[PATCH] Fixes null pointer dereference in do_setup_env().
Damien Miller
djm at mindrot.org
Sat Nov 28 14:30:29 AEDT 2020
On Sat, 28 Nov 2020, Jubin Zhong wrote:
> There is a wrong usage of strchr() in openssh. strchr() shall return a
> null pointer if the char was not found. Check whether return value is
> NULL instead of dereferencing it.
Applied - thanks. In this case, cp==NULL should not be possible as the
auth_opts->env entries are guaranteed to contain '=' by auth-options.c
-d
More information about the openssh-unix-dev
mailing list