upstream: make authorized_keys environment="..." directives

first-match-wins and more strictly limit their maximum number; prompted by OOM reported by OSS-fuzz (35470). feedback and ok dtucker@ OpenBSD-Commit-ID: 01f63fc10dcd995e7aed9c378ad879161af83121
author: djm@openbsd.org <djm@openbsd.org> 2021-07-23 03:57:20 +0000
committer: Damien Miller <djm@mindrot.org> 2021-07-23 14:07:19 +1000
commit: e3957e21ffdc119d6d04c0b1686f8e2fe052f5ea (patch)
tree: c2bcc5fc02be59f914ea4f0e04981fc0162c2613 /auth-options.h
parent: d0bb1ce731762c55acb95817df4d5fab526c7ecd (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/auth-options.h b/auth-options.h
index 118a3208..6e29b727 100644
--- a/auth-options.h
+++ b/auth-options.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.h,v 1.30 2020/08/27 01:07:09 djm Exp $ */
+/* $OpenBSD: auth-options.h,v 1.31 2021/07/23 03:57:20 djm Exp $ */
 
 /*
  * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
@@ -23,7 +23,10 @@ struct passwd;
 struct sshkey;
 
 /* Maximum number of permitopen/permitlisten directives to accept */
-#define SSH_AUTHOPT_PERMIT_MAX 4096
+#define SSH_AUTHOPT_PERMIT_MAX	4096
+
+/* Maximum number of environment directives to accept */
+#define SSH_AUTHOPT_ENV_MAX	1024
 
 /*
  * sshauthopt represents key options parsed from authorized_keys or
author	djm@openbsd.org <djm@openbsd.org>	2021-07-23 03:57:20 +0000
committer	Damien Miller <djm@mindrot.org>	2021-07-23 14:07:19 +1000
commit	e3957e21ffdc119d6d04c0b1686f8e2fe052f5ea (patch)
tree	c2bcc5fc02be59f914ea4f0e04981fc0162c2613 /auth-options.h
parent	d0bb1ce731762c55acb95817df4d5fab526c7ecd (diff)