diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2020-10-15 19:55:15 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2020-10-15 19:55:15 +0800 |
| commit | 0e3e8db5bfca0c579be55e7580a46c593c1384be (patch) | |
| tree | 2b1a718f633fb95c1f2d689a591cf9e8642697f3 /svr-authpubkeyoptions.c | |
| parent | 78e17f6ee9a944430da3e517ee1fe384fd6b275b (diff) | |
| parent | 17873e8c922eded2cec86184673a6d110df6403f (diff) | |
merge from main
--HG--
branch : fuzz
Diffstat (limited to 'svr-authpubkeyoptions.c')
| -rw-r--r-- | svr-authpubkeyoptions.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/svr-authpubkeyoptions.c b/svr-authpubkeyoptions.c index 19f07b9..4f0c943 100644 --- a/svr-authpubkeyoptions.c +++ b/svr-authpubkeyoptions.c @@ -92,6 +92,7 @@ int svr_pubkey_allows_pty() { * by any 'command' public key option. */ void svr_pubkey_set_forced_command(struct ChanSess *chansess) { if (ses.authstate.pubkey_options && ses.authstate.pubkey_options->forced_command) { + TRACE(("Forced command '%s'", ses.authstate.pubkey_options->forced_command)) if (chansess->cmd) { /* original_command takes ownership */ chansess->original_command = chansess->cmd; @@ -113,7 +114,6 @@ void svr_pubkey_options_cleanup() { m_free(ses.authstate.pubkey_options->forced_command); } m_free(ses.authstate.pubkey_options); - ses.authstate.pubkey_options = NULL; } } @@ -147,20 +147,20 @@ int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filena ses.authstate.pubkey_options->no_port_forwarding_flag = 1; goto next_option; } -#if DROPBEAR_SVR_AGENTFWD if (match_option(options_buf, "no-agent-forwarding") == DROPBEAR_SUCCESS) { +#if DROPBEAR_SVR_AGENTFWD dropbear_log(LOG_WARNING, "Agent forwarding disabled."); ses.authstate.pubkey_options->no_agent_forwarding_flag = 1; +#endif goto next_option; } -#endif -#if DROPBEAR_X11FWD if (match_option(options_buf, "no-X11-forwarding") == DROPBEAR_SUCCESS) { +#if DROPBEAR_X11FWD dropbear_log(LOG_WARNING, "X11 forwarding disabled."); ses.authstate.pubkey_options->no_x11_forwarding_flag = 1; +#endif goto next_option; } -#endif if (match_option(options_buf, "no-pty") == DROPBEAR_SUCCESS) { dropbear_log(LOG_WARNING, "Pty allocation disabled."); ses.authstate.pubkey_options->no_pty_flag = 1; @@ -169,6 +169,12 @@ int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filena if (match_option(options_buf, "command=\"") == DROPBEAR_SUCCESS) { int escaped = 0; const unsigned char* command_start = buf_getptr(options_buf, 0); + + if (ses.authstate.pubkey_options->forced_command) { + /* multiple command= options */ + goto bad_option; + } + while (options_buf->pos < options_buf->len) { const char c = buf_getbyte(options_buf); if (!escaped && c == '"') { @@ -177,8 +183,6 @@ int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filena memcpy(ses.authstate.pubkey_options->forced_command, command_start, command_len-1); ses.authstate.pubkey_options->forced_command[command_len-1] = '\0'; - dropbear_log(LOG_WARNING, "Forced command '%s'", - ses.authstate.pubkey_options->forced_command); goto next_option; } escaped = (!escaped && c == '\\'); |