summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2002-06-26 23:51:06 +1000
committerDamien Miller <djm@mindrot.org>2002-06-26 23:51:06 +1000
commit990070a8c5dead1fcfc270ec797af1f05dba058a (patch)
tree89ebdb79b0382ece76e6e6fac0fea4926ec15dfc
parent530a754d389723a5617dc5ce103a9057e6293708 (diff)
- deraadt@cvs.openbsd.org 2002/06/26 13:49:26
[session.c] disclose less information from environment files; based on input from djm, and dschultz@uclink.Berkeley.EDU
-rw-r--r--ChangeLog6
-rw-r--r--session.c8
2 files changed, 11 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 8dc2ba259..266664c5f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -51,6 +51,10 @@
51 - deraadt@cvs.openbsd.org 2002/06/26 13:20:57 51 - deraadt@cvs.openbsd.org 2002/06/26 13:20:57
52 [monitor.c] 52 [monitor.c]
53 be careful in mm_zalloc 53 be careful in mm_zalloc
54 - deraadt@cvs.openbsd.org 2002/06/26 13:49:26
55 [session.c]
56 disclose less information from environment files; based on input
57 from djm, and dschultz@uclink.Berkeley.EDU
54 - (djm) Require krb5 devel for RPM build w/ KrbV 58 - (djm) Require krb5 devel for RPM build w/ KrbV
55 - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai 59 - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai
56 <nalin@redhat.com> 60 <nalin@redhat.com>
@@ -1153,4 +1157,4 @@
1153 - (stevesk) entropy.c: typo in debug message 1157 - (stevesk) entropy.c: typo in debug message
1154 - (djm) ssh-keygen -i needs seeded RNG; report from markus@ 1158 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
1155 1159
1156$Id: ChangeLog,v 1.2296 2002/06/26 13:27:11 djm Exp $ 1160$Id: ChangeLog,v 1.2297 2002/06/26 13:51:06 djm Exp $
diff --git a/session.c b/session.c
index 51c8a0ae4..747a00afa 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
33 */ 33 */
34 34
35#include "includes.h" 35#include "includes.h"
36RCSID("$OpenBSD: session.c,v 1.141 2002/06/26 08:58:26 markus Exp $"); 36RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $");
37 37
38#include "ssh.h" 38#include "ssh.h"
39#include "ssh1.h" 39#include "ssh1.h"
@@ -877,12 +877,15 @@ read_environment_file(char ***env, u_int *envsize,
877 FILE *f; 877 FILE *f;
878 char buf[4096]; 878 char buf[4096];
879 char *cp, *value; 879 char *cp, *value;
880 u_int lineno = 0;
880 881
881 f = fopen(filename, "r"); 882 f = fopen(filename, "r");
882 if (!f) 883 if (!f)
883 return; 884 return;
884 885
885 while (fgets(buf, sizeof(buf), f)) { 886 while (fgets(buf, sizeof(buf), f)) {
887 if (++lineno > 1000)
888 fatal("Too many lines in environment file %s", filename);
886 for (cp = buf; *cp == ' ' || *cp == '\t'; cp++) 889 for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
887 ; 890 ;
888 if (!*cp || *cp == '#' || *cp == '\n') 891 if (!*cp || *cp == '#' || *cp == '\n')
@@ -891,7 +894,8 @@ read_environment_file(char ***env, u_int *envsize,
891 *strchr(cp, '\n') = '\0'; 894 *strchr(cp, '\n') = '\0';
892 value = strchr(cp, '='); 895 value = strchr(cp, '=');
893 if (value == NULL) { 896 if (value == NULL) {
894 fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf); 897 fprintf(stderr, "Bad line %u in %.100s\n", lineno,
898 filename);
895 continue; 899 continue;
896 } 900 }
897 /* 901 /*