[Bug 3288] New: Ignoring comments at end of config file lines broke ProxyCommand with #-sign in script

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Mar 26 03:01:18 AEDT 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3288

            Bug ID: 3288
           Summary: Ignoring comments at end of config file lines broke
                    ProxyCommand with #-sign in script
           Product: Portable OpenSSH
           Version: 8.5p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: tlsalmin at gmail.com

I wondered why my favorite ProxyCommand stopped working after upgrade
to 8.5:

Host ??_*         
  User root                                                             
  SendEnv TERM=xterm              
  CheckHostIP no          
  ControlPath ~/.ssh/cms/%r@%h:%p
  ControlMaster auto      
  ControlPersist 1m 
  ProxyCommand bash -c 'ssh root at 172.16.249.$((1 + ${0%%_*})) nc
${0#[0-9]*_} $1 -q 0' %h %p
  StrictHostKeyChecking accept-new

Checking with verbose the command is clipped:

debug1: Executing proxy command: exec bash -c 'ssh root at 172.16.249.$((1
+ ${0%_*})) nc ${0

Checking again with strace to make sure the command isn't just clipped
by the printer:

execve("/bin/zsh", ["/bin/zsh", "-c", "exec bash -c 'ssh
root at 172.16.249.$((1 + ${0%_*})) nc ${0"], 0x556526e9b320 /* 47 vars
*/) = 0

The command is clipped at the # sign. after digging I found this commit
to be the culprit:

tree d9cd1cc34e9b0f2b36080069b0bcaa39dd0152e3                           
parent b755264e7d3cdf1de34e18df1af4efaa76a3c015                         
author dtucker at openbsd.org <dtucker at openbsd.org> Mon Nov 30 05:36:39
2020 +0000                                                              
committer Damien Miller <djm at mindrot.org> Fri Dec 4 13:42:38 2020 +1100 

upstream: Ignore comments at the end of config lines in ssh_config,     

similar to what we already do for sshd_config.  bz#2320, with & ok djm@ 

OpenBSD-Commit-ID: bdbf9fc5bc72b1a14266f5f61723ed57307a6db4             

diff --git a/readconf.c b/readconf.c                                    
index 09b5e086..d60eeacf 100644                                         
--- a/readconf.c                                                        
+++ b/readconf.c                                                        
@@ -1,4 +1,4 @@                                                         
-/* $OpenBSD: readconf.c,v 1.342 2020/11/15 22:34:58 djm Exp $ */       
+/* $OpenBSD: readconf.c,v 1.343 2020/11/30 05:36:39 dtucker Exp $ */   
 /*                                                                     
  * Author: Tatu Ylonen <ylo at cs.hut.fi>                                 
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland      
@@ -1899,7 +1899,7 @@ read_config_file_depth(const char *filename,
struct passwd *pw,                                                      
     int flags, int *activep, int *want_final_pass, int depth)          
 {                                                                      
        FILE *f;                                                        
-       char *line = NULL;                                              
+       char *cp, *line = NULL;                                         
        size_t linesize = 0;                                            
        int linenum;                                                    
        int bad_options = 0;                                            
@@ -1930,6 +1930,13 @@ read_config_file_depth(const char *filename,
struct passwd *pw,                                                      
        while (getline(&line, &linesize, f) != -1) {                    
                /* Update line number counter. */                       
                linenum++;                                              
+               /*                                                      
+                * Trim out comments and strip whitespace.              
+                * NB - preserve newlines, they are needed to reproduce 
+                * line numbers later for error messages.               
+                */                                                     
+               if ((cp = strchr(line, '#')) != NULL)                   
+                       *cp = '\0';                                     
                if (process_config_line_depth(options, pw, host,
original_host,                                                          
                    line, filename, linenum, activep, flags,
want_final_pass,                                                        
                    depth) != 0)

To fix it one would have to keep tabs on when it is inside a parameter
and only add the null-termination when it is outside of a parameter.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list