- djm@cvs.openbsd.org 2014/03/03 22:22:30

[session.c] ignore enviornment variables with embedded '=' or '\0' characters; spotted by Jann Horn; ok deraadt@ Id sync only - portable already has this.
author: Damien Miller <djm@mindrot.org> 2014-04-20 12:58:04 +1000
committer: Damien Miller <djm@mindrot.org> 2014-04-20 12:58:04 +1000
commit: c10bf4d051c97939b30a1616c0499310057d07da (patch)
tree: 5447779c3dee0569d04d25bc10fcd64fef547097
parent: c2e49062faccbcd7135c40d1c78c5c329c58fc2e (diff)
2 files changed, 9 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 9cbc1cef1..97c253339 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+20140420
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2014/03/03 22:22:30
+     [session.c]
+     ignore enviornment variables with embedded '=' or '\0' characters;
+     spotted by Jann Horn; ok deraadt@
+     Id sync only - portable already has this.
 20140401
 - (djm) On platforms that support it, use prctl() to prevent sftp-server
   from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net
diff --git a/session.c b/session.c
index 2bcf8185c..c0b0a942e 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.270 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: session.c,v 1.271 2014/03/03 22:22:30 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
author	Damien Miller <djm@mindrot.org>	2014-04-20 12:58:04 +1000
committer	Damien Miller <djm@mindrot.org>	2014-04-20 12:58:04 +1000
commit	c10bf4d051c97939b30a1616c0499310057d07da (patch)
tree	5447779c3dee0569d04d25bc10fcd64fef547097
parent	c2e49062faccbcd7135c40d1c78c5c329c58fc2e (diff)

diff --git a/ChangeLog b/ChangeLog index 9cbc1cef1..97c253339 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,3 +1,11 @@
		1	20140420
		2	- OpenBSD CVS Sync
		3	- djm@cvs.openbsd.org 2014/03/03 22:22:30
		4	[session.c]
		5	ignore enviornment variables with embedded '=' or '\0' characters;
		6	spotted by Jann Horn; ok deraadt@
		7	Id sync only - portable already has this.
		8
1	20140401	9	20140401
2	- (djm) On platforms that support it, use prctl() to prevent sftp-server	10	- (djm) On platforms that support it, use prctl() to prevent sftp-server
3	from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net	11	from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net


diff --git a/session.c b/session.c index 2bcf8185c..c0b0a942e 100644 --- a/session.c +++ b/session.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: session.c,v 1.270 2014/01/31 16:39:19 tedu Exp $ */	1	/* $OpenBSD: session.c,v 1.271 2014/03/03 22:22:30 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4	* All rights reserved	4	* All rights reserved