ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-03-03 02:31:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- Fix use-after-free if multiple command requests were sent. Move

Browse Source 
the original_command into chansess struct since that makes more sense
This commit is contained in:
Matt Johnston 2011-12-04 05:31:25 +08:00
parent 52a466b8af
commit aec23e5f79
4 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
auth.h
View File

@ -133,7 +133,6 @@ struct PubKeyOptions {
int no_pty_flag;
/* "command=" option. */
unsigned char * forced_command;
unsigned char * original_command;
};
#endif

4
chansession.h
View File

@ -69,6 +69,10 @@ struct ChanSess {
char * agentfile;
char * agentdir;
#endif
#ifdef ENABLE_SVR_PUBKEY_OPTIONS
char *original_command;
#endif
};
struct ChildPid {

13
svr-authpubkeyoptions.c
View File

@ -92,14 +92,15 @@ int svr_pubkey_allows_pty() {
* by any 'command' public key option. */
void svr_pubkey_set_forced_command(struct ChanSess *chansess) {
if (ses.authstate.pubkey_options) {
ses.authstate.pubkey_options->original_command = chansess->cmd;
if (!chansess->cmd)
{
ses.authstate.pubkey_options->original_command = m_strdup("");
if (chansess->cmd) {
/* original_command takes ownership */
chansess->original_command = chansess->cmd;
} else {
chansess->original_command = m_strdup("");
}
chansess->cmd = ses.authstate.pubkey_options->forced_command;
chansess->cmd = m_strdup(ses.authstate.pubkey_options->forced_command);
#ifdef LOG_COMMANDS
dropbear_log(LOG_INFO, "Command forced to '%s'", ses.authstate.pubkey_options->original_command);
dropbear_log(LOG_INFO, "Command forced to '%s'", chansess->original_command);
#endif
}
}

12
svr-chansession.c
View File

@ -217,6 +217,8 @@ static int newchansess(struct Channel *channel) {
struct ChanSess *chansess;
TRACE(("new chansess %p", channel))
dropbear_assert(channel->typedata == NULL);
chansess = (struct ChanSess*)m_malloc(sizeof(struct ChanSess));
@ -279,6 +281,10 @@ static void closechansess(struct Channel *channel) {
m_free(chansess->cmd);
m_free(chansess->term);
#ifdef ENABLE_SVR_PUBKEY_OPTIONS
m_free(chansess->original_command);
#endif
if (chansess->tty) {
/* write the utmp/wtmp login record */
li = chansess_login_alloc(chansess);
@ -924,10 +930,8 @@ static void execchild(void *user_data) {
}
#ifdef ENABLE_SVR_PUBKEY_OPTIONS
if (ses.authstate.pubkey_options &&
ses.authstate.pubkey_options->original_command) {
addnewvar("SSH_ORIGINAL_COMMAND",
ses.authstate.pubkey_options->original_command);
if (chansess->original_command) {
addnewvar("SSH_ORIGINAL_COMMAND", chansess->original_command);
}
#endif