From 555294a7279914ae6795b71bedf4e6011b7636df Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 6 Apr 2018 13:02:39 +0000 Subject: [PATCH] upstream: Allow "SendEnv -PATTERN" to clear environment variables previously labeled for sendind. bz#1285 ok dtucker@ OpenBSD-Commit-ID: f6fec9e3d0f366f15903094fbe1754cb359a0df9 --- readconf.c | 48 ++++++++++++++++++++++++++++++++++++++++++------ ssh_config.5 | 11 ++++++++--- 2 files changed, 50 insertions(+), 9 deletions(-) diff --git a/readconf.c b/readconf.c index ae1c31da0..5a1055bcb 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.285 2018/04/06 03:51:27 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.286 2018/04/06 13:02:39 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -684,6 +684,35 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, return result; } +/* Remove environment variable by pattern */ +static void +rm_env(Options *options, const char *arg, const char *filename, int linenum) +{ + int i, j; + char *cp; + + /* Remove an environment variable */ + for (i = 0; i < options->num_send_env; ) { + cp = xstrdup(options->send_env[i]); + if (!match_pattern(cp, arg + 1)) { + free(cp); + i++; + continue; + } + debug3("%s line %d: removing environment %s", + filename, linenum, cp); + free(cp); + free(options->send_env[i]); + options->send_env[i] = NULL; + for (j = i; j < options->num_send_env - 1; j++) { + options->send_env[j] = options->send_env[j + 1]; + options->send_env[j + 1] = NULL; + } + options->num_send_env--; + /* NB. don't increment i */ + } +} + /* * Returns the number of the token pointed to by cp or oBadOption. */ @@ -1359,11 +1388,18 @@ parse_keytypes: filename, linenum); if (!*activep) continue; - if (options->num_send_env >= MAX_SEND_ENV) - fatal("%s line %d: too many send env.", - filename, linenum); - options->send_env[options->num_send_env++] = - xstrdup(arg); + if (*arg == '-') { + /* Removing an env var */ + rm_env(options, arg, filename, linenum); + continue; + } else { + /* Adding an env var */ + if (options->num_send_env >= MAX_SEND_ENV) + fatal("%s line %d: too many send env.", + filename, linenum); + options->send_env[options->num_send_env++] = + xstrdup(arg); + } } break; diff --git a/ssh_config.5 b/ssh_config.5 index 75a21b595..0e3c4db2e 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.270 2018/04/05 22:54:28 djm Exp $ -.Dd $Mdocdate: April 5 2018 $ +.\" $OpenBSD: ssh_config.5,v 1.271 2018/04/06 13:02:39 djm Exp $ +.Dd $Mdocdate: April 6 2018 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1394,11 +1394,16 @@ Multiple environment variables may be separated by whitespace or spread across multiple .Cm SendEnv directives. -The default is not to send any environment variables. .Pp See .Sx PATTERNS for more information on patterns. +.Pp +It is possible to clear previously-set +.Cm SendEnv +variable names by prefixing patterns with +.Pa - . +The default is not to send any environment variables. .It Cm ServerAliveCountMax Sets the number of server alive messages (see below) which may be sent without