Don't make parsing of authorized_keys' environment= option conditional

on PermitUserEnv - always parse it, but only use the result if the
option is enabled. This prevents the syntax of authorized_keys changing
depending on which sshd_config options were enabled.

bz#2329; based on patch from coladict AT gmail.com, ok dtucker@

diff --git a/usr.bin/ssh/auth-options.c b/usr.bin/ssh/auth-options.c
index 3d7c334..cf51ac3 100644 (file)
--- a/usr.bin/ssh/auth-options.c
+++ b/usr.bin/ssh/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.66 2015/04/22 01:24:01 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.67 2015/05/01 03:20:54 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -206,8 +206,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                        goto next_option;
                }
                cp = "environment=\"";
-               if (options.permit_user_env &&
-                   strncasecmp(opts, cp, strlen(cp)) == 0) {
+               if (strncasecmp(opts, cp, strlen(cp)) == 0) {
                        char *s;
                        struct envstring *new_envstring;
 
@@ -233,13 +232,19 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                                goto bad_option;
                        }
                        s[i] = '\0';
-                       auth_debug_add("Adding to environment: %.900s", s);
-                       debug("Adding to environment: %.900s", s);
                        opts++;
-                       new_envstring = xcalloc(1, sizeof(struct envstring));
-                       new_envstring->s = s;
-                       new_envstring->next = custom_environment;
-                       custom_environment = new_envstring;
+                       if (options.permit_user_env) {
+                               auth_debug_add("Adding to environment: "
+                                   "%.900s", s);
+                               debug("Adding to environment: %.900s", s);
+                               new_envstring = xcalloc(1,
+                                   sizeof(*new_envstring));
+                               new_envstring->s = s;
+                               new_envstring->next = custom_environment;
+                               custom_environment = new_envstring;
+                               s = NULL;
+                       }
+                       free(s);
                        goto next_option;
                }
                cp = "from=\"";