diff options
author | Darren Tucker <dtucker@zip.com.au> | 2006-07-12 22:16:23 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2006-07-12 22:16:23 +1000 |
commit | 284706a7555b3640c78854fc64010ce956e19339 (patch) | |
tree | d6e16d1e4140539482153dfce611f6a07b0860b5 | |
parent | 5d19626a0476f40e9320541194391d7eb51038d3 (diff) |
- dtucker@cvs.openbsd.org 2006/07/11 10:12:07
[ssh.c]
Only copy the part of environment variable that we actually use. Prevents
ssh bailing when SendEnv is used and an environment variable with a really
long value exists. ok djm@
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | ssh.c | 13 |
2 files changed, 12 insertions, 8 deletions
@@ -18,6 +18,11 @@ [readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c auth.c packet.c log.c] move #include <stdarg.h> out of includes.h; ok markus@ + - dtucker@cvs.openbsd.org 2006/07/11 10:12:07 + [ssh.c] + Only copy the part of environment variable that we actually use. Prevents + ssh bailing when SendEnv is used and an environment variable with a really + long value exists. ok djm@ 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4867,4 +4872,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4394 2006/07/12 12:15:16 dtucker Exp $ +$Id: ChangeLog,v 1.4395 2006/07/12 12:16:23 dtucker Exp $ @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.281 2006/07/09 15:15:11 stevesk Exp $ */ +/* $OpenBSD: ssh.c,v 1.282 2006/07/11 10:12:07 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1262,15 +1262,14 @@ control_client_sigrelay(int signo) static int env_permitted(char *env) { - int i; + int i, ret; char name[1024], *cp; - if (strlcpy(name, env, sizeof(name)) >= sizeof(name)) - fatal("env_permitted: name too long"); - if ((cp = strchr(name, '=')) == NULL) + if ((cp = strchr(env, '=')) == NULL || cp == env) return (0); - - *cp = '\0'; + ret = snprintf(name, sizeof(name), "%.*s", (cp - env), env); + if (ret <= 0 || (size_t)ret >= sizeof(name)) + fatal("env_permitted: name '%.100s...' too long", env); for (i = 0; i < options.num_send_env; i++) if (match_pattern(name, options.send_env[i])) |