[openssh-commits] [openssh] 03/06: upstream: detect invalid sshd_config Subsystem directives inside

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Dec 19 12:00:11 AEDT 2025 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 4e0f2dee54d210dc44f72f73e703c6dc5348a406
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Fri Dec 19 00:48:04 2025 +0000

    upstream: detect invalid sshd_config Subsystem directives inside
    
    Match blocks at startup rather than failing later at runtime;
    
    noticed via bz#3906; ok dtucker
    
    OpenBSD-Commit-ID: e6035ff0baa375de6c9f22c883ed530a8649dfed
---
 servconf.c | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/servconf.c b/servconf.c
index 1b8cfa4b6..57a14294c 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.440 2025/12/16 08:32:50 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.441 2025/12/19 00:48:04 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1958,8 +1958,8 @@ process_server_config_line_depth(ServerOptions *options, char *line,
 		break;
 
 	case sSubsystem:
-		arg = argv_next(&ac, &av);
-		if (!arg || *arg == '\0')
+		if ((arg = argv_next(&ac, &av)) == NULL || *arg == '\0' ||
+		   ((arg2 = argv_next(&ac, &av)) == NULL || *arg == '\0'))
 			fatal("%s line %d: %s missing argument.",
 			    filename, linenum, keyword);
 		if (!*activep) {
@@ -1992,15 +1992,10 @@ process_server_config_line_depth(ServerOptions *options, char *line,
 		    options->num_subsystems + 1,
 		    sizeof(*options->subsystem_args));
 		options->subsystem_name[options->num_subsystems] = xstrdup(arg);
-		arg = argv_next(&ac, &av);
-		if (!arg || *arg == '\0') {
-			fatal("%s line %d: Missing subsystem command.",
-			    filename, linenum);
-		}
 		options->subsystem_command[options->num_subsystems] =
-		    xstrdup(arg);
+		    xstrdup(arg2);
 		/* Collect arguments (separate to executable) */
-		arg = argv_assemble(1, &arg); /* quote command correctly */
+		arg = argv_assemble(1, &arg2); /* quote command correctly */
 		arg2 = argv_assemble(ac, av); /* rest of command */
 		xasprintf(&options->subsystem_args[options->num_subsystems],
 		    "%s%s%s", arg, *arg2 == '\0' ? "" : " ", arg2);

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list