jonathancammack / rpms / openssh

Forked from rpms/openssh 8 months ago
Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   c7
  2.   SOURCES
  3.   openssh-9.6p1-upstream-cve-2023-51385.patch
Blob Blame History Raw 
--- ssh.c	2024-03-02 19:08:29.085655690 -0500
+++ ssh.c	2024-03-02 19:14:10.889324532 -0500
@@ -484,6 +484,41 @@
 	}
 }
 
+static int
+valid_hostname(const char *s)
+{
+	size_t i;
+
+	if (*s == '-')
+		return 0;
+	for (i = 0; s[i] != 0; i++) {
+		if (strchr("'`\"$\\;&<>|(){}", s[i]) != NULL ||
+		    isspace((u_char)s[i]) || iscntrl((u_char)s[i]))
+			return 0;
+	}
+	return 1;
+}
+
+static int
+valid_ruser(const char *s)
+{
+	size_t i;
+
+	if (*s == '-')
+		return 0;
+	for (i = 0; s[i] != 0; i++) {
+		if (strchr("'`\";&<>|(){}", s[i]) != NULL)
+			return 0;
+		/* Disallow '-' after whitespace */
+		if (isspace((u_char)s[i]) && s[i + 1] == '-')
+			return 0;
+		/* Disallow \ in last position */
+		if (s[i] == '\\' && s[i + 1] == '\0')
+			return 0;
+	}
+	return 1;
+}
+
 /* Rewrite the port number in an addrinfo list of addresses */
 static void
 set_addrinfo_port(struct addrinfo *addrs, int port)
@@ -961,6 +996,11 @@
 	if (!host)
 		usage();
 
+	if (!valid_hostname(host))
+		fatal("hostname contains invalid characters");
+	if (options.user != NULL && !valid_ruser(options.user))
+		fatal("remote username contains invalid characters");
+
 	host_arg = xstrdup(host);
 
 #ifdef WITH_OPENSSL

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation