diff options
author | Damien Miller <djm@mindrot.org> | 2006-01-31 21:49:27 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2006-01-31 21:49:27 +1100 |
commit | 3eec6b73a2c446225fce546d61d83cfc695fbaa0 (patch) | |
tree | 425fe13ba7b751c6d9878eb592e2d6a014a468bd /sftp.c | |
parent | b5dd55cccc7096d3db59378bba44920183f34110 (diff) | |
download | openssh-git-3eec6b73a2c446225fce546d61d83cfc695fbaa0.tar.gz |
- djm@cvs.openbsd.org 2006/01/31 10:19:02
[misc.c misc.h scp.c sftp.c]
fix local arbitrary command execution vulnerability on local/local and
remote/remote copies (CVE-2006-0225, bz #1094), patch by
t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
Diffstat (limited to 'sftp.c')
-rw-r--r-- | sftp.c | 8 |
1 files changed, 5 insertions, 3 deletions
@@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.69 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.70 2006/01/31 10:19:02 djm Exp $"); #ifdef USE_LIBEDIT #include <histedit.h> @@ -1453,8 +1453,9 @@ main(int argc, char **argv) sanitise_stdfd(); __progname = ssh_get_progname(argv[0]); + memset(&args, '\0', sizeof(args)); args.list = NULL; - addargs(&args, "ssh"); /* overwritten with ssh_program */ + addargs(&args, ssh_program); addargs(&args, "-oForwardX11 no"); addargs(&args, "-oForwardAgent no"); addargs(&args, "-oPermitLocalCommand no"); @@ -1489,6 +1490,7 @@ main(int argc, char **argv) break; case 'S': ssh_program = optarg; + replacearg(&args, 0, "%s", ssh_program); break; case 'b': if (batchmode) @@ -1565,7 +1567,6 @@ main(int argc, char **argv) addargs(&args, "%s", host); addargs(&args, "%s", (sftp_server != NULL ? sftp_server : "sftp")); - args.list[0] = ssh_program; if (!batchmode) fprintf(stderr, "Connecting to %s...\n", host); @@ -1578,6 +1579,7 @@ main(int argc, char **argv) fprintf(stderr, "Attaching to %s...\n", sftp_direct); connect_to_server(sftp_direct, args.list, &in, &out); } + freeargs(&args); err = interactive_loop(in, out, file1, file2); |