Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
openssh
openssh-cve-2023-51385.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssh-cve-2023-51385.patch of Package openssh
Index: openssh-8.4p1/ssh.c =================================================================== --- openssh-8.4p1.orig/ssh.c +++ openssh-8.4p1/ssh.c @@ -640,6 +640,41 @@ set_addrinfo_port(struct addrinfo *addrs } } +static int +valid_hostname(const char *s) +{ + size_t i; + + if (*s == '-') + return 0; + for (i = 0; s[i] != 0; i++) { + if (strchr("'`\"$\\;&<>|(){}", s[i]) != NULL || + isspace((u_char)s[i]) || iscntrl((u_char)s[i])) + return 0; + } + return 1; +} + +static int +valid_ruser(const char *s) +{ + size_t i; + + if (*s == '-') + return 0; + for (i = 0; s[i] != 0; i++) { + if (strchr("'`\";&<>|(){}", s[i]) != NULL) + return 0; + /* Disallow '-' after whitespace */ + if (isspace((u_char)s[i]) && s[i + 1] == '-') + return 0; + /* Disallow \ in last position */ + if (s[i] == '\\' && s[i + 1] == '\0') + return 0; + } + return 1; +} + /* * Main program for the ssh client. */ @@ -1129,6 +1164,11 @@ main(int ac, char **av) if (!host) usage(); + if (!valid_hostname(host)) + fatal("hostname contains invalid characters"); + if (options.user != NULL && !valid_ruser(options.user)) + fatal("remote username contains invalid characters"); + host_arg = xstrdup(host); /* Initialize the command to execute on remote host. */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor