From: djm Date: Fri, 1 May 2015 03:20:54 +0000 (+0000) Subject: Don't make parsing of authorized_keys' environment= option conditional X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=0c0083e5a83252b8702df13bcfa4553c50a7cc91;p=openbsd Don't make parsing of authorized_keys' environment= option conditional on PermitUserEnv - always parse it, but only use the result if the option is enabled. This prevents the syntax of authorized_keys changing depending on which sshd_config options were enabled. bz#2329; based on patch from coladict AT gmail.com, ok dtucker@ --- diff --git a/usr.bin/ssh/auth-options.c b/usr.bin/ssh/auth-options.c index 3d7c334720c..cf51ac3dd54 100644 --- a/usr.bin/ssh/auth-options.c +++ b/usr.bin/ssh/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.66 2015/04/22 01:24:01 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.67 2015/05/01 03:20:54 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -206,8 +206,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) goto next_option; } cp = "environment=\""; - if (options.permit_user_env && - strncasecmp(opts, cp, strlen(cp)) == 0) { + if (strncasecmp(opts, cp, strlen(cp)) == 0) { char *s; struct envstring *new_envstring; @@ -233,13 +232,19 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) goto bad_option; } s[i] = '\0'; - auth_debug_add("Adding to environment: %.900s", s); - debug("Adding to environment: %.900s", s); opts++; - new_envstring = xcalloc(1, sizeof(struct envstring)); - new_envstring->s = s; - new_envstring->next = custom_environment; - custom_environment = new_envstring; + if (options.permit_user_env) { + auth_debug_add("Adding to environment: " + "%.900s", s); + debug("Adding to environment: %.900s", s); + new_envstring = xcalloc(1, + sizeof(*new_envstring)); + new_envstring->s = s; + new_envstring->next = custom_environment; + custom_environment = new_envstring; + s = NULL; + } + free(s); goto next_option; } cp = "from=\"";