diff options
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | ssh.c | 44 |
2 files changed, 43 insertions, 9 deletions
| @@ -1,3 +1,9 @@ | |||
| 1 | 20040622 | ||
| 2 | - (dtucker) OpenBSD CVS Sync | ||
| 3 | - djm@cvs.openbsd.org 2004/06/20 17:36:59 | ||
| 4 | [ssh.c] | ||
| 5 | filter passed env vars at slave in connection sharing case; ok markus@ | ||
| 6 | |||
| 1 | 20040620 | 7 | 20040620 |
| 2 | - (tim) [configure.ac Makefile.in] Only change TEST_SHELL on broken platforms. | 8 | - (tim) [configure.ac Makefile.in] Only change TEST_SHELL on broken platforms. |
| 3 | 9 | ||
| @@ -1319,4 +1325,4 @@ | |||
| 1319 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 1325 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 1320 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 1326 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 1321 | 1327 | ||
| 1322 | $Id: ChangeLog,v 1.3417 2004/06/20 17:37:32 tim Exp $ | 1328 | $Id: ChangeLog,v 1.3418 2004/06/22 02:29:23 dtucker Exp $ |
| @@ -40,7 +40,7 @@ | |||
| 40 | */ | 40 | */ |
| 41 | 41 | ||
| 42 | #include "includes.h" | 42 | #include "includes.h" |
| 43 | RCSID("$OpenBSD: ssh.c,v 1.219 2004/06/18 10:55:43 markus Exp $"); | 43 | RCSID("$OpenBSD: ssh.c,v 1.220 2004/06/20 17:36:59 djm Exp $"); |
| 44 | 44 | ||
| 45 | #include <openssl/evp.h> | 45 | #include <openssl/evp.h> |
| 46 | #include <openssl/err.h> | 46 | #include <openssl/err.h> |
| @@ -1227,11 +1227,30 @@ control_client_sigrelay(int signo) | |||
| 1227 | kill(control_server_pid, signo); | 1227 | kill(control_server_pid, signo); |
| 1228 | } | 1228 | } |
| 1229 | 1229 | ||
| 1230 | static int | ||
| 1231 | env_permitted(char *env) | ||
| 1232 | { | ||
| 1233 | int i; | ||
| 1234 | char name[1024], *cp; | ||
| 1235 | |||
| 1236 | strlcpy(name, env, sizeof(name)); | ||
| 1237 | if ((cp = strchr(name, '=')) == NULL) | ||
| 1238 | return (0); | ||
| 1239 | |||
| 1240 | *cp = '\0'; | ||
| 1241 | |||
| 1242 | for (i = 0; i < options.num_send_env; i++) | ||
| 1243 | if (match_pattern(name, options.send_env[i])) | ||
| 1244 | return (1); | ||
| 1245 | |||
| 1246 | return (0); | ||
| 1247 | } | ||
| 1248 | |||
| 1230 | static void | 1249 | static void |
| 1231 | control_client(const char *path) | 1250 | control_client(const char *path) |
| 1232 | { | 1251 | { |
| 1233 | struct sockaddr_un addr; | 1252 | struct sockaddr_un addr; |
| 1234 | int i, r, sock, exitval, addr_len; | 1253 | int i, r, sock, exitval, num_env, addr_len; |
| 1235 | Buffer m; | 1254 | Buffer m; |
| 1236 | char *cp; | 1255 | char *cp; |
| 1237 | extern char **environ; | 1256 | extern char **environ; |
| @@ -1274,12 +1293,21 @@ control_client(const char *path) | |||
| 1274 | buffer_append(&command, "\0", 1); | 1293 | buffer_append(&command, "\0", 1); |
| 1275 | buffer_put_cstring(&m, buffer_ptr(&command)); | 1294 | buffer_put_cstring(&m, buffer_ptr(&command)); |
| 1276 | 1295 | ||
| 1277 | /* Pass environment */ | 1296 | if (options.num_send_env == 0 || environ == NULL) { |
| 1278 | for (i = 0; environ != NULL && environ[i] != NULL; i++) | 1297 | buffer_put_int(&m, 0); |
| 1279 | ; | 1298 | } else { |
| 1280 | buffer_put_int(&m, i); | 1299 | /* Pass environment */ |
| 1281 | for (i = 0; environ != NULL && environ[i] != NULL; i++) | 1300 | num_env = 0; |
| 1282 | buffer_put_cstring(&m, environ[i]); | 1301 | for (i = 0; environ[i] != NULL; i++) |
| 1302 | if (env_permitted(environ[i])) | ||
| 1303 | num_env++; /* Count */ | ||
| 1304 | |||
| 1305 | buffer_put_int(&m, num_env); | ||
| 1306 | |||
| 1307 | for (i = 0; environ[i] != NULL && num_env >= 0; i++, num_env--) | ||
| 1308 | if (env_permitted(environ[i])) | ||
| 1309 | buffer_put_cstring(&m, environ[i]); | ||
| 1310 | } | ||
| 1283 | 1311 | ||
| 1284 | if (ssh_msg_send(sock, /* version */0, &m) == -1) | 1312 | if (ssh_msg_send(sock, /* version */0, &m) == -1) |
| 1285 | fatal("%s: msg_send", __func__); | 1313 | fatal("%s: msg_send", __func__); |