changeset 1599:e37f98ea4f24

fix leak in option handling
author Matt Johnston <matt@ucc.asn.au>
date Wed, 07 Mar 2018 22:14:36 +0800
parents 252b406d0e9a
children dc7c9fdb3716
files svr-authpubkeyoptions.c
diffstat 1 files changed, 6 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/svr-authpubkeyoptions.c	Tue Mar 06 22:18:20 2018 +0800
+++ b/svr-authpubkeyoptions.c	Wed Mar 07 22:14:36 2018 +0800
@@ -168,6 +168,12 @@
 		if (match_option(options_buf, "command=\"") == DROPBEAR_SUCCESS) {
 			int escaped = 0;
 			const unsigned char* command_start = buf_getptr(options_buf, 0);
+
+			if (ses.authstate.pubkey_options->forced_command) {
+				/* multiple command= options */
+				goto bad_option;
+			}
+
 			while (options_buf->pos < options_buf->len) {
 				const char c = buf_getbyte(options_buf);
 				if (!escaped && c == '"') {