- dtucker@cvs.openbsd.org 2006/07/11 10:12:07

[ssh.c]
     Only copy the part of environment variable that we actually use.  Prevents
     ssh bailing when SendEnv is used and an environment variable with a really
     long value exists.  ok djm@

ChangeLog

@@ -18,6 +18,11 @@
      [readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c
      auth.c packet.c log.c]
      move #include <stdarg.h> out of includes.h; ok markus@
+   - dtucker@cvs.openbsd.org 2006/07/11 10:12:07
+     [ssh.c]
+     Only copy the part of environment variable that we actually use.  Prevents
+     ssh bailing when SendEnv is used and an environment variable with a really
+     long value exists.  ok djm@
 
 20060711
  - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c
@@ -4867,4 +4872,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4394 2006/07/12 12:15:16 dtucker Exp $
+$Id: ChangeLog,v 1.4395 2006/07/12 12:16:23 dtucker Exp $

ssh.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.281 2006/07/09 15:15:11 stevesk Exp $ */
+/* $OpenBSD: ssh.c,v 1.282 2006/07/11 10:12:07 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1262,15 +1262,14 @@ control_client_sigrelay(int signo)
 static int
 env_permitted(char *env)
 {
-	int i;
+	int i, ret;
 	char name[1024], *cp;
 
-	if (strlcpy(name, env, sizeof(name)) >= sizeof(name))
-		fatal("env_permitted: name too long");
-	if ((cp = strchr(name, '=')) == NULL)
+	if ((cp = strchr(env, '=')) == NULL || cp == env)
 		return (0);
-
-	*cp = '\0';
+	ret = snprintf(name, sizeof(name), "%.*s", (cp - env), env);
+	if (ret <= 0 || (size_t)ret >= sizeof(name))
+		fatal("env_permitted: name '%.100s...' too long", env);
 
 	for (i = 0; i < options.num_send_env; i++)
 		if (match_pattern(name, options.send_env[i]))