[PATCH] Fix segfault with restricted authorized_key files without forced command.

Mon Jun 22 17:28:55 AWST 2015

S $ sed -n '/ ssh-.*/{s///p; q}' ~/.ssh/authorized_keys
    no-port-forwarding
    S $ /usr/sbin/dropbear -r /tmp/dropbear.key -svEF -p 127.0.0.1:2222
    […]
    [6773] Jun 22 01:56:38 Port forwarding disabled.
    […]
    [6773] Jun 22 01:56:38 Port forwarding disabled.
    […]
    [6773] Jun 22 01:56:38 Pubkey auth succeeded for 'guilhem' with key …
    TRACE  (6773) 1434930998.973669: enter chansessionrequest
    TRACE  (6773) 1434930998.973688: type is shell
    TRACE  (6773) 1434930998.973712: enter sessioncommand
    Aiee, segfault! You should probably report this as a bug to the developer

    C $ ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -p 2222 localhost
    Warning: Permanently added '[localhost]:2222' (RSA) to the list of known hosts.
    Connection to localhost closed by remote host.
    Connection to localhost closed.
---
 svr-authpubkeyoptions.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/svr-authpubkeyoptions.c b/svr-authpubkeyoptions.c
index c296141..9bdf99d 100644
--- a/svr-authpubkeyoptions.c
+++ b/svr-authpubkeyoptions.c
@@ -91,7 +91,7 @@ int svr_pubkey_allows_pty() {
 /* Set chansession command to the one forced 
  * by any 'command' public key option. */
 void svr_pubkey_set_forced_command(struct ChanSess *chansess) {
-	if (ses.authstate.pubkey_options) {
+	if (ses.authstate.pubkey_options && ses.authstate.pubkey_options->forced_command) {
 		if (chansess->cmd) {
 			/* original_command takes ownership */
 			chansess->original_command = chansess->cmd;
-- 
2.1.4

