[Bug 3328] New: Issue with ForwardAgent value specified as an environment variable

Sat Jun 26 02:48:51 AEST 2021

https://bugzilla.mindrot.org/show_bug.cgi?id=3328

            Bug ID: 3328
           Summary: Issue with ForwardAgent value specified as an
                    environment variable
           Product: Portable OpenSSH
           Version: 8.6p1
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: goetze at dovetail.com

Created attachment 3530
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3530&action=edit
xstrdup() added for ForwardAgent env var

Beginning with OpenSSH 8.2, the ssh_config ForwardAgent option can
accept "an explicit path to an agent socket or the name of an
environment variable (beginning with ‘$’) in which to find the path."

If an environment variable name is supplied, ssh.c uses getenv() to
capture the value, but fails to make a copy.  This is problematic on
systems where subsequent calls to getenv() clobber the last returned
value.

This problem exists as of OpenSSH release 8.6.

I've attached a proposed patch, based on the OpenSSH 8.6p1 ssh.c source
file.

On a related note, I don't understand why the $ENV_VAR_NAME (without
braces) syntax is supported for this option.  There is also support for
supplying the environment variable name via the ${ENV_VAR_NAME} (with
braces) syntax (see the code beginning at line 1415 in ssh.c).  

Is the non-brace syntax a legacy format that needs to be preserved?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.