
 		}
 		/*
author	Damien Miller <djm@mindrot.org>	2002-06-26 23:51:06 +1000
committer	Damien Miller <djm@mindrot.org>	2002-06-26 23:51:06 +1000
commit	990070a8c5dead1fcfc270ec797af1f05dba058a (patch)
tree	89ebdb79b0382ece76e6e6fac0fea4926ec15dfc
parent	530a754d389723a5617dc5ce103a9057e6293708 (diff)