diff options
Diffstat (limited to 'security/openssh-portable/files/patch-session.c')
| -rw-r--r-- | security/openssh-portable/files/patch-session.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/security/openssh-portable/files/patch-session.c b/security/openssh-portable/files/patch-session.c index 84c78b3f9526..b0b9e08008f8 100644 --- a/security/openssh-portable/files/patch-session.c +++ b/security/openssh-portable/files/patch-session.c @@ -13,18 +13,18 @@ to the child process. Reviewed by: ache Sponsored by: DARPA, NAI Labs ---- session.c.orig 2020-09-27 00:25:01.000000000 -0700 -+++ session.c 2020-11-19 14:41:50.745308000 -0800 -@@ -946,7 +946,7 @@ read_etc_default_login(char ***env, u_int *envsize, ui +--- session.c.orig 2021-04-15 20:55:25.000000000 -0700 ++++ session.c 2021-04-27 13:11:13.515917000 -0700 +@@ -942,7 +942,7 @@ read_etc_default_login(char ***env, u_int *envsize, ui } #endif /* HAVE_ETC_DEFAULT_LOGIN */ -#if defined(USE_PAM) || defined(HAVE_CYGWIN) +#if defined(USE_PAM) || defined(HAVE_CYGWIN) || defined(HAVE_LOGIN_CAP) static void - copy_environment_blacklist(char **source, char ***env, u_int *envsize, - const char *blacklist) -@@ -1056,7 +1056,8 @@ do_setup_env(struct ssh *ssh, Session *s, const char * + copy_environment_denylist(char **source, char ***env, u_int *envsize, + const char *denylist) +@@ -1052,7 +1052,8 @@ do_setup_env(struct ssh *ssh, Session *s, const char * # endif /* HAVE_CYGWIN */ #endif /* HAVE_LOGIN_CAP */ @@ -34,7 +34,7 @@ Sponsored by: DARPA, NAI Labs snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); child_set_env(&env, &envsize, "MAIL", buf); -@@ -1067,6 +1068,23 @@ do_setup_env(struct ssh *ssh, Session *s, const char * +@@ -1063,6 +1064,23 @@ do_setup_env(struct ssh *ssh, Session *s, const char * if (getenv("TZ")) child_set_env(&env, &envsize, "TZ", getenv("TZ")); @@ -48,7 +48,7 @@ Sponsored by: DARPA, NAI Labs + environ = xmalloc(sizeof(char *)); + *environ = NULL; + (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETENV); -+ copy_environment_blacklist(environ, &env, &envsize, NULL); ++ copy_environment_denylist(environ, &env, &envsize, NULL); + for (var = environ; *var != NULL; ++var) + free(*var); + free(environ); @@ -58,7 +58,7 @@ Sponsored by: DARPA, NAI Labs if (s->term) child_set_env(&env, &envsize, "TERM", s->term); if (s->display) -@@ -1285,7 +1303,7 @@ do_nologin(struct passwd *pw) +@@ -1281,7 +1299,7 @@ do_nologin(struct passwd *pw) #ifdef HAVE_LOGIN_CAP if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0) return; @@ -67,7 +67,7 @@ Sponsored by: DARPA, NAI Labs #else if (pw->pw_uid == 0) return; -@@ -1373,7 +1391,7 @@ do_setusercontext(struct passwd *pw) +@@ -1365,7 +1383,7 @@ do_setusercontext(struct passwd *pw) if (platform_privileged_uidswap()) { #ifdef HAVE_LOGIN_CAP if (setusercontext(lc, pw, pw->pw_uid, |