- deraadt@cvs.openbsd.org 2002/06/26 13:49:26
[session.c]
disclose less information from environment files; based on input
from djm, and dschultz@uclink.Berkeley.EDU
diff --git a/ChangeLog b/ChangeLog
index 8dc2ba2..266664c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -51,6 +51,10 @@
- deraadt@cvs.openbsd.org 2002/06/26 13:20:57
[monitor.c]
be careful in mm_zalloc
+ - deraadt@cvs.openbsd.org 2002/06/26 13:49:26
+ [session.c]
+ disclose less information from environment files; based on input
+ from djm, and dschultz@uclink.Berkeley.EDU
- (djm) Require krb5 devel for RPM build w/ KrbV
- (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai
<nalin@redhat.com>
@@ -1153,4 +1157,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2296 2002/06/26 13:27:11 djm Exp $
+$Id: ChangeLog,v 1.2297 2002/06/26 13:51:06 djm Exp $
diff --git a/session.c b/session.c
index 51c8a0a..747a00a 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.141 2002/06/26 08:58:26 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -877,12 +877,15 @@
FILE *f;
char buf[4096];
char *cp, *value;
+ u_int lineno = 0;
f = fopen(filename, "r");
if (!f)
return;
while (fgets(buf, sizeof(buf), f)) {
+ if (++lineno > 1000)
+ fatal("Too many lines in environment file %s", filename);
for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
;
if (!*cp || *cp == '#' || *cp == '\n')
@@ -891,7 +894,8 @@
*strchr(cp, '\n') = '\0';
value = strchr(cp, '=');
if (value == NULL) {
- fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
+ fprintf(stderr, "Bad line %u in %.100s\n", lineno,
+ filename);
continue;
}
/*