ProxyJump may construct erroneous ProxyCommand
Rob Leslie
rob at mars.org
Fri Mar 8 23:43:06 AEDT 2024
> On Jan 14, 2024, at 8:35 PM, Rob Leslie <rob at mars.org> wrote:
>
>> On Jan 14, 2024, at 2:14 PM, Damien Miller <djm at mindrot.org> wrote:
>>
>> We could do something like this:
>>
>>
>> diff --git a/ssh.c b/ssh.c
>> index 48d93ddf2..7cd498f84 100644
>> --- a/ssh.c
>> +++ b/ssh.c
>> @@ -1313,7 +1313,7 @@ main(int ac, char **av)
>> * Try to use SSH indicated by argv[0], but fall back to
>> * "ssh" if it appears unavailable.
>> */
>> - if (strchr(argv0, '/') != NULL && access(argv0, X_OK) != 0)
>> + if (access(argv0, X_OK) != 0)
>> sshbin = "ssh";
>>
>> /* Consistency check */
>
>
> I was thinking perhaps something like this:
>
>
> diff --git a/ssh.c b/ssh.c
> index 0019281f4..4c80e0df6 100644
> --- a/ssh.c
> +++ b/ssh.c
> @@ -1313,7 +1313,9 @@ main(int ac, char **av)
> * Try to use SSH indicated by argv[0], but fall back to
> * "ssh" if it appears unavailable.
> */
> - if (strchr(argv0, '/') != NULL && access(argv0, X_OK) != 0)
> + if (*sshbin == '-')
> + ++sshbin;
> + if (strchr(sshbin, '/') != NULL && access(sshbin, X_OK) != 0)
> sshbin = "ssh";
> /* Consistency check */
Was there no love for this in OpenSSH 9.7?
--
Rob Leslie
rob at mars.org
More information about the openssh-unix-dev
mailing list