diff options
author | Damien Miller <djm@mindrot.org> | 2002-06-26 23:51:06 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2002-06-26 23:51:06 +1000 |
commit | 990070a8c5dead1fcfc270ec797af1f05dba058a (patch) | |
tree | 89ebdb79b0382ece76e6e6fac0fea4926ec15dfc | |
parent | 530a754d389723a5617dc5ce103a9057e6293708 (diff) |
- deraadt@cvs.openbsd.org 2002/06/26 13:49:26
[session.c]
disclose less information from environment files; based on input
from djm, and dschultz@uclink.Berkeley.EDU
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | session.c | 8 |
2 files changed, 11 insertions, 3 deletions
@@ -51,6 +51,10 @@ - deraadt@cvs.openbsd.org 2002/06/26 13:20:57 [monitor.c] be careful in mm_zalloc + - deraadt@cvs.openbsd.org 2002/06/26 13:49:26 + [session.c] + disclose less information from environment files; based on input + from djm, and dschultz@uclink.Berkeley.EDU - (djm) Require krb5 devel for RPM build w/ KrbV - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai <nalin@redhat.com> @@ -1153,4 +1157,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2296 2002/06/26 13:27:11 djm Exp $ +$Id: ChangeLog,v 1.2297 2002/06/26 13:51:06 djm Exp $ @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.141 2002/06/26 08:58:26 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -877,12 +877,15 @@ read_environment_file(char ***env, u_int *envsize, FILE *f; char buf[4096]; char *cp, *value; + u_int lineno = 0; f = fopen(filename, "r"); if (!f) return; while (fgets(buf, sizeof(buf), f)) { + if (++lineno > 1000) + fatal("Too many lines in environment file %s", filename); for (cp = buf; *cp == ' ' || *cp == '\t'; cp++) ; if (!*cp || *cp == '#' || *cp == '\n') @@ -891,7 +894,8 @@ read_environment_file(char ***env, u_int *envsize, *strchr(cp, '\n') = '\0'; value = strchr(cp, '='); if (value == NULL) { - fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf); + fprintf(stderr, "Bad line %u in %.100s\n", lineno, + filename); continue; } /* |