[Bug 2281] New: sshd accepts empty arguments in ForceCommand and VersionAddendum

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Sep 25 00:46:28 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=2281

            Bug ID: 2281
           Summary: sshd accepts empty arguments in ForceCommand and
                    VersionAddendum
           Product: Portable OpenSSH
           Version: 6.6p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: plautrba at redhat.com

Created attachment 2481
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2481&action=edit
check for empty arguments in VersionAddendum and ForceCommand

When the mentioned options are specified with white spaces, they are
accepted by the parser. There are missing checks for empty strings in
cp.

# /usr/sbin/sshd -o "ForceCommand " -t

# /usr/sbin/sshd -o "ForceCommand" -t
command-line line 0: Missing argument.


The attached patch fixes it.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list