Mercurial > dropbear
comparison svr-authpubkeyoptions.c @ 654:818108bf7749
- Fix use-after-free if multiple command requests were sent. Move
the original_command into chansess struct since that makes more sense
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 04 Dec 2011 05:31:25 +0800 |
| parents | a98a2138364a |
| children | 405418f7dc5e |
comparison
equal
deleted
inserted
replaced
| 653:5e8d84f3ee72 | 654:818108bf7749 |
|---|---|
| 90 | 90 |
| 91 /* Set chansession command to the one forced | 91 /* Set chansession command to the one forced |
| 92 * by any 'command' public key option. */ | 92 * by any 'command' public key option. */ |
| 93 void svr_pubkey_set_forced_command(struct ChanSess *chansess) { | 93 void svr_pubkey_set_forced_command(struct ChanSess *chansess) { |
| 94 if (ses.authstate.pubkey_options) { | 94 if (ses.authstate.pubkey_options) { |
| 95 ses.authstate.pubkey_options->original_command = chansess->cmd; | 95 if (chansess->cmd) { |
| 96 if (!chansess->cmd) | 96 /* original_command takes ownership */ |
| 97 { | 97 chansess->original_command = chansess->cmd; |
| 98 ses.authstate.pubkey_options->original_command = m_strdup(""); | 98 } else { |
| 99 } | 99 chansess->original_command = m_strdup(""); |
| 100 chansess->cmd = ses.authstate.pubkey_options->forced_command; | 100 } |
| 101 chansess->cmd = m_strdup(ses.authstate.pubkey_options->forced_command); | |
| 101 #ifdef LOG_COMMANDS | 102 #ifdef LOG_COMMANDS |
| 102 dropbear_log(LOG_INFO, "Command forced to '%s'", ses.authstate.pubkey_options->original_command); | 103 dropbear_log(LOG_INFO, "Command forced to '%s'", chansess->original_command); |
| 103 #endif | 104 #endif |
| 104 } | 105 } |
| 105 } | 106 } |
| 106 | 107 |
| 107 /* Free potential public key options */ | 108 /* Free potential public key options */ |