[PATCH] Fixes null pointer dereference in do_setup_env().

Jubin Zhong zhongjubin at huawei.com
Sat Nov 28 13:05:00 AEDT 2020


There is a wrong usage of strchr() in openssh. strchr() shall return a
null pointer if the char was not found. Check whether return value is
NULL instead of dereferencing it.

Signed-off-by: Jubin Zhong <zhongjubin at huawei.com>
---
 session.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/session.c b/session.c
index b25cbca..9e9d5fe 100644
--- a/session.c
+++ b/session.c
@@ -1105,7 +1105,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
 		for (n = 0 ; n < auth_opts->nenv; n++) {
 			ocp = xstrdup(auth_opts->env[n]);
 			cp = strchr(ocp, '=');
-			if (*cp == '=') {
+			if (cp != NULL) {
 				*cp = '\0';
 				/* Apply PermitUserEnvironment allowlist */
 				if (options.permit_user_env_allowlist == NULL ||
-- 
1.8.5.6



More information about the openssh-unix-dev mailing list