mirror of
https://github.com/openbsd/src.git
synced 2024-12-22 16:42:56 -08:00
require control-escape character sequences passed via the '-e ^x'
commandline to be exactly two characters long. Avoids one by OOB read if ssh is invoked as "ssh -e^ ..." Spotted by Maciej Domanski in GHPR368
This commit is contained in:
parent
632d59bf82
commit
d47e98a976
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ssh.c,v 1.600 2024/01/11 01:45:36 djm Exp $ */
|
||||
/* $OpenBSD: ssh.c,v 1.601 2024/10/18 05:03:34 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -939,7 +939,7 @@ main(int ac, char **av)
|
||||
options.log_level = SYSLOG_LEVEL_QUIET;
|
||||
break;
|
||||
case 'e':
|
||||
if (optarg[0] == '^' && optarg[2] == 0 &&
|
||||
if (strlen(optarg) == 2 && optarg[0] == '^' &&
|
||||
(u_char) optarg[1] >= 64 &&
|
||||
(u_char) optarg[1] < 128)
|
||||
options.escape_char = (u_char) optarg[1] & 31;
|
||||
|
Loading…
Reference in New Issue
Block a user