[openssh-commits] [openssh] branch master updated (f38a552dc -> 43b3bff47)

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Sep 4 10:30:42 AEST 2025 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

    from f38a552dc missing header
     new 35d591765 upstream: Improve rules for %-expansion of username.
     new 43b3bff47 upstream: don't allow \0 characters in url-encoded strings.

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 43b3bff47bb029f2299bacb6a36057981b39fdb0
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Sep 4 00:30:06 2025 +0000

    upstream: don't allow \0 characters in url-encoded strings.
    
    Suggested by David Leadbeater, ok deraadt@
    
    OpenBSD-Commit-ID: c92196cef0f970ceabc1e8007a80b01e9b7cd49c

commit 35d5917652106aede47621bb3f64044604164043
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Sep 4 00:29:09 2025 +0000

    upstream: Improve rules for %-expansion of username.
    
    Usernames passed on the commandline will no longer be subject to
    % expansion. Some tools invoke ssh with connection information
    (i.e. usernames and host names) supplied from untrusted sources.
    These may contain % expansion sequences which could yield
    unexpected results.
    
    Since openssh-9.6, all usernames have been subject to validity
    checking. This change tightens the validity checks by refusing
    usernames that include control characters (again, these can cause
    surprises when supplied adversarially).
    
    This change also relaxes the validity checks in one small way:
    usernames supplied via the configuration file as literals (i.e.
    include no % expansion characters) are not subject to these
    validity checks. This allows usernames that contain arbitrary
    characters to be used, but only via configuration files. This
    is done on the basis that ssh's configuration is trusted.
    
    Pointed out by David Leadbeater, ok deraadt@
    
    OpenBSD-Commit-ID: e2f0c871fbe664aba30607321575e7c7fc798362

Summary of changes:
 misc.c |  7 ++++---
 ssh.c  | 33 ++++++++++++++++++++++++++-------
 2 files changed, 30 insertions(+), 10 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list