From ae45246696fed011e1a9941d33b89669c74b3198 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Wed, 10 Oct 2001 15:08:06 +1000
Subject:    - markus@cvs.openbsd.org 2001/10/09 19:32:49      [session.c]     
 stat subsystem command before calling do_exec, and return error to client.

---
 session.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

(limited to 'session.c')

diff --git a/session.c b/session.c
index 0e3e933f9..c1305da6a 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.104 2001/10/09 10:12:08 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.105 2001/10/09 19:32:49 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -1672,25 +1672,33 @@ session_pty_req(Session *s)
 static int
 session_subsystem_req(Session *s)
 {
+	struct stat st;
 	u_int len;
 	int success = 0;
-	char *subsys = packet_get_string(&len);
+	char *cmd, *subsys = packet_get_string(&len);
 	int i;
 
 	packet_done();
 	log("subsystem request for %s", subsys);
 
 	for (i = 0; i < options.num_subsystems; i++) {
-		if(strcmp(subsys, options.subsystem_name[i]) == 0) {
-			debug("subsystem: exec() %s", options.subsystem_command[i]);
+		if (strcmp(subsys, options.subsystem_name[i]) == 0) {
+			cmd = options.subsystem_command[i];
+			if (stat(cmd, &st) < 0) {
+				error("subsystem: cannot stat %s: %s", cmd,
+				    strerror(errno));
+				break;
+			}
+			debug("subsystem: exec() %s", cmd);
 			s->is_subsystem = 1;
-			do_exec(s, options.subsystem_command[i]);
+			do_exec(s, cmd);
 			success = 1;
 		}
 	}
 
 	if (!success)
-		log("subsystem request for %s failed, subsystem not found", subsys);
+		log("subsystem request for %s failed, subsystem not found",
+		    subsys);
 
 	xfree(subsys);
 	return success;
-- 
cgit v1.2.3