From: djm@openbsd.org Date: Fri, 19 Dec 2025 00:48:04 +0000 (+0000) Subject: upstream: detect invalid sshd_config Subsystem directives inside X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4e0f2dee54d210dc44f72f73e703c6dc5348a406;p=thirdparty%2Fopenssh-portable.git upstream: detect invalid sshd_config Subsystem directives inside Match blocks at startup rather than failing later at runtime; noticed via bz#3906; ok dtucker OpenBSD-Commit-ID: e6035ff0baa375de6c9f22c883ed530a8649dfed --- diff --git a/servconf.c b/servconf.c index 1b8cfa4b6..57a14294c 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.440 2025/12/16 08:32:50 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.441 2025/12/19 00:48:04 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1958,8 +1958,8 @@ process_server_config_line_depth(ServerOptions *options, char *line, break; case sSubsystem: - arg = argv_next(&ac, &av); - if (!arg || *arg == '\0') + if ((arg = argv_next(&ac, &av)) == NULL || *arg == '\0' || + ((arg2 = argv_next(&ac, &av)) == NULL || *arg == '\0')) fatal("%s line %d: %s missing argument.", filename, linenum, keyword); if (!*activep) { @@ -1992,15 +1992,10 @@ process_server_config_line_depth(ServerOptions *options, char *line, options->num_subsystems + 1, sizeof(*options->subsystem_args)); options->subsystem_name[options->num_subsystems] = xstrdup(arg); - arg = argv_next(&ac, &av); - if (!arg || *arg == '\0') { - fatal("%s line %d: Missing subsystem command.", - filename, linenum); - } options->subsystem_command[options->num_subsystems] = - xstrdup(arg); + xstrdup(arg2); /* Collect arguments (separate to executable) */ - arg = argv_assemble(1, &arg); /* quote command correctly */ + arg = argv_assemble(1, &arg2); /* quote command correctly */ arg2 = argv_assemble(ac, av); /* rest of command */ xasprintf(&options->subsystem_args[options->num_subsystems], "%s%s%s", arg, *arg2 == '\0' ? "" : " ", arg2);