move username validity check for usernames specified on the

mirror of https://github.com/openbsd/src.git synced 2026-04-15 09:44:36 +00:00

commandline to earlier in main(), specifically before some
contexts where a username with shell characters might be
expanded by a %u directive in ssh_config.

We continue to recommend against using untrusted input on
the SSH commandline. Mitigations like this are not 100%
guarantees of safety because we can't control every
combination of user shell and configuration where they are
used.

Reported by Florian Kohnhäuser

This commit is contained in:

djm

2026-04-02 07:50:55 +00:00

parent f68503eaa6

commit 572646d530

1 changed files with 8 additions and 1 deletions

									
										9

usr.bin/ssh/ssh.c
									
												View File
												
				@@ -1,4 +1,4 @@

				/* $OpenBSD: ssh.c,v 1.629 2026/03/30 07:18:24 djm Exp $ */

				/* $OpenBSD: ssh.c,v 1.630 2026/04/02 07:50:55 djm Exp $ */

				/*

				 * Author: Tatu Ylonen <ylo@cs.hut.fi>

				 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland

				@@ -1113,8 +1113,15 @@ main(int ac, char **av)

					if (!host)

						usage();

					/*

					 * Validate commandline-specified values that end up in %tokens

					 * before they are used in config parsing.

					 */

					if (options.user != NULL && !ssh_valid_ruser(options.user))

						fatal("remote username contains invalid characters");

					if (!ssh_valid_hostname(host))

						fatal("hostname contains invalid characters");

					options.host_arg = xstrdup(host);

					/* Initialize the command to execute on remote host. */

move username validity check for usernames specified on the

9 usr.bin/ssh/ssh.c Unescape Escape View File

9

usr.bin/ssh/ssh.c

View File