diff options
-rw-r--r-- | ChangeLog | 11 | ||||
-rw-r--r-- | scp.c | 21 | ||||
-rw-r--r-- | sftp.c | 6 | ||||
-rw-r--r-- | ssh.c | 4 | ||||
-rw-r--r-- | sshd_config.5 | 10 |
5 files changed, 36 insertions, 16 deletions
@@ -108,6 +108,17 @@ | |||
108 | [key.c] | 108 | [key.c] |
109 | switch from 35 to the more common value of RSA_F4 == (2**16)+1 == 65537 | 109 | switch from 35 to the more common value of RSA_F4 == (2**16)+1 == 65537 |
110 | for the RSA public exponent; discussed with provos; ok djm@ | 110 | for the RSA public exponent; discussed with provos; ok djm@ |
111 | - guenther@cvs.openbsd.org 2009/12/20 07:28:36 | ||
112 | [ssh.c sftp.c scp.c] | ||
113 | When passing user-controlled options with arguments to other programs, | ||
114 | pass the option and option argument as separate argv entries and | ||
115 | not smashed into one (e.g., as -l foo and not -lfoo). Also, always | ||
116 | pass a "--" argument to stop option parsing, so that a positional | ||
117 | argument that starts with a '-' isn't treated as an option. This | ||
118 | fixes some error cases as well as the handling of hostnames and | ||
119 | filenames that start with a '-'. | ||
120 | Based on a diff by halex@ | ||
121 | ok halex@ djm@ deraadt@ | ||
111 | 122 | ||
112 | 20091226 | 123 | 20091226 |
113 | - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1 | 124 | - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1 |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: scp.c,v 1.164 2008/10/10 04:55:16 stevesk Exp $ */ | 1 | /* $OpenBSD: scp.c,v 1.165 2009/12/20 07:28:36 guenther Exp $ */ |
2 | /* | 2 | /* |
3 | * scp - secure remote copy. This is basically patched BSD rcp which | 3 | * scp - secure remote copy. This is basically patched BSD rcp which |
4 | * uses ssh to do the data transfer (instead of using rcmd). | 4 | * uses ssh to do the data transfer (instead of using rcmd). |
@@ -244,8 +244,11 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) | |||
244 | close(pout[1]); | 244 | close(pout[1]); |
245 | 245 | ||
246 | replacearg(&args, 0, "%s", ssh_program); | 246 | replacearg(&args, 0, "%s", ssh_program); |
247 | if (remuser != NULL) | 247 | if (remuser != NULL) { |
248 | addargs(&args, "-l%s", remuser); | 248 | addargs(&args, "-l"); |
249 | addargs(&args, "%s", remuser); | ||
250 | } | ||
251 | addargs(&args, "--"); | ||
249 | addargs(&args, "%s", host); | 252 | addargs(&args, "%s", host); |
250 | addargs(&args, "%s", cmd); | 253 | addargs(&args, "%s", cmd); |
251 | 254 | ||
@@ -337,10 +340,12 @@ main(int argc, char **argv) | |||
337 | case 'c': | 340 | case 'c': |
338 | case 'i': | 341 | case 'i': |
339 | case 'F': | 342 | case 'F': |
340 | addargs(&args, "-%c%s", ch, optarg); | 343 | addargs(&args, "-%c", ch); |
344 | addargs(&args, "%s", optarg); | ||
341 | break; | 345 | break; |
342 | case 'P': | 346 | case 'P': |
343 | addargs(&args, "-p%s", optarg); | 347 | addargs(&args, "-p"); |
348 | addargs(&args, "%s", optarg); | ||
344 | break; | 349 | break; |
345 | case 'B': | 350 | case 'B': |
346 | addargs(&args, "-oBatchmode yes"); | 351 | addargs(&args, "-oBatchmode yes"); |
@@ -548,6 +553,7 @@ toremote(char *targ, int argc, char **argv) | |||
548 | } else { | 553 | } else { |
549 | host = cleanhostname(argv[i]); | 554 | host = cleanhostname(argv[i]); |
550 | } | 555 | } |
556 | addargs(&alist, "--"); | ||
551 | addargs(&alist, "%s", host); | 557 | addargs(&alist, "%s", host); |
552 | addargs(&alist, "%s", cmd); | 558 | addargs(&alist, "%s", cmd); |
553 | addargs(&alist, "%s", src); | 559 | addargs(&alist, "%s", src); |
@@ -558,7 +564,7 @@ toremote(char *targ, int argc, char **argv) | |||
558 | errs = 1; | 564 | errs = 1; |
559 | } else { /* local to remote */ | 565 | } else { /* local to remote */ |
560 | if (remin == -1) { | 566 | if (remin == -1) { |
561 | xasprintf(&bp, "%s -t %s", cmd, targ); | 567 | xasprintf(&bp, "%s -t -- %s", cmd, targ); |
562 | host = cleanhostname(thost); | 568 | host = cleanhostname(thost); |
563 | if (do_cmd(host, tuser, bp, &remin, | 569 | if (do_cmd(host, tuser, bp, &remin, |
564 | &remout) < 0) | 570 | &remout) < 0) |
@@ -591,6 +597,7 @@ tolocal(int argc, char **argv) | |||
591 | addargs(&alist, "-r"); | 597 | addargs(&alist, "-r"); |
592 | if (pflag) | 598 | if (pflag) |
593 | addargs(&alist, "-p"); | 599 | addargs(&alist, "-p"); |
600 | addargs(&alist, "--"); | ||
594 | addargs(&alist, "%s", argv[i]); | 601 | addargs(&alist, "%s", argv[i]); |
