diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | session.c | 8 |
2 files changed, 11 insertions, 3 deletions
@@ -51,6 +51,10 @@ | |||
51 | - deraadt@cvs.openbsd.org 2002/06/26 13:20:57 | 51 | - deraadt@cvs.openbsd.org 2002/06/26 13:20:57 |
52 | [monitor.c] | 52 | [monitor.c] |
53 | be careful in mm_zalloc | 53 | be careful in mm_zalloc |
54 | - deraadt@cvs.openbsd.org 2002/06/26 13:49:26 | ||
55 | [session.c] | ||
56 | disclose less information from environment files; based on input | ||
57 | from djm, and dschultz@uclink.Berkeley.EDU | ||
54 | - (djm) Require krb5 devel for RPM build w/ KrbV | 58 | - (djm) Require krb5 devel for RPM build w/ KrbV |
55 | - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai | 59 | - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai |
56 | <nalin@redhat.com> | 60 | <nalin@redhat.com> |
@@ -1153,4 +1157,4 @@ | |||
1153 | - (stevesk) entropy.c: typo in debug message | 1157 | - (stevesk) entropy.c: typo in debug message |
1154 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 1158 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
1155 | 1159 | ||
1156 | $Id: ChangeLog,v 1.2296 2002/06/26 13:27:11 djm Exp $ | 1160 | $Id: ChangeLog,v 1.2297 2002/06/26 13:51:06 djm Exp $ |
@@ -33,7 +33,7 @@ | |||
33 | */ | 33 | */ |
34 | 34 | ||
35 | #include "includes.h" | 35 | #include "includes.h" |
36 | RCSID("$OpenBSD: session.c,v 1.141 2002/06/26 08:58:26 markus Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $"); |
37 | 37 | ||
38 | #include "ssh.h" | 38 | #include "ssh.h" |
39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
@@ -877,12 +877,15 @@ read_environment_file(char ***env, u_int *envsize, | |||
877 | FILE *f; | 877 | FILE *f; |
878 | char buf[4096]; | 878 | char buf[4096]; |
879 | char *cp, *value; | 879 | char *cp, *value; |
880 | u_int lineno = 0; | ||
880 | 881 | ||
881 | f = fopen(filename, "r"); | 882 | f = fopen(filename, "r"); |
882 | if (!f) | 883 | if (!f) |
883 | return; | 884 | return; |
884 | 885 | ||
885 | while (fgets(buf, sizeof(buf), f)) { | 886 | while (fgets(buf, sizeof(buf), f)) { |
887 | if (++lineno > 1000) | ||
888 | fatal("Too many lines in environment file %s", filename); | ||
886 | for (cp = buf; *cp == ' ' || *cp == '\t'; cp++) | 889 | for (cp = buf; *cp == ' ' || *cp == '\t'; cp++) |
887 | ; | 890 | ; |
888 | if (!*cp || *cp == '#' || *cp == '\n') | 891 | if (!*cp || *cp == '#' || *cp == '\n') |
@@ -891,7 +894,8 @@ read_environment_file(char ***env, u_int *envsize, | |||
891 | *strchr(cp, '\n') = '\0'; | 894 | *strchr(cp, '\n') = '\0'; |
892 | value = strchr(cp, '='); | 895 | value = strchr(cp, '='); |
893 | if (value == NULL) { | 896 | if (value == NULL) { |
894 | fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf); | 897 | fprintf(stderr, "Bad line %u in %.100s\n", lineno, |
898 | filename); | ||
895 | continue; | 899 | continue; |
896 | } | 900 | } |
897 | /* | 901 | /* |