upstream commit

make "--" before the hostname terminate command-line
option processing completely; previous behaviour would not prevent further
options appearing after the hostname (ssh has a supported options after the
hostname for >20 years, so that's too late to change).

ok deraadt@

Upstream-ID: ef5ee50571b98ad94dcdf8282204e877ec88ad89

diff --git a/ssh.c b/ssh.c
index 6137fd7daf344b3ef38f36f1547ad5bc6c18e931..019d1d31cd4298f7ed538c73118bb0f8bf439161 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.461 2017/05/30 18:58:37 bluhm Exp $ */
+/* $OpenBSD: ssh.c,v 1.462 2017/08/12 06:46:01 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -509,13 +509,13 @@ int
 main(int ac, char **av)
 {
        struct ssh *ssh = NULL;
-       int i, r, opt, exit_status, use_syslog, direct, config_test = 0;
+       int i, r, opt, exit_status, use_syslog, direct, timeout_ms;
+       int config_test = 0, opt_terminated = 0;
        char *p, *cp, *line, *argv0, buf[PATH_MAX], *host_arg, *logfile;
        char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
        char cname[NI_MAXHOST], uidstr[32], *conn_hash_hex;
        struct stat st;
        struct passwd *pw;
-       int timeout_ms;
        extern int optind, optreset;
        extern char *optarg;
        struct Forward fwd;
@@ -917,6 +917,9 @@ main(int ac, char **av)
                }
        }
 
+       if (optind > 1 && strcmp(av[optind - 1], "--") == 0)
+               opt_terminated = 1;
+
        ac -= optind;
        av += optind;
 
@@ -931,7 +934,7 @@ main(int ac, char **av)
                        host = xstrdup(++cp);
                } else
                        host = xstrdup(*av);
-               if (ac > 1) {
+               if (ac > 1 && !opt_terminated) {
                        optind = optreset = 1;
                        goto again;
                }