[openssh-commits] [openssh] 03/03: upstream: avoid tilde_expand_filename() in expanding ~/.ssh/rc - if

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 20b5fab9f773b3d3c7f06cb15b8f69a2c081ee80
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Jul 3 07:02:37 2020 +0000

    upstream: avoid tilde_expand_filename() in expanding ~/.ssh/rc - if
    
    sshd is in chroot mode, the likely absence of a password database will cause
    tilde_expand_filename() to fatal; ok dtucker@
    
    OpenBSD-Commit-ID: e20aee6159e8b79190d18dba1513fc1b7c8b7ee1
---
 session.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/session.c b/session.c
index a37eb4ae..84d3286c 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.321 2020/07/03 06:46:41 djm Exp $ */
+/* $OpenBSD: session.c,v 1.322 2020/07/03 07:02:37 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1212,7 +1212,7 @@ do_rc_files(struct ssh *ssh, Session *s, const char *shell)
 
 	do_xauth =
 	    s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
-	user_rc = tilde_expand_filename("~/" _PATH_SSH_USER_RC, getuid());
+	xasprintf(&user_rc, "%s/%s", s->pw->pw_dir, _PATH_SSH_USER_RC);
 
 	/* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
 	if (!s->is_subsystem && options.adm_forced_command == NULL &&

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.