From e3957e21ffdc119d6d04c0b1686f8e2fe052f5ea Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 23 Jul 2021 03:57:20 +0000
Subject: upstream: make authorized_keys environment="..." directives

first-match-wins and more strictly limit their maximum number; prompted by
OOM reported by OSS-fuzz (35470).

feedback and ok dtucker@

OpenBSD-Commit-ID: 01f63fc10dcd995e7aed9c378ad879161af83121
---
 auth-options.h | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'auth-options.h')

diff --git a/auth-options.h b/auth-options.h
index 118a3208..6e29b727 100644
--- a/auth-options.h
+++ b/auth-options.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.h,v 1.30 2020/08/27 01:07:09 djm Exp $ */
+/* $OpenBSD: auth-options.h,v 1.31 2021/07/23 03:57:20 djm Exp $ */
 
 /*
  * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
@@ -23,7 +23,10 @@ struct passwd;
 struct sshkey;
 
 /* Maximum number of permitopen/permitlisten directives to accept */
-#define SSH_AUTHOPT_PERMIT_MAX 4096
+#define SSH_AUTHOPT_PERMIT_MAX	4096
+
+/* Maximum number of environment directives to accept */
+#define SSH_AUTHOPT_ENV_MAX	1024
 
 /*
  * sshauthopt represents key options parsed from authorized_keys or
-- 
cgit v1.2.3