[openssh-commits] [openssh] 06/12: upstream: move username validity check for usernames specified on

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Apr 2 20:26:21 AEDT 2026 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch V_10_3
in repository openssh.

commit 76685c9b09a66435cd2ad8373246adf1c53976d3
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Thu Apr 2 07:50:55 2026 +0000

    upstream: move username validity check for usernames specified on
    
    the commandline to earlier in main(), specifically before some contexts where
    a username with shell characters might be expanded by a %u directive in
    ssh_config.
    MIME-Version: 1.0
    Content-Type: text/plain; charset=UTF-8
    Content-Transfer-Encoding: 8bit
    
    We continue to recommend against using untrusted input on
    the SSH commandline. Mitigations like this are not 100%
    guarantees of safety because we can't control every
    combination of user shell and configuration where they are
    used.
    
    Reported by Florian Kohnhäuser
    
    OpenBSD-Commit-ID: 25ef72223f5ccf1c38d307ae77c23c03f59acc55
---
 ssh.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/ssh.c b/ssh.c
index 6339dc4b2..531f28eb2 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.629 2026/03/30 07:18:24 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.630 2026/04/02 07:50:55 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1135,8 +1135,15 @@ main(int ac, char **av)
 	if (!host)
 		usage();
 
+	/*
+	 * Validate commandline-specified values that end up in %tokens
+	 * before they are used in config parsing.
+	 */
+	if (options.user != NULL && !ssh_valid_ruser(options.user))
+		fatal("remote username contains invalid characters");
 	if (!ssh_valid_hostname(host))
 		fatal("hostname contains invalid characters");
+
 	options.host_arg = xstrdup(host);
 
 	/* Initialize the command to execute on remote host. */

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list