From: djm@openbsd.org <djm@openbsd.org>
Date: Fri, 3 Jul 2020 07:02:37 +0000 (+0000)
Subject: upstream: avoid tilde_expand_filename() in expanding ~/.ssh/rc - if
X-Git-Tag: V_8_4_P1~88
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=20b5fab9f773b3d3c7f06cb15b8f69a2c081ee80;p=thirdparty%2Fopenssh-portable.git

upstream: avoid tilde_expand_filename() in expanding ~/.ssh/rc - if

sshd is in chroot mode, the likely absence of a password database will cause
tilde_expand_filename() to fatal; ok dtucker@

OpenBSD-Commit-ID: e20aee6159e8b79190d18dba1513fc1b7c8b7ee1
---

diff --git a/session.c b/session.c
index a37eb4ae2..84d3286c4 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.321 2020/07/03 06:46:41 djm Exp $ */
+/* $OpenBSD: session.c,v 1.322 2020/07/03 07:02:37 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1212,7 +1212,7 @@ do_rc_files(struct ssh *ssh, Session *s, const char *shell)
 
 	do_xauth =
 	    s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
-	user_rc = tilde_expand_filename("~/" _PATH_SSH_USER_RC, getuid());
+	xasprintf(&user_rc, "%s/%s", s->pw->pw_dir, _PATH_SSH_USER_RC);
 
 	/* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
 	if (!s->is_subsystem && options.adm_forced_command == NULL &&