[openssh-commits] [openssh] 05/05: upstream: repair test after changes to percent expansion of usernames

Thu Sep 4 13:06:42 AEST 2025

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit f64701ca25795548a61614d0b13391d6dfa7f38c
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Thu Sep 4 03:04:44 2025 +0000

    upstream: repair test after changes to percent expansion of usernames
    
    on the commandline.
    
    Test more cases that should/shouldn't expand and lightly test
    username validity checks.
    
    OpenBSD-Regress-ID: ad4c12c70bdf1f959abfebd1637ecff1b49a484c
---
 regress/percent.sh | 45 +++++++++++++++++++++++++++++++++++++--------
 1 file changed, 37 insertions(+), 8 deletions(-)

diff --git a/regress/percent.sh b/regress/percent.sh
index 7ce9e8a1d..c607c8d23 100644
--- a/regress/percent.sh
+++ b/regress/percent.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: percent.sh,v 1.21 2025/04/08 23:10:46 djm Exp $
+#	$OpenBSD: percent.sh,v 1.22 2025/09/04 03:04:44 djm Exp $
 #	Placed in the Public Domain.
 
 tid="percent expansions"
@@ -33,14 +33,14 @@ trial()
 		if [ "$arg" = '%r' ] || [ "$arg" = '%C' ]; then
 			# User does not support %r, ie itself or %C.  Skip test.
 			got="$expect"
-		elif [ "$i" = "user" ]; then
+		elif [ "$opt" = "user" ]; then
 			got=`${SSH} -F $OBJ/ssh_proxy -o $opt="$arg" -G \
 			    remuser at somehost | awk '$1=="'$opt'"{print $2}'`
-		elif [ "$i" = "user-l" ]; then
+		elif [ "$opt" = "user-l" ]; then
 			# Also test ssh -l
 			got=`${SSH} -F $OBJ/ssh_proxy -l "$arg" -G \
 			    somehost | awk '$1=="'user'"{print $2}'`
-		elif [ "$i" = "user-at" ]; then
+		elif [ "$opt" = "user-at" ]; then
 			# Also test user at host
 			got=`${SSH} -F $OBJ/ssh_proxy -G "$arg at somehost" | \
 			    awk '$1=="'user'"{print $2}'`
@@ -91,7 +91,7 @@ trial()
 
 for i in matchexec localcommand remotecommand controlpath identityagent \
     forwardagent localforward remoteforward revokedhostkeys \
-    user user-l user-at setenv userknownhostsfile; do
+    user setenv userknownhostsfile; do
 	verbose $tid $i percent
 	case "$i" in
 	localcommand|userknownhostsfile)
@@ -137,11 +137,11 @@ done
 
 # Subset of above since we don't expand shell-style variables on anything that
 # runs a command because the shell will expand those.
+FOO=bar
+export FOO
 for i in controlpath identityagent forwardagent localforward remoteforward \
-    user user-l user-at setenv userknownhostsfile; do
+    user setenv userknownhostsfile; do
 	verbose $tid $i dollar
-	FOO=bar
-	export FOO
 	trial $i '${FOO}' $FOO
 done
 
@@ -152,3 +152,32 @@ for i in controlpath identityagent forwardagent; do
 	trial $i '~' $HOME/
 	trial $i '~/.ssh' $HOME/.ssh
 done
+
+for i in user-l user-at; do
+	verbose $tid $i noexpand
+	trial $i '%u' '%u'
+done
+
+# These should be not be expanded but rejected for containing shell characters.
+verbose $tid user-l noenv
+${SSH} -F $OBJ/ssh_proxy -l '${FOO}' -G somehost && fail "user-l expanded env"
+verbose $tid user-at noenv
+${SSH} -F $OBJ/ssh_proxy -G '${FOO}@somehost' && fail "user-at expanded env"
+
+FOO=`printf 'x\ay'`
+export FOO
+
+# These should be rejected as containing control characters.
+verbose $tid user-l badchar
+${SSH} -F $OBJ/ssh_proxy -l "${FOO}" -G somehost && fail "user-l expanded env"
+verbose $tid user-at badchar
+${SSH} -F $OBJ/ssh_proxy -G "${FOO}@somehost" && fail "user-at expanded env"
+
+# Literal control characters in config is acceptable
+verbose $tid user control-literal
+trial user "$FOO" "$FOO"
+
+# Control characters expanded from config aren't.
+${SSH} -F $OBJ/ssh_proxy -G '-oUser=${FOO}' somehost && \
+    fail "user expanded ctrl"
+

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
