1
0
mirror of https://github.com/openbsd/src.git synced 2024-12-22 16:42:56 -08:00

require control-escape character sequences passed via the '-e ^x'

commandline to be exactly two characters long. Avoids one by OOB
read if ssh is invoked as "ssh -e^ ..."

Spotted by Maciej Domanski in GHPR368
This commit is contained in:
djm 2024-10-18 05:03:34 +00:00
parent 632d59bf82
commit d47e98a976

View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh.c,v 1.600 2024/01/11 01:45:36 djm Exp $ */
/* $OpenBSD: ssh.c,v 1.601 2024/10/18 05:03:34 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -939,7 +939,7 @@ main(int ac, char **av)
options.log_level = SYSLOG_LEVEL_QUIET;
break;
case 'e':
if (optarg[0] == '^' && optarg[2] == 0 &&
if (strlen(optarg) == 2 && optarg[0] == '^' &&
(u_char) optarg[1] >= 64 &&
(u_char) optarg[1] < 128)
options.escape_char = (u_char) optarg[1] & 31;