diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2004-06-20 17:37:00 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2004-06-20 17:37:00 +0000 |
commit | 94334a6841f1f87d7fc9f50bc56ba7fffb8d47b7 (patch) | |
tree | f6037df5253cf80b69dcb87585d9d019a14efb3f /usr.bin/ssh | |
parent | 5c43065e738ab2bd8bb6e962d71f7d9d03ce7257 (diff) |
filter passed env vars at slave in connection sharing case; ok markus@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r-- | usr.bin/ssh/ssh.c | 44 |
1 files changed, 36 insertions, 8 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index f5c3cb7bd6d..c49650e8ca0 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.219 2004/06/18 10:55:43 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.220 2004/06/20 17:36:59 djm Exp $"); #include <openssl/evp.h> #include <openssl/err.h> @@ -1211,11 +1211,30 @@ control_client_sigrelay(int signo) kill(control_server_pid, signo); } +static int +env_permitted(char *env) +{ + int i; + char name[1024], *cp; + + strlcpy(name, env, sizeof(name)); + if ((cp = strchr(name, '=')) == NULL) + return (0); + + *cp = '\0'; + + for (i = 0; i < options.num_send_env; i++) + if (match_pattern(name, options.send_env[i])) + return (1); + + return (0); +} + static void control_client(const char *path) { struct sockaddr_un addr; - int i, r, sock, exitval; + int i, r, sock, exitval, num_env; Buffer m; char *cp; extern char **environ; @@ -1258,12 +1277,21 @@ control_client(const char *path) buffer_append(&command, "\0", 1); buffer_put_cstring(&m, buffer_ptr(&command)); - /* Pass environment */ - for (i = 0; environ != NULL && environ[i] != NULL; i++) - ; - buffer_put_int(&m, i); - for (i = 0; environ != NULL && environ[i] != NULL; i++) - buffer_put_cstring(&m, environ[i]); + if (options.num_send_env == 0 || environ == NULL) { + buffer_put_int(&m, 0); + } else { + /* Pass environment */ + num_env = 0; + for (i = 0; environ[i] != NULL; i++) + if (env_permitted(environ[i])) + num_env++; /* Count */ + + buffer_put_int(&m, num_env); + + for (i = 0; environ[i] != NULL && num_env >= 0; i++, num_env--) + if (env_permitted(environ[i])) + buffer_put_cstring(&m, environ[i]); + } if (ssh_msg_send(sock, /* version */0, &m) == -1) fatal("%s: msg_send", __func__); |