[Bug 3288] New: Ignoring comments at end of config file lines broke ProxyCommand with #-sign in script
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Mar 26 03:01:18 AEDT 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3288
Bug ID: 3288
Summary: Ignoring comments at end of config file lines broke
ProxyCommand with #-sign in script
Product: Portable OpenSSH
Version: 8.5p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: tlsalmin at gmail.com
I wondered why my favorite ProxyCommand stopped working after upgrade
to 8.5:
Host ??_*
User root
SendEnv TERM=xterm
CheckHostIP no
ControlPath ~/.ssh/cms/%r@%h:%p
ControlMaster auto
ControlPersist 1m
ProxyCommand bash -c 'ssh root at 172.16.249.$((1 + ${0%%_*})) nc
${0#[0-9]*_} $1 -q 0' %h %p
StrictHostKeyChecking accept-new
Checking with verbose the command is clipped:
debug1: Executing proxy command: exec bash -c 'ssh root at 172.16.249.$((1
+ ${0%_*})) nc ${0
Checking again with strace to make sure the command isn't just clipped
by the printer:
execve("/bin/zsh", ["/bin/zsh", "-c", "exec bash -c 'ssh
root at 172.16.249.$((1 + ${0%_*})) nc ${0"], 0x556526e9b320 /* 47 vars
*/) = 0
The command is clipped at the # sign. after digging I found this commit
to be the culprit:
tree d9cd1cc34e9b0f2b36080069b0bcaa39dd0152e3
parent b755264e7d3cdf1de34e18df1af4efaa76a3c015
author dtucker at openbsd.org <dtucker at openbsd.org> Mon Nov 30 05:36:39
2020 +0000
committer Damien Miller <djm at mindrot.org> Fri Dec 4 13:42:38 2020 +1100
upstream: Ignore comments at the end of config lines in ssh_config,
similar to what we already do for sshd_config. bz#2320, with & ok djm@
OpenBSD-Commit-ID: bdbf9fc5bc72b1a14266f5f61723ed57307a6db4
diff --git a/readconf.c b/readconf.c
index 09b5e086..d60eeacf 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.342 2020/11/15 22:34:58 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.343 2020/11/30 05:36:39 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1899,7 +1899,7 @@ read_config_file_depth(const char *filename,
struct passwd *pw,
int flags, int *activep, int *want_final_pass, int depth)
{
FILE *f;
- char *line = NULL;
+ char *cp, *line = NULL;
size_t linesize = 0;
int linenum;
int bad_options = 0;
@@ -1930,6 +1930,13 @@ read_config_file_depth(const char *filename,
struct passwd *pw,
while (getline(&line, &linesize, f) != -1) {
/* Update line number counter. */
linenum++;
+ /*
+ * Trim out comments and strip whitespace.
+ * NB - preserve newlines, they are needed to reproduce
+ * line numbers later for error messages.
+ */
+ if ((cp = strchr(line, '#')) != NULL)
+ *cp = '\0';
if (process_config_line_depth(options, pw, host,
original_host,
line, filename, linenum, activep, flags,
want_final_pass,
depth) != 0)
To fix it one would have to keep tabs on when it is inside a parameter
and only add the null-termination when it is outside of a parameter.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list