[PATCH] Fix segfault with restricted authorized_key files without forced command.
Guilhem Moulin
guilhem at fripost.org
Mon Jun 22 17:28:55 AWST 2015
S $ sed -n '/ ssh-.*/{s///p; q}' ~/.ssh/authorized_keys
no-port-forwarding
S $ /usr/sbin/dropbear -r /tmp/dropbear.key -svEF -p 127.0.0.1:2222
[…]
[6773] Jun 22 01:56:38 Port forwarding disabled.
[…]
[6773] Jun 22 01:56:38 Port forwarding disabled.
[…]
[6773] Jun 22 01:56:38 Pubkey auth succeeded for 'guilhem' with key …
TRACE (6773) 1434930998.973669: enter chansessionrequest
TRACE (6773) 1434930998.973688: type is shell
TRACE (6773) 1434930998.973712: enter sessioncommand
Aiee, segfault! You should probably report this as a bug to the developer
C $ ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -p 2222 localhost
Warning: Permanently added '[localhost]:2222' (RSA) to the list of known hosts.
Connection to localhost closed by remote host.
Connection to localhost closed.
---
svr-authpubkeyoptions.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/svr-authpubkeyoptions.c b/svr-authpubkeyoptions.c
index c296141..9bdf99d 100644
--- a/svr-authpubkeyoptions.c
+++ b/svr-authpubkeyoptions.c
@@ -91,7 +91,7 @@ int svr_pubkey_allows_pty() {
/* Set chansession command to the one forced
* by any 'command' public key option. */
void svr_pubkey_set_forced_command(struct ChanSess *chansess) {
- if (ses.authstate.pubkey_options) {
+ if (ses.authstate.pubkey_options && ses.authstate.pubkey_options->forced_command) {
if (chansess->cmd) {
/* original_command takes ownership */
chansess->original_command = chansess->cmd;
--
2.1.4
More information about the Dropbear
mailing list