[Bug 3667] New: Trailing space is added when parsing Subsystem in sshd_config

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Feb 8 23:16:50 AEDT 2024


https://bugzilla.mindrot.org/show_bug.cgi?id=3667

            Bug ID: 3667
           Summary: Trailing space is added when parsing Subsystem in
                    sshd_config
           Product: Portable OpenSSH
           Version: 9.5p1
          Hardware: All
                OS: FreeBSD
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: furaisanjin at gmail.com

This is found in FreeBSD14.0 release which includes version 9.5p1.

Part of process_server_config_line_depth function on servconf.c is
something like this.

                options->subsystem_command[options->num_subsystems] =
                    xstrdup(arg);
                /* Collect arguments (separate to executable) */
                arg = argv_assemble(1, &arg); /* quote command
correctly */
                arg2 = argv_assemble(ac, av); /* rest of command */
               
xasprintf(&options->subsystem_args[options->num_subsystems],
                    "%s %s", arg, arg2);
                free(arg2);

Subsystem definion in sshd_config is defined like this.

# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server

In this case arg2 (rest of command) doesn't have anything but it is
appended followed by arg and put that on subsystem_args. The result
always has trailing space.

This may not be the problem in most case but I have command="..." in
~/.ssh/authorized_keys and the command checks the given input very
strictly. The command doesn't accept such input due to this.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list