595 | addargs(&alist, "%s", argv[argc-1]); | 602 | addargs(&alist, "%s", argv[argc-1]); |
596 | if (do_local_cmd(&alist)) | 603 | if (do_local_cmd(&alist)) |
@@ -610,7 +617,7 @@ tolocal(int argc, char **argv) | |||
610 | suser = pwd->pw_name; | 617 | suser = pwd->pw_name; |
611 | } | 618 | } |
612 | host = cleanhostname(host); | 619 | host = cleanhostname(host); |
613 | xasprintf(&bp, "%s -f %s", cmd, src); | 620 | xasprintf(&bp, "%s -f -- %s", cmd, src); |
614 | if (do_cmd(host, suser, bp, &remin, &remout) < 0) { | 621 | if (do_cmd(host, suser, bp, &remin, &remout) < 0) { |
615 | (void) xfree(bp); | 622 | (void) xfree(bp); |
616 | ++errs; | 623 | ++errs; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp.c,v 1.114 2009/12/06 23:53:54 dtucker Exp $ */ | 1 | /* $OpenBSD: sftp.c,v 1.115 2009/12/20 07:28:36 guenther Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -1809,7 +1809,8 @@ main(int argc, char **argv) | |||
1809 | fprintf(stderr, "Missing username\n"); | 1809 | fprintf(stderr, "Missing username\n"); |
1810 | usage(); | 1810 | usage(); |
1811 | } | 1811 | } |
1812 | addargs(&args, "-l%s", userhost); | 1812 | addargs(&args, "-l"); |
1813 | addargs(&args, "%s", userhost); | ||
1813 | } | 1814 | } |
1814 | 1815 | ||
1815 | if ((cp = colon(host)) != NULL) { | 1816 | if ((cp = colon(host)) != NULL) { |
@@ -1829,6 +1830,7 @@ main(int argc, char **argv) | |||
1829 | if (sftp_server == NULL || strchr(sftp_server, '/') == NULL) | 1830 | if (sftp_server == NULL || strchr(sftp_server, '/') == NULL) |
1830 | addargs(&args, "-s"); | 1831 | addargs(&args, "-s"); |
1831 | 1832 | ||
1833 | addargs(&args, "--"); | ||
1832 | addargs(&args, "%s", host); | 1834 | addargs(&args, "%s", host); |
1833 | addargs(&args, "%s", (sftp_server != NULL ? | 1835 | addargs(&args, "%s", (sftp_server != NULL ? |
1834 | sftp_server : "sftp")); | 1836 | sftp_server : "sftp")); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.328 2009/10/28 16:38:18 reyk Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.329 2009/12/20 07:28:36 guenther Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -528,7 +528,7 @@ main(int ac, char **av) | |||
528 | ac -= optind; | 528 | ac -= optind; |
529 | av += optind; | 529 | av += optind; |
530 | 530 | ||
531 | if (ac > 0 && !host && **av != '-') { | 531 | if (ac > 0 && !host) { |
532 | if (strrchr(*av, '@')) { | 532 | if (strrchr(*av, '@')) { |
533 | p = xstrdup(*av); | 533 | p = xstrdup(*av); |
534 | cp = strrchr(p, '@'); | 534 | cp = strrchr(p, '@'); |
diff --git a/sshd_config.5 b/sshd_config.5 index e54e70079..6d2ad9df0 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.112 2009/11/10 02:58:56 djm Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.113 2009/12/19 16:53:13 stevesk Exp $ |
38 | .Dd $Mdocdate: November 10 2009 $ | 38 | .Dd $Mdocdate: December 19 2009 $ |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -182,16 +182,16 @@ PAM or though authentication styles supported in | |||
182 | The default is | 182 | The default is |
183 | .Dq yes . | 183 | .Dq yes . |
184 | .It Cm ChrootDirectory | 184 | .It Cm ChrootDirectory |
185 | Specifies a path to | 185 | Specifies the pathname of a directory to |
186 | .Xr chroot 2 | 186 | .Xr chroot 2 |
187 | to after authentication. | 187 | to after authentication. |
188 | This path, and all its components, must be root-owned directories that are | 188 | All components of the pathname must be root-owned directories that are |
189 | not writable by any other user or group. | 189 | not writable by any other user or group. |
190 | After the chroot, | 190 | After the chroot, |
191 | .Xr sshd 8 | 191 | .Xr sshd 8 |
192 | changes the working directory to the user's home directory. | 192 | changes the working directory to the user's home directory. |
193 | .Pp | 193 | .Pp |
194 | The path may contain the following tokens that are expanded at runtime once | 194 | The pathname may contain the following tokens that are expanded at runtime once |
195 | the connecting user has been authenticated: %% is replaced by a literal '%', | 195 | the connecting user has been authenticated: %% is replaced by a literal '%', |
196 | %h is replaced by the home directory of the user being authenticated, and | 196 | %h is replaced by the home directory of the user being authenticated, and |
197 | %u is replaced by the username of that user. | 197 | %u is replaced by the username of that user. |