[PATCH] Fixes null pointer dereference in do_setup_env().

Damien Miller djm at mindrot.org
Sat Nov 28 14:30:29 AEDT 2020


On Sat, 28 Nov 2020, Jubin Zhong wrote:

> There is a wrong usage of strchr() in openssh. strchr() shall return a
> null pointer if the char was not found. Check whether return value is
> NULL instead of dereferencing it.

Applied - thanks. In this case, cp==NULL should not be possible as the
auth_opts->env entries are guaranteed to contain '=' by auth-options.c

-d


More information about the openssh-unix-dev mailing